<div style="margin:20px 0 0 200px"> To view the site, enable JavaScript by changing your browser options, then <a href="">Try Again</a>.</div>
  1. You are here:
  2. Home
  3. Knowledge
  4. Breaking News
  5. Risk To Microsoft Users - 58 Security Vulnerabilities Found
15 Dec, 2020
Risk To Microsoft Users - 58 Security Vulnerabilities Found

Microsoft is always concerned about the security of its users. The company timely releases the Tuesday patches to keep their system strong and flawless. Likewise, Microsoft releases fixes for 58 new security vulnerabilities for 11 of its products and services.

The products and services include Microsoft Windows, Edge Browser, MS Office, Exchange Server, ChakraCore, Azure DevOps, Azure SDK, Azure Sphere, Visual Studio, and Microsoft Dynamics.

So, what are these vulnerabilities, and how risky are they?

As explained by Microsoft, the severities of the 58 flaws are described as below:

  • 9 critical
  • 46 important
  • 3 moderate

Luckily, none of the vulnerabilities were known publicly or exposed to the black hat hackers as no exploitation was found.

The December fixes concern several Remote Code Execution (RCE):

  • Microsoft Exchange (CVE-2020-17132)
  • SharePoint (CVE-2020-17118 and CVE-2020-17121)
  • Excel (CVE-2020-17123)
  • Hyper-V virtualization software (CVE-2020-17095)
  • Kerberos (CVE-2020-16996)
  • Windows backup engine
  • Windows Cloud Files Mini Filter Driver

Among the above-mentioned issues, Hyper-V virtualization software (CVE-2020-17095) carries the highest risk of 8.5 (CVSS score).

Microsoft stated:

"To exploit this vulnerability, an attacker could run a specially crafted application on a Hyper-V guest that could cause the Hyper-V host operating system to execute arbitrary code when it fails to properly validate vSMB packet data,"

To minimize the risk, Microsoft recommends updating the UDP packet size to 1221 bytes.

An official statement says, "For responses larger than 4C5 or 1221, the DNS resolver would now switch to TCP,"

Besides, Windows users are strongly advised to implement the latest released patches to resolve the issues.

Don't wait, go, and update your system!

Found this helpful?

Stay in touch with ISOEH (Indian School of Ethical Hacking) for cyber security updates. We help individuals and groups with various cyber security courses and training.

We have been serving in the cyber community for 15 years!

Read Other Breaking News

Read All Breaking News »
Google Project Zero Has Identified a Windows Bug
Google Project Zero Has Identified a Windows Bug
Read Details »
Apple Security Update - 3 New Vulnerabilities Found!
Apple Security Update - 3 New Vulnerabilities Found!
Read Details »
Microsoft - 2 Serious Windows Vulnerabilities Found!
Microsoft - 2 Serious Windows Vulnerabilities Found!
Read Details »
Microsoft Alerts Users About The New Android Ransomware
Microsoft Alerts Users About The New Android Ransomware
Read Details »
New Bugs Reported In Apple Software
New Bugs Reported In Apple Software
Read Details »
Why Microsoft new security update is important for you - Windows 8.1, Window RT 8.1, and Server 2012 R2
Why Microsoft new security update is important for you - Windows 8.1, Window RT 8.1, and Server 2012 R2
Read Details »
CWT Travel Giant Pays $4.5 Million Ransom to Cyber
CWT Travel Giant Pays $4.5 Million Ransom to Cyber
Read Details »
>
<

Exclusive Blog

Read All Exclusive Blog »
A few tips for the perfect homework
A few tips for the perfect homework

With world working from home, it's time to make it enjoyable and effective.

Read Details

Hacking Tools

Explore All Hacking Tools »
UFTP - UDP based FTP with encryption
UDP based FTP with encryption

UFTP is an encrypted multicast file transfer program for secure, reliable & efficient transfer of files. It also helps in data distribution over a satellite link.

Read Details