Wednesday, March 3, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

Update Microsoft Windows Systems to Patch 99 New Security Flaws

February 12, 2020
in Internet Privacy
Update Microsoft Windows Systems to Patch 99 New Security Flaws
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

A few hours after Adobe today released security updates for five of its widely-distributed software, Microsoft also issued its February 2020 Patch Tuesday edition with patches for a total of 99 new vulnerabilities.

According to the advisories, 12 of the total issues patched by the tech giant this month are critical in severity, and the remaining 87 have been listed as important.

You might also like

Researchers Unearth Links Between SunCrypt and QNAPCrypt Ransomware

New ‘unc0ver’ Tool Can Jailbreak All iPhone Models Running iOS 11.0

Chinese Hackers Targeted India’s Power Grid Amid Geopolitical Tensions

Five of the bugs are listed as publicly known at the time of release, four of which are important in severity and one critical (CVE-2020-0674) that is also listed as under active attack.

Microsoft warned about this zero-day vulnerability in Internet Explorer (IE) browser last month when it released an advisory without releasing a patch for millions of its affected users.

As explained previously, this flaw could allow a remote attacker to execute arbitrary code on targeted computers and take full control over them just by convincing victims into opening a maliciously crafted web page on the vulnerable Microsoft browser.

All supported versions of Microsoft Windows also contain a critical RCE flaw (CVE-2020-0662) that an attacker with a domain user account can exploit to execute arbitrary code on the targeted system with elevated permissions.

Remote Desktop Client also contains two critical issues, tracked as CVE-2020-0681 and CVE-2020-0734, which are not wormable bugs but could be used to compromise vulnerable systems when connected to a malicious or untrusted server.

“To exploit this vulnerability, an attacker would need to have control of a server and then convince a user to connect to it. An attacker would have no way of forcing a user to connect to the malicious server, they would need to trick the user into connecting via social engineering, DNS poisoning or using a Man in the Middle (MITM) technique,” the advisory says.

“An attacker could also compromise a legitimate server, host malicious code on it, and wait for the user to connect.”

There’s another critical vulnerability (CVE-2020-0729) that exists in the way Microsoft Windows operating system parses LNK shortcuts, successful exploitation of which could allow a remote attacker to execute arbitrary code on the affected system and take full control of it.

“The attacker could present to the user a removable drive, or remote share, that contains a malicious .LNK file and an associated malicious binary. When the user opens this drive(or remote share) in Windows Explorer, or any other application that parses the .LNK file, the malicious binary will execute code of the attacker’s choice on the target system,” the advisory says.

Besides this, most of the other critical issues are memory corruption flaws in IE, Edge browser, and Chakra scripting engine, which, if successfully exploited, could also allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system in the context of the current user.

To be noted, there’s an important security feature bypass issue (CVE-2020-0689) that poses a significant threat to security-conscious users. According to Microsoft, there’s a vulnerability in the secure boot feature that could let an attacker bypass it and load untrusted software on the system.

The latest updates also contain patches for multiple privilege escalation vulnerabilities affecting versions of the Windows operating system, which could let low privileged attackers run arbitrary code in kernel mode.

Users and system administrators are highly recommended to apply the latest security patches as soon as possible to keep cybercriminals and hackers away from taking control of their computers.

For installing the latest security updates, you can head on to Settings → Update & Security → Windows Update → Check for updates on your computer, or you can install the updates manually.


Credit: The Hacker News By: noreply@blogger.com (Unknown)

Previous Post

Upskilling: What Is A Learning Sprint?

Next Post

FBI: BEC scams accounted for half of the cyber-crime losses in 2019

Related Posts

Researchers Unearth Links Between SunCrypt and QNAPCrypt Ransomware
Internet Privacy

Researchers Unearth Links Between SunCrypt and QNAPCrypt Ransomware

March 3, 2021
New ‘unc0ver’ Tool Can Jailbreak All iPhone Models Running iOS 11.0
Internet Privacy

New ‘unc0ver’ Tool Can Jailbreak All iPhone Models Running iOS 11.0

March 2, 2021
Chinese Hackers Targeted India’s Power Grid Amid Geopolitical Tensions
Internet Privacy

Chinese Hackers Targeted India’s Power Grid Amid Geopolitical Tensions

March 2, 2021
Why do companies fail to stop breaches despite soaring IT security investment?
Internet Privacy

Why do companies fail to stop breaches despite soaring IT security investment?

March 2, 2021
Gootkit RAT Using SEO to Distribute Malware Through Compromised Sites
Internet Privacy

Gootkit RAT Using SEO to Distribute Malware Through Compromised Sites

March 2, 2021
Next Post
FBI: BEC scams accounted for half of the cyber-crime losses in 2019

FBI: BEC scams accounted for half of the cyber-crime losses in 2019

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Cloudera: An Enterprise-Level Play On Machine Learning And Big Data – Seeking Alpha
Machine Learning

Cloudera: An Enterprise-Level Play On Machine Learning And Big Data – Seeking Alpha

March 3, 2021
The Symbolic World: Raising A Turing’s Child Machine (1/2) | by Puttatida Mahapattanakul | Feb, 2021
Neural Networks

The Symbolic World: Raising A Turing’s Child Machine (1/2) | by Puttatida Mahapattanakul | Feb, 2021

March 3, 2021
Top 10 ‘Brand Guardian’ Most Famous, Most Reputable CEOs
Marketing Technology

Top 10 ‘Brand Guardian’ Most Famous, Most Reputable CEOs

March 3, 2021
Linux Mint may start pushing high-priority patches to users
Internet Security

Linux Mint may start pushing high-priority patches to users

March 3, 2021
Microsoft Ignite Data and Analytics roundup: Platform extensions are the key theme
Big Data

Microsoft Ignite Data and Analytics roundup: Platform extensions are the key theme

March 3, 2021
An open-source machine learning framework to carry out systematic reviews
Machine Learning

An open-source machine learning framework to carry out systematic reviews

March 3, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Cloudera: An Enterprise-Level Play On Machine Learning And Big Data – Seeking Alpha March 3, 2021
  • The Symbolic World: Raising A Turing’s Child Machine (1/2) | by Puttatida Mahapattanakul | Feb, 2021 March 3, 2021
  • Top 10 ‘Brand Guardian’ Most Famous, Most Reputable CEOs March 3, 2021
  • Linux Mint may start pushing high-priority patches to users March 3, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates