Once again, it is time for Microsoft Patch Tuesday.
This time around, the security updates released by Microsoft address 87 security problems, 11 of which were rated as critical.
CVE-2020-16898 is probably the scariest of the bunch.
This is a cyber security vulnerability that affects Windows Server 2019 and Windows 10.
A hacker could abuse it to install malware, and it only requires sending a malformed packet of data to do so.
This bug has been given a CVSS score of 9.8 out of 10.
Dubbing it the ‘Bad Neighbor’ flaw, McAfee warns that it is an extremely reliable way to execute a worm type of attack.
Steve Povolny from McAfee describes it as something that causes a Blue Screen of Death (BSOD) and allows for remote code execution.
Another critical bug goes by the handle of CVE-2020-16947.
This one is a Microsoft Outlook problem and is particularly worrisome as it allows for malware to be installed on a computer just by previewing an infected email.
The good news is that no zero-day vulnerabilities were found this month.
However, according to Todd Schell from Ivanti, half a dozen of these flaws were publicly disclosed prior to today, giving malicious actors an ample amount of time to engineer a potential exploit.
October patches were designed to fix a number of cyber security flaws, including those found in:
- .NET Framework
- Visual Studio
- Exchange Server
After months of no fixes for Flash Player, Adobe has finally provided a critical security update that fixes a flaw through which malware could get installed on your computer upon visiting an infected website.
For Chrome and Firefox users, Flash will now be disabled by default.
IE/Edge users will receive updates for it automatically.
Flash is retiring at the end of the year, and Microsoft will release security updates that will completely remove it from the operating system.