“Patch Tuesday” this month became the largest in the history of Microsoft: were fixed at once 129 vulnerabilidades. Marzo 2020 con 115 corrections is in second place, y 113 corrections in April 2020 arein a third place.
100 absolutely “ridiculous” Microsoft patches were presented in February “Patch Tuesday”, but among them was the sensational 0-day vulnerability in Internet Explorer, which actively used attackers.
En general, the total number of corrections issued by the company this year accounts 616, and this is almost the same as for the entire 2017.
“This time there were no 0-day vulnerabilities, which means that any of the fixed bugs was under attack”, – dijeron los ingenieros de Microsoft.
Of all 129 vulnerabilidades, solamente 11 received critical status (they affect Windows itself, the Edge and Internet Explorer browsers, as well as SharePoint).
Otro 109 problems are rated as important (they affected Windows, company’s browsers, Oficina, Defensor de Windows, Dynamics, Visual Studio, Azure DevOps and Android applications).
The most serious problems this month include:
- CVE-2020-1181 – remote code execution in Microsoft SharePoint
- CVE-2020-1225, CVE-2020-1226 – remote code execution in Microsoft Excel
- CVE-2020-1223 – remote code execution in Word for Android
- CVE-2020-1248 – remote code execution in the Windows Graphics Device Interface (GDI)
- CVE-2020-1281 – remote code execution in Windows OLE
- CVE-2020-1299 – remote code execution when processing .LNK files
- CVE-2020-1300 – remote code execution in the print spooler component
- CVE-2020-1301 – remote code execution in Windows SMB
- CVE-2020-1213, CVE-2020-1214, CVE-2020-1215, CVE-2020-1216, CVE-2020-1230, CVE-2020-1260 – remote code execution in the VBScript engine
Sin embargo, not only Microsoft has prepared patches for their products this week. Así que, el Adobe desarrolladores also fixed a number of serious problems in the Flash Player, Framemaker and Experience Manager.
SAVIA desarrolladores liberados 17 security bulletins and prepared patches for Apache Tomcat (CVE-2020-1938), two bugs in SAP Commerce (CVE-2020-6265, CVE-2020-6264), vulnerabilities in SAP Success Factors (CVE-2020- 6279) as well as issues in NetWeaver (CVE-2020-6275).
Intel has fixed more than 20 diferentes vulnerabilidades, including bugs in the Innovation Engine (CVE-2020-8675) and Special Register Buffer (CVE-2020-0543). The latter problem is called CrossTalk, and it allows you to «merge» confidential data from SGX enclaves.