In November, Microsoft released a patch for 112 newly discovered security vulnerabilities in its products.
Out of the 112 points that were fixed, 17 of them were classified as critical, 93 “important” and two “medium.”
The company strongly recommends that Windows users and system administrators apply the latest security patches, to resolve the threats associated with these issues.
Exploit the error
Microsoft has classified the CVE-2020-17087 vulnerability as significant in terms of severity, as an attacker interested in exploiting the flaw needs to have physical access to various installations of Windows Server, Windows 10, Windows 7, Windows 8.1, or Windows RT affected by the flaw.
The CVE-2020-17051 vulnerability has a rating of 9.8 out of 10, making it a serious security vulnerability, yet Microsoft said the complexity of the attack (the circumstances beyond the attacker’s control that must exist in order to exploit the vulnerability) makes it low.
Security updates include a range of programs, including Microsoft Windows, Office, Office Services, Web Apps, Internet Explorer, Edge, Exchange Server, Microsoft Dynamics, Windows Codecs Library, Azure Sphere, Windows Defender, Microsoft Teams, and Visual Studio.
Fixing the glitches
The update fixes a number of remote code execution (RCE) vulnerabilities affecting Exchange Server, Network File System, and Microsoft Teams, as well as a security override bug in Windows Hyper-V virtualization software.
Other critical flaws, which the company fixed this month, include memory corruption vulnerabilities in Microsoft Scripting Engine and Internet Explorer, and several Remote Code Execution (RCE) flaws in the Video Extension Codec (HEVC) library.