Microsoft has released fixes for 129 vulnerabilities in what was some are calling the largest patch Tuesday in the history of the Windows operating system.
However, none of the bugs addressed in this months’ updates are known to have been exploited or known prior to the release, but there are some that warrant special attention for enterprises and companies working remotely.
According to cybersecurity journalist Brian Krebbs, a chief concern among the patches is a trio of vulnerabilities in the Windows file sharing technology, also known as Microsoft Server Message Block or “SMB” service.
Perhaps most troubling of these (CVE-2020-1301) is a remote code execution bug in SMB capabilities built into Windows 7 and Windows Server 2008 systems — both operating systems that Microsoft stopped supporting with security updates in January 2020. One mitigating factor with this flaw is that an attacker would need to be already authenticated on the network to exploit it, according to security experts at Tenable.
The SMB fixes follow closely on news that proof-of-concept code was published this week that would allow anyone to exploit a critical SMB flaw Microsoft patched for Windows 10 systems in March (CVE-2020-0796). Unlike this month’s critical SMB bugs, CVE-2020-0796 does not require the attacker to be authenticated to the target’s network. And with countless company employees now working remotely, Windows 10 users who have not yet applied updates from March or later could be dangerously exposed right now.
Other security patches address issues in Microsoft SharePoint, Microsoft Excel, Micorosft Edge, Internet Explorer, Microsoft Defender, Azure DevOps, Adobe Flash Player, Word for Andoid, Windows Graphics Device Interface and others.
Visit Microsoft’s official Security Response Center for more information on the updates and how to ensure your IT department is keeping your organization protected against malicious actors who keep tabs on Windows security patches and attempt to exploit vulnerable machines before they’re patched.