On patch Tuesday this month, Microsoft will take care of a total of 117 are weak, the 25 security vulnerabilities in Windows and co. they are considered to be “the critical“. The attackers are using it with success, you might, under certain conditions, a malicious code, and total control over the machine. Anyone who uses Microsoft Software, you must make sure that the Windows Update to install the latest Patches, and now.
One important Patch is missing
Today, a critical vulnerability (CVE-2020-0798) on the SMBv3 Protocol that Windows 10 and Windows Server (1903), are, due, mainly, to the front. In a security advisory, Microsoft could just package ready to send out to the vulnerable SMB Server to exploit the vulnerability. To connect, you should be able to can own the Code that is executed. In addition to this, Customers are at risk of harm. For a successful attack, an attacker would have to do what is right, but in order to connect to an attacker-controlled SMBv3 to the Server.
Up to now, there is still no Patch for the gap. In the warning, Microsoft describes a Workaround on how you can at least ensure that the SMB Server. In addition to this, they will not block TCP Port 445 through the Firewall.
If the attackers start with the success of the vulnerability, you may want to spread a Trojan, according to the Report, worm-like, and so much more from your infected Computer. This is the kind of spread in the summer of 2017 in order to, among other things, to the shadows of the Trojan WannaCry. Microsoft made sure that you have noticed by now, none of the attacks.
Other critical gaps
Even more dangerous vulnerabilities that are being found in the Microsoft Media Foundation in Windows 10. Such an attack to succeed here and be a victim to open a malicious document, an attacker could then install programs, or to Accounts that you create. The web browser of the Border, is threatened by the ten critical gaps in the chakra in the core of the Scripting Engine. This can lead to errors in memory for further processing. In the end, the attacker could gain the same user rights as the victim. Internet Explorer 11, a similar attack to his face.
As a “important“classified security updates that Microsoft has released for Office and Word. Here, an attacker might be able to run, for example, by means of a manipulated Word document, open the victim’s actions with the same user rights as the victim.
An Overview of all of the patches for the security vulnerabilities on the March, you will find that the Microsoft Security Update Guide. From there, you have to look for it, but on the right side for more information. For example, in a Blog, Cisco’s Talos to get more information, which is processed in a manner the most clear-cut.