Microsoft Patch Tuesday fixes six critical vulnerabilities

on Tuesday disclosed 56 vulnerabilities, including six ones and one moderate vulnerability that has been exploited.

The patches released address common vulnerabilities and exposures (CVEs) in: Microsoft Windows and Windows Components; Azure; Office and Office Components; SysInternals; Microsoft Edge (Chromium-based); SharePoint Server; and the .NET framework.

The one exploited CVE disclosed on Tuesday impacts the Windows SmartScreen Security Feature. To exploit it, an attacker could craft a malicious file that would evade Mark of the Web (MOTW) defenses.

When you download a file from the internet, Windows adds the zone identifier, or MOTW, to the file. That MOTW prompts Windows SmartScreen to conduct a reputation check. However, this exploit results in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.

To exploit the vulnerability, the attacker would have to convince a user to visit a malicious website or click on a malicious attachment.

The six CVEs disclosed on Tuesday were all Remote Code Execution (RCE) vulnerabilities. They impact: Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises), Microsoft SharePoint Server, PowerShell, and Windows Secure Socket Tunneling Protocol (SSTP).

You might also like
Leave A Reply

Your email address will not be published.