Microsoft has patched 123 cyber security vulnerabilities in its flagship operating system and related software.
This includes ‘wormable’, a flaw that is marked as critical – Microsoft estimates that it stands a high chance of being exploited soon.
The flaw, which is referred to as CVE-2020-1350, is a remotely exploitable bug that is present in Windows Server.
By taking advantage of it, an attacker can force install malicious software, and it takes nothing more than sending a specially crafted DNS request to accomplish it.
Despite not being aware of any instances of exploitation yet, Microsoft has warned that this sort of attack is very easy to execute – therefore, the vulnerability bears a high risk of being exploited.
‘Wormable’ got its handle due to its autonomous spreading potential – it can infect vulnerable computers without user interaction.
The latest series of updates features a total of 17 security flaw patches, all of which are rated as critical.
These can be found across several programs and frameworks, such as:
- Internet Explorer
- Visual Studio
- Microsoft Office
The updates also feature fixes for software solutions typically used by enterprises, including:
There are some other critical bugs, including:
- CVE-2020-1410: a Windows Address Book vulnerability that can be exploited via a malicious vcard file.
- CVE-2020-1421: malicious .LNK file protection that can be exploited by inserting an infected removable drive.
- CVE-2020-1435 and CVE-2020-1436: an exploit duo related to taking advantage of the way that Windows works with fonts and images, which installs malware via booby-trapped documents or links.
- CVE-2020-1463: a flaw pertaining to Windows 10 and Server 2016 that was marked as important (it has already been publicly detailed).
Before applying these updates, it is advisable to make a backup of your data.