Posted on Wednesday, October 14 2020 @ 16:19 CEST by Thomas De Maesschalck
Microsoft classified 12 bugs as critical, 74 as important and one as moderate. Interestingly, six of the vulnerabilities concern publicly disclosed bugs, but fortunately none of these are being actively exploited in the wild.
Here's a brief overview of some of the more interesting critical vulnerabilities that were fixed today:
"CVE-2020-16911 - GDI+ Remote Code Execution Vulnerability" lets attackers create specialty crafted websites that can execute commands with elevated privileges on the visitor's computer.
"CVE-2020-16947 - Microsoft Outlook Remote Code Execution Vulnerability" allows attackers to send specially crafted emails that can execute commands when opened in the Microsoft Outlook software. This attack also works when an email is viewed in the preview pane.
"CVE-2020-16898 - Windows TCP/IP Remote Code Execution Vulnerability" can be exploited by sending specially crafted ICMPv6 Router Advertisement packets to a remote Windows computer. If successful, it could allow a remote attacker to execute commands on the targeted computer.
"CVE-2020-16891 - Windows Hyper-V Remote Code Execution Vulnerability" would allow an attacker, or malware, on a guest Hyper-V virtual machine to execute commands on the host operating system.
"CVE-2020-16915 - Media Foundation Memory Corruption Vulnerability" can be exploited for remote code execution by tricking a user into visiting a malicious website.
