Saturday, March 6, 2021
  • About Us
  • Contact Us
  • Terms of Use
  • Privacy Policy
  • CCPA
  • DMCA
News Two Daily News
  • Home
  • Headlines
  • US News
  • World
  • Sports
  • Business
  • Technology
  • Entertainment
  • Science
  • Health
No Result
View All Result
  • Home
  • Headlines
  • US News
  • World
  • Sports
  • Business
  • Technology
  • Entertainment
  • Science
  • Health
No Result
View All Result
Morning News
No Result
View All Result
Home Technology

Patch Tuesday, Good Riddance 2020 Edition — Krebs on Security

  • Sponsored results for Patch Tuesday, Good Riddance 2020 Edition — Krebs on Security

  •  
December 9, 2020
in Technology
Patch Tuesday, Good Riddance 2020 Edition — Krebs on Security


Microsoft today issued its final batch of security updates for Windows PCs in 2020, ending the year with a relatively light patch load. Nine of the 58 security vulnerabilities addressed this month earned Microsoft’s most-dire “critical” label, meaning they can be abused by malware or miscreants to seize remote control over PCs without any help from users.

Mercifully, it does not appear that any of the flaws fixed this month are being actively exploited, nor have any them been detailed publicly prior to today.

The critical bits reside in updates for Microsoft Exchange Server, Sharepoint Server, and Windows 10 and Server 2016 systems. Additionally, Microsoft released an advisory on how to minimize the risk from a DNS spoofing weakness in Windows Server 2008 through 2019.

Some of the sub-critical “important” flaws addressed this month also probably deserve prompt patching in enterprise environments, including a trio of updates tackling security issues with Microsoft Office.

“Given the speed with which attackers often weaponize Microsoft Office vulnerabilities, these should be prioritized in patching,” said Allan Liska, senior security architect at Recorded Future. “The vulnerabilities, if exploited, would allow an attacker to execute arbitrary code on a victim’s machine. These vulnerabilities affect Microsoft Excel 2013 through 2019, Microsoft 365 32 and 64 bit versions, Microsoft Office 2019 32 and 64 bit versions, and Microsoft Excel for Mac 2019.”

We also learned this week that Redmond quietly addressed a scary “zero-click” vulnerability in its Microsoft Teams platform that would have let anyone execute code of their choosing just by sending the target a specially-crafted chat message to a Teams users. The bug was cross-platform, meaning it could also have been used to deliver malicious code to people using Teams on non-Windows devices.

Researcher Oskars Vegeris said in a proof-of-concept post to Github that he reported the flaw to Microsoft at the end of August, but that Microsoft didn’t assign the bug a Common Vulnerabilities and Exposure (CVE) rating because it has a policy of not doing so for bugs that can be fixed from Microsoft’s end without user interaction.

According to Vegeris, Microsoft addressed the Teams flaw at the end of October. But he said the bug they fixed was the first of five zero or one-click remote code execution flaws he has found and reported in Teams. Reached via LinkedIn, Vegeris declined to say whether Microsoft has yet addressed the remaining Teams issues.

Separately, Adobe issued security updates for its Prelude, Experience Manager and Lightroom software. There were no security updates for Adobe Flash Player, which is fitting considering Adobe is sunsetting the program at the end of the year. Microsoft is taking steps to remove Flash from its Windows browsers, and Google and Firefox already block Flash by default.

It’s a good idea for Windows users to get in the habit of updating at least once a month, but for regular users (read: not enterprises) it’s usually safe to wait a few days until after the patches are released, so that Microsoft has time to iron out any…



Read More News: Patch Tuesday, Good Riddance 2020 Edition — Krebs on Security

Tags: EditionGoodKrebspatchRiddancesecurityTuesday

Related Posts

Blizzard’s Diablo II Remaster Will Support Your Old Save Files
Technology

Blizzard’s Diablo II Remaster Will Support Your Old Save Files

March 6, 2021
Players Are Farming The Heck Out Of The Outriders Demo, So The Devs Are Nerfing It
Technology

Players Are Farming The Heck Out Of The Outriders Demo, So The Devs Are Nerfing It

March 5, 2021
Marvel’s Avengers’ XP grind is about to get even slower, for some reason
Technology

Marvel’s Avengers’ XP grind is about to get even slower, for some reason

March 4, 2021
Technology

Japanese billionaire looking for people who ‘push the envelope’ for moon flight

March 3, 2021
Microsoft’s new Outlook calendar board view looks a lot like Trello
Technology

Microsoft’s new Outlook calendar board view looks a lot like Trello

March 2, 2021
Amazon shaves app icon mustache that raised eyebrows
Technology

Amazon shaves app icon mustache that raised eyebrows

March 1, 2021

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Trend Today

Peru President, Martín Vizcarra, Survives Impeachment Vote

Peru President, Martín Vizcarra, Survives Impeachment Vote

September 19, 2020
Suspect killed in shootout with officers in Midvale, 3 others arrested

Suspect killed in shootout with officers in Midvale, 3 others arrested

September 19, 2020
Presentation Pac-12 presidents and chancellors saw before postponing sports featured

Presentation Pac-12 presidents and chancellors saw before postponing sports featured

September 18, 2020
US to declare UN sanctions reimposed on Iran despite disagreement from allies

US to declare UN sanctions reimposed on Iran despite disagreement from allies

September 17, 2020
Hurricane Sally unleashes

Hurricane Sally unleashes

September 16, 2020

EDITOR'S PICK

Thailand to test thousands after shrimp market Covid outbreak

Thailand to test thousands after shrimp market Covid outbreak

December 21, 2020
Report: Jay Rodgers to Leave for Role with Los Angeles Chargers

Report: Jay Rodgers to Leave for Role with Los Angeles Chargers

January 21, 2021
Utah annihilates record with nearly 4,000 new COVID-19 cases in one day

Utah annihilates record with nearly 4,000 new COVID-19 cases in one day

November 13, 2020
Amazon: May Split Soon (NASDAQ:AMZN)

Amazon: May Split Soon (NASDAQ:AMZN)

September 1, 2020

Headlines

Fourth Houston Area Resident Charged in US Capitol Riot

Fourth Houston Area Resident Charged in US Capitol Riot

March 6, 2021
Live Updates: Senate to Debate Nearly $2 Trillion Stimulus Bill

Live Updates: Senate to Debate Nearly $2 Trillion Stimulus Bill

March 5, 2021
Dallas police officer arrested on 2 charges of capital murder

Dallas police officer arrested on 2 charges of capital murder

March 4, 2021
DA: 2 women allegedly attacked outside Haverhill home, man in custody

DA: 2 women allegedly attacked outside Haverhill home, man in custody

March 4, 2021

Sports

Golden Knights @ Sharks 3/5/21 | NHL Highlights

Golden Knights @ Sharks 3/5/21 | NHL Highlights

March 6, 2021
Lazerus: Blackhawks’ Brent Seabrook leaves a legacy that transcends any contract

Lazerus: Blackhawks’ Brent Seabrook leaves a legacy that transcends any contract

March 5, 2021
Zion was getting up shots after Pelicans-Bulls and that says something – Andrew Lopez

Zion was getting up shots after Pelicans-Bulls and that says something – Andrew Lopez

March 4, 2021
Donovan Mitchell On Refs After OT Ejection: “This Is Getting F–king Ridiculous”

Donovan Mitchell On Refs After OT Ejection: “This Is Getting F–king Ridiculous”

March 4, 2021

World

‘Hong Kong is crumbling’: seven days that crushed city’s last resistance

March 6, 2021
China Sets 2021 GDP Growth Target at Over 6%

China Sets 2021 GDP Growth Target at Over 6%

March 5, 2021
Tsunami warning for parts of New Zealand after 8.1-magnitude earthquake

Tsunami warning for parts of New Zealand after 8.1-magnitude earthquake

March 4, 2021
38 killed in Myanmar’s deadliest day of protest, says UN envoy

38 killed in Myanmar’s deadliest day of protest, says UN envoy

March 4, 2021
  • About Us
  • Contact Us
  • Terms of Use
  • Privacy Policy
  • CCPA
  • DMCA

© 2020 Newstwo.net

No Result
View All Result
  • Home
  • Headlines
  • US News
  • World
  • Sports
  • Business
  • Technology
  • Entertainment
  • Science
  • Health

© 2020 Newstwo.net

Get more stuff like this
in your inbox

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.

We respect your privacy and take protecting it seriously