August 9, 2020

1250 words 6 mins read

Patch Tuesday: Microsoft addresses Windows zero-day vulnerability and 111 others

Patch Tuesday: Microsoft addresses Windows zero-day vulnerability and 111 others

Patches include one for a zero-day flaw disclosed by Google’s researchers last month

       Microsoft on Tuesday released its monthly roll-up of security patches, addressing a total of 112 vulnerabilities across a suite of products/platforms.

Of the 112 security flaws fixed this month, 17 are listed as ‘critical’, 93 are ‘important’, while two are ‘low’ in severity. This month’s security up

date also includes a patch for a Windows zero-day bug which was disclosed by Google’s researchers last month, with the claim that it was actively being exploited by cyber actors. The bug, tracked as CVE-2020-17087, affects Windows Server, Windows 10/RT/8.1/7 and arises due to overflow issue in a Windows component that is used for cryptographic functions. Google researchers said that hackers were exploiting the bug in combination with a Chrome bug (CVE-2020-15999) to target Windows systems. Attackers exploited the Chrome vulnerability to execute malicious code inside Chrome and used CVE-2020-17087 to escape the Chrome security sandbox and to elevate the code’s privileges to attack the OS. Google fixed CVE-2020-15999 in Chrome’s latest version (86.0.4240.111) which was released last month. Microsoft rated CVE-2020-17087 as important in severity, likely because a cyber actor would need to have physical access to a vulnerable system in order to exploit the bug. “Chaining vulnerabilities is an important tactic for threat actors,” said Satnam Narang, staff research engineer at Tenable. “While both CVE-2020-15999 and CVE-2020-17087 were exploited in the wild as zero-days, the Cybersecurity and Infrastructure Security Agency (CISA) published a joint advisory with the FBI last month that highlighted threat actors chaining unpatched vulnerabilities to gain initial access into a target environment and elevate privileges. Even though Google and Microsoft have now patched these flaws, it is imperative for organisations to ensure they’ve applied these patches before threat actors begin to leverage them more broadly.” Another newsworthy fix from Microsoft this month is for the CVE-2020-17051, a remote code execution (RCE) bug existing in Windows' Network File System (NFS). This bug is specifically worrying because Windows NFS lets users to access files across a network and treat them as if they exist in a local file directory. Experts fear that attacker can take advantage of this functionality to gain access to critical systems for a long time. Another notable patch is for CVE-2020-17084, a flaw impacting Exchange Server that could lead to remote code execution. CVE-2020-17040 is a bypass vulnerability in Windows Hyper-V that could enable an attacker to carry out an attack without authentication or interaction with a user. Other Microsoft products that have received security patches this month include Microsoft Windows, Microsoft Windows Codecs Library, Office and Office Services and Web Apps, Edge (EdgeHTML-based and Chromium-based), Internet Explorer (IE), ChakraCore, Microsoft Dynamics, Windows Defender, Microsoft Teams, Visual Studio, Azure SDK and Azure DevOps.

Author: devz123@gmail.com(Dev Kundaliya)

Date: 2020-11-11

URL: https://www.computing.co.uk/news/4023093/patch-tuesday-microsoft-addresses-windows-zero-day-vulnerability-111

computing.co.uk
Fraudsters are targeting Christmas shoppers (2020-11-16) More people are at risk of being cheated this year according to UK Finance UK Finance the association representing trade and finance institutions in the UK is warning consumers of a spike in online scams targeting people looking for attractive deals on Christmas gifts More people are at risk of being cheated this year says the trade body as non-essential shops remain closed until early December an..
DeepMind open-sources Lab2D to support creation of 2D environments for AI and machine learning (2020-11-17) The system aims to help researchers understand the influence of environments in multi-agent reinforcement learning Alphabet subsidiary DeepMind announced on Monday that it has open-sourced Lab2D a scalable environment simulator for artificial intelligence AI research that facilitates researcher-led experimentation with environment design DeepMind describes Lab2D as a system designed to support cre..
Trump fires CISA head Chris Krebs for rejecting claims about voter fraud (2020-11-18) The move was widely expected following a CISA announcement last week denouncing Trumps claims about electoral fraud Donald Trump has fired the director of the Cybersecurity and Infrastructure Security Agency CISA Chris Krebs who had previously publicly contradicted the outgoing Presidents claims of widespread voter fraud during 2020 election Trump said on Twitter that he was terminating Krebs effe..
Passion is the secret to founding a business (2020-12-02) Panelists talked about passion families and compensation Founding your own company is an exciting exhilarating but also frightening prospect There is no safety net: you do or you die Its not enough to work in an area youre just interested in: there has to be real passion That was the agreement of panelists in the Lets get started panel on day two of the Women in Tech Festival Global There are goin..
Credential-related attacks lead to the biggest financial losses, says report (2020-11-10) Extreme loss events could cost victims 100 times their annual revenue or more says the Cyentia Institute Cyber attacks resulting from stolen credentials are more common and more financially damaging for organisations than any other type of cyber incident according to new research The Cyentia Institutes IRIS Xtreme report pdf reviewed 103 large cyber-loss events from the last five years and found t..
The benefits of adding cloud telephony to Microsoft Teams (2020-11-19) Two-thirds of organisations expect remote work to continue in the long-term - how can you prepare? Remote working has been on the rise for some time but the COVID-19 pandemic has accelerated this trend A recent survey conducted by 451 Research found that 67% of organisations expect remote working policies to remain in place either permanently or for the long-term Many large international companies..
Sprawl and silos: how Fivetran is using automation to extract value from data (2020-10-26) Integrating data into workflows is a prevalent challenge - is automation the way to solve it? Integration is one of the most prevalent challenges facing organisation today: having data spread across multiple apps environments and even cloud providers makes it difficult to extract value Plenty of companies are attempting to solve this problem but most are held back by the need to manually add each ..
AI and Machine Learning Awards - and the winners are… (2020-10-29) Artificial intelligence might not be a brand new concept but its use in enterprise IT is certainly growing at start-up rates Every vendor seemingly has an AI-based tool or is using machine learning to solve common problems The challenge is how to sort fact from fiction - or to put it more charitably find the absolute best of the best We launched the AI Machine Learning Awards last year to solve ex..
Berners-Lee’s Inrupt releases first commercial offering, the privacy-preserving Enterprise Solid Server (2020-11-09) ESS offers a route to inclusive capitalism says CEO John Bruce Inrupt the company set up two years ago by Tim Berners-Lee and entrepreneur John Bruce to further the redecentralisation of the web released its first commercial product today an enterprise open source version of Solid Server ESS Solid is a set of open protocols that allow individuals to control their own data be that browsing habits m..
Lockdown II: With morale flagging and cabin fever setting in, can our IT heroes rise to the occasion one more time? (2020-11-19) Lockdown II: With morale flagging and cabin fever setting in can our IT heroes rise to the occasion one more time? In the world of movies follow-ups rarely match the quality of original After all if you are going to rehash a film its likely to have already caught the public imagination in one way or another and that magic can be hard to reproduce So what tends to happen is the sequel has more gore..
azure google security microsoft network
Augmented Reality Must Have Augmented Privacy

Augmented Reality Must Have Augmented Privacy

June 19, 2020

Imagine walking down the street, looking for a good cup of coffee. In the distance, a storefront glows in green through your smart glasses, indicating a well-reviewed cafe with a sterling public health score. You follow the holographic arrows to the crosswalk, as your wearables silently signal the self-driving cars to be sure they stop for your right of way. In the crowd ahead you recognize someon
What is cloud security?

What is cloud security?

June 16, 2020

The pace of digital transformation drastically increased in 2020 due to the onset of the pandemic. Remote working, social distancing, and the need for business continuity saw factories, offices, and even restaurants and coffee shops tapping into cloud computing. Taking our lives and our information even further online. With even more data being generated, processed, and stored, particularly by bus
What is digital transformation?

What is digital transformation?

June 16, 2020

‘Digital transformation’ is one of those phrases you may dismiss as business jargon, but it’s so much more than that. It can play a crucial role in evolving and growing your business. Most organisations will have gone through some sort of digital transformation in their lifetime. The right technology is often key to staying competitive, and during this challenging and uncertain year, adding digit
IBM grows automation data features for hybrid cloud control

IBM grows automation data features for hybrid cloud control

August 6, 2020

IBM continued enhancing its core Cloud Pak hybrid cloud software offerings, this week bolstering automation and data features that will let customers simplify everything from software provisioning and patching, to data discovery and document processing.IBM Cloud Paks are bundles of Red Hat’s Kubernetes-based OpenShift Container Platform along with Red Hat Linux and a variety of connecting technolo
Deep as chips: the new microprocessors powering AI

Deep as chips: the new microprocessors powering AI

August 4, 2020

The growing use of artificial intelligence (AI) is upscaling many standard types of IT workload as well as powering new services driven by advanced algorithmic data processing and machine learning techniques. Developers of AI systems, however, have been somewhat constrained by the limitations of standard microprocessors. Pioneering AI applications needed supercomputer-class compute resources in or
Top metrics for effective multicloud management

Top metrics for effective multicloud management

August 1, 2020

When it comes to effectively managing a multicloud environment, there are a ton of network and application metrics that enterprise customers should be watching.Among enterprises, the trend is toward multicloud environments, which can include workloads running on-premises and in public clouds run by multiple cloud providers such as AWS, Microsoft Azure, IBM/Red Hat, Google Cloud Platform and others
Xbox Series S review: The next-gen starter pack

Xbox Series S review: The next-gen starter pack

July 10, 2020

The Xbox Series S is, hands-down, the cutest console of the next generation. It’s also the least powerful. The Series S can hit resolutions above 1080p, but it doesn’t support 4K gaming and it has significantly less storage than the Xbox Series X or PlayStation 5. And, of course, it doesn’t have a disc drive.That said, the Series S is a formidable next-gen console that happens to be wrapped up in
NGO Team Rubicon partners with Microsoft to move from reactive to preventive disaster zone response

NGO Team Rubicon partners with Microsoft to move from reactive to preventive disaster zone response

July 5, 2020

NGO Team Rubicon partners with Microsoft to move from reactive to preventive disaster zone response Cath Everett Wed, 11/04/2020 - 01:13 Summary: Team Rubicon, a US NGO that operates in disaster zones, is moving from a reactive to a preventative client services model, with the help of AI. CIO/CTO Raj Kamachee explains the how and the why.
How Tailscale works

How Tailscale works

June 17, 2020

People often ask us for an overview of how Tailscale works. Weve been putting off answering that, because we kept changing it! But now things have started to settle down. Lets go through the entire Tailscale system from bottom to top, the same way we built it (but skipping some zigzags we took along the way). With this information, you should be able to build your own Tailscale replacement except