Wednesday, November 11, 2020

Microsoft releases over 100 security updates - so patch now

Microsoft's November 2020 Patch Tuesday has arrived which means Windows 10 administrators have their work cut out for them due to the sheer number of updates released by the software giant.

With its November 2020 Patch Tuesday security update release, the company has released fixes for a total of 112 different vulnerabilities in its products. Of the 112 vulnerabilities, 17 are classified as critical, 93 are classified as important and just two as moderate.

In its latest Patch Tuesday, Microsoft has also released a patch for a zero-day privilege escalation vulnerability in the Windows Kernel Cryptography Driver (cng.sys) tracked as CVE-2020-17087. This vulnerability was recently disclosed by Google's Project Zero security team after its researchers detected that it was being exploited in real-world targeted attacks.

Microsoft has patched vulnerabilities in a number of its products including Azure Sphere, Microsoft Dynamics, Microsoft Exchange Server, Microsoft Office, Windows 10, Visual Studio, Windows Defender and more and because of this, users should patch their systems now to avoid falling victim to any potential attacks leveraging these vulnerabilities.

Revamped Security Update Guide

Along with its recent series of security updates, Microsoft has also launched a new version of its Security Update Guide to make it easier for users and researchers alike to better understand the attributes of vulnerabilities in its software.

In a blog post, the Microsoft Security Response Center provided more details on the updated version of its Security Update Guide, saying:

“With the launch of the new version of the Security Update Guide, Microsoft is demonstrating its commitment to industry standards by describing the vulnerabilities with the Common Vulnerability Scoring System (CVSS).  This is a precise method that describes the vulnerability with attributes such as the attack vector, the complexity of the attack, whether an adversary needs certain privileges, etc.”

While the Microsoft Security Response Center has been scoring Windows and browser vulnerabilities since 2016, now it will score every vulnerability and display the details that make up that score in the new version of its Security Update Guide.

At the same time, security researchers will also now be able to edit the columns displayed in the Security Update Guide to show a vulnerability's release date, CVE number, CVE title, description, articles, FAQ, mitigations and more.

Via BleepingComputer



from TechRadar - All the latest technology news https://ift.tt/2Iyn60s

No comments:

Post a Comment