As part of the July update Tuesday, ingenieros de microsoft fijado 123 vulnerabilidades en 13 different products. Any of them was under attack.
In July did not reach the record of June Tuesday only a little, cuando were fixed129 vulnerabilities.
The most serious vulnerability fixed this time is the CVE-2020-1350 problem, también conocido como SigRed, found as part of the Windows DNS Server. la vulnerabilidad fue descubierto by Check Point specialists and scored 10 señala de 10 en la escala de calificación de vulnerabilidad CVSSv3.
Other major issues this month included vulnerabilities that could allow remote code execution that were discovered as part of:
- RemoteFX vGPU component in the Microsoft Hyper-V hypervisor (CVE-2020-1041, CVE-2020-1040, CVE-2020-1032, CVE-2020-1036, CVE-2020-1042, CVE-2020-1043);
- Jet Database Engine, included in some Office applications (CVE-2020-1400, CVE-2020-1401, CVE-2020-1407);
- Microsoft Word (CVE-2020-1446, CVE-2020-1447, CVE-2020-1448);
- Microsoft Excel (CVE-2020-1240);
- Microsoft Outlook (CVE-2020-1349);
- Microsoft Sharepoint (CVE-2020-1444);
- Windows LNK shortcut files (CVE-2020-1421);
- various Windows graphics components (CVE-2020-1435, CVE-2020-1408, CVE-2020-1412, CVE-2020-1409, CVE-2020-1436, CVE-2020-1355).
Adobe, a su vez, ha arreglado more than a dozen vulnerabilities in products such as Creative Cloud, Media Encoder, Genuine Service, Fusión fría, and Download Manager.
Así que, in the Windows version of Download Manager, Adobe fixed a critical error that allowed the introduction of commands, which could lead to the execution of arbitrary code.
"En Media Encoder for Windows and macOS, were resolved two critical out-of-bounds writing issues that could also lead to arbitrary code execution, as well as an out-of-bounds reading error that entailed information disclosure”, – report Adobe experts.
A critical vulnerability has also been fixed in the desktop version of Creative Cloud. The problem is with symbolic links, which can allow an attacker to write arbitrary files to the target system. Three other vulnerabilities detected in the application are marked as important and allow increasing privileges in the system.
As part of the Genuine Service, have been fixed two bugs that allow privilege escalation, as well as in ColdFusion.
Recent patches include disclosure in NetWeaver (CVE-2020-6285) and several not-so-dangerous errors in Disclosure Management (CVE-2020-6267), Business Objects (CVE-2020-6281, CVE-2020-6276), NetWeaver AS JAVA (CVE-2020-6282) and Business Objects BI (CVE-2020-6278, CVE-2020-6222).
Also this month were released patches for the products of other vendors, including several updates from VMware, fixing about a hundred errors from Oracle (the highest CVSS score is 8.8 points for CVE-2016-1000031 vulnerability), y también updated Chrome, where One critical error and seven high-severity flaws were corrected.