Microsoft fixes 17 critical flaws during Tuesday patch
With the November 2020 Patch Tuesday, the Redmond giant was able to fix nearly 112 security flaws, 17 of which are critical.
Moreover, the majority of these vulnerabilities could allow hackers to run malicious code remotely. Microsoft also took the opportunity to plug the Zero Day security flaw discovered by Google Project Zero specialists.
Among these critical security vulnerabilities, it had one that directly affects Windows' NFS protocol and its 2049 port.
This article will also interest you: Security flaw corrected at Microsoft
One imagines in advance the work that will weigh on Microsoft engineers for the release of this set security patch time of the month of November. Because it is more than a hundred security flaws that will have to be corrected. Of these 112 security vulnerabilities, 93 present themselves as significant with two weak security vulnerabilities. Many of these flaws result in the malicious codes being run remotely. The most important that has been identified under the identification of CVE-2020-17051, present in the NFS (Network File System) is the vulnerability to be fixed as quickly as possible.
As a reminder it should be noted that the Network File System protocol is important in that it is the client-server protocol because it allows users to access files on a computer network and use them as if they were present in a local file directory. According to computer security experts, cybercriminals will soon take a closer look at port 2049, which is specific enough to the NFS, to determine whether the fix has effectively plugged the breach.
In addition, attention will be made to certain vulnerabilities such as CVE-2020-17053 and CVE-2020-17052. these are security vulnerabilities that can allow cyber criminals to easily corrupt the memory of the Internet Explorer engine, Microsoft's browser. For the flaw in the printing spor, CVE 2020-17042, it has been corrected by Microsoft. It was also likely to allow criminals to have much more privilege "Exploiting this vulnerability requires user interaction, but it is characterized by a low-complexity attack, which increases the risk of compromise," notes in its analysis of Patch Tuesday, Qualys. According to the latter, special attention will need to be paid to security fixes that deal with workstations including Exchange Server, Windows codecs, GDI, browsers, because of the increasing development of telecommuting.
In addition, with regard to the CVE-2020-17087 flaw, detect unveiled by Google's search group, Project Zero, and which made the front page last week, Microsoft also corrected it with another that directly affects Google's browser, Chrome. For the flaw discovered by Google, Redmond's firm notes that Google exaggerates a little about the seriousness of it. Microsoft supports the idea that physical access to Windows server terminals, Windows 10, RT, 8.1, 7 is required to succeed in the hacking described.
With the November Patch Tuesday, Microsoft is taking the opportunity to remove the CVE description section. The firm's Security Response Center favours greater relis and use of the Common Vulnerability Scoring System (CVSS). "It's a precise method that describes vulnerability with attributes such as the attack vector, the complexity of the attack, whether an opponent needs certain privileges, etc.," Microsoft writes. Some experts have criticized this choice, saying that a lot of useful data for administrators will be lost and that they will have a hard time prioritizing the flaws that need to be fixed.
Now access an unlimited number of passwords: