[ad_1]
November 11, 2020
Microsoft has released its security bulletins for November. In them, Windows updates fix a total of 112 vulnerabilities. The most serious one fixed is a security flaw in the Windows kernel cryptographic driver. This vulnerability is being exploited in a series of targeted attacks according to information provided by researchers at Project Zero, the Google team dedicated to researching these types of security holes.
This vulnerability could be exploited by attackers locally and even using user accounts with few permissions. Since it is possible to perform a privilege escalation without requiring any user interaction that would even allow you to exit the sandbox. The security flaw would affect all desktop systems running Windows 7 or later. Also server systems with Windows Server 2008 or later.
Additionally, there is at least one proof of concept with a working exploit available. Since Project Zero provided it when it announced the discovery of this vulnerability, exploited alongside other zero-days in the Chrome browser, on October 30, and which can be used to block vulnerable Windows systems. Regarding the use of this vulnerability to carry out targeted attacks, for the moment it has been excluded that it was used in attacks related to the recent elections held in the United States.
The remaining 111 vulnerabilities:
Nor should we forget that among the 111 remaining vulnerabilities that have been fixed this month are many that could allow remote code execution in various Microsoft applications such as Excel, Sharepoint or MS Exchange Server, among others. So it is recommended to update Windows as soon as possible. Although previously we tested in environments with many computers and in controlled environments the security patches to ensure that no errors occur.
Keep reading: Microsoft fixes 112 vulnerabilities, including one zero-day – Protect yourself. Blog of Ontinet.com Lab
[+] Videos de nuestro canal de YouTube
Source link