Regístrese ahora para una mejor cotización personalizada!

Microsoft Patch Tuesday fixes six critical vulnerabilities

Dic, 13, 2022 Hi-network.com
Alberto Garcia Guillen/Shutterstock

Microsoft on Tuesday disclosed 56 vulnerabilities, including six critical ones and one moderate vulnerability that has been exploited. 

The patches released address common vulnerabilities and exposures (CVEs) in: Microsoft Windows and Windows Components; Azure; Office and Office Components; SysInternals; Microsoft Edge (Chromium-based); SharePoint Server; and the .NET framework.

Windows 11

  • How to install Android apps on Windows 11
  • The best Windows laptops: Top notebooks, 2-in-1s, and ultraportables
  • How to recover deleted files in Windows 10 or 11
  • I hate Windows 11. How can I make it work more like Windows 10?

The one exploited CVE disclosed on Patch Tuesday impacts the Windows SmartScreen Security Feature. To exploit it, an attacker could craft a malicious file that would evade Mark of the Web (MOTW) defenses.

When you download a file from the internet, Windows adds the zone identifier, or MOTW, to the file. 

That MOTW prompts Windows SmartScreen to conduct a reputation check. 

However, this exploit results in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.

Also: Is Microsoft really going to cut off security updates for your 'unsupported' Windows 11 PC?

To exploit the vulnerability, the attacker would have to convince a user to visit a malicious website or click on a malicious attachment. 

The six critical CVEs disclosed on Tuesday were all Remote Code Execution (RCE) vulnerabilities. They impact: Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises), Microsoft SharePoint Server, PowerShell, and Windows Secure Socket Tunneling Protocol (SSTP).

Security

8 habits of highly secure remote workersHow to find and remove spyware from your phoneThe best VPN services: How do the top 5 compare?How to find out if you are involved in a data breach -- and what to do next
  • 8 habits of highly secure remote workers
  • How to find and remove spyware from your phone
  • The best VPN services: How do the top 5 compare?
  • How to find out if you are involved in a data breach -- and what to do next

tag-icon Etiquetas calientes: tecnología seguridad

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.