Microsoft Detects 112 Malicious Vulnerabilities In Its Software
JAKARTA - Microsoft's November 2020 Patch Tuesday security suite has arrived. In that release, Microsoft revealed that there are a total of 112 different vulnerabilities in its products that need to be fixed.
Quoting Tech Radar, Thursday, November 12, it is known that of the 112 vulnerabilities 17 are classified as critical, 93 are classified as important and only two are classified as moderate.
There is also a patch for zero-day privilege escalation vulnerability in the Windows Kernel Cryptography Driver (cng.sys) which is tracked as CVE-2020-17087, this vulnerability is quite severe.
The vulnerability was recently disclosed by Google's Project Zero security team, after researchers detected that the vulnerability was being exploited in a targeted attack in the real world.
However, Microsoft has patched the vulnerability in a number of its products including Azure Sphere, Microsoft Dynamics, Microsoft Exchange Server, Microsoft Office, Windows 10, Visual Studio, Windows Defender and others.
Therefore, users have to patch their system now so as not to become a victim. According to Microsoft, any potential attack could occur at any time by exploiting this vulnerability.
To address this, Microsoft has also launched a new version of the Security Update Guide to make it easier for users and researchers to better understand vulnerabilities in its software.
"With the release of the new version of the Security Update Guide, Microsoft is demonstrating its commitment to industry standards by explaining vulnerabilities with the Common Vulnerability Scoring System (CVSS)," said the Microsoft Security Response Center in its official blog post.
"This is a precise method that describes a vulnerability with attributes such as attack vector, attack complexity, whether the enemy needs certain privileges," he added.
Although Windows and their browser vulnerabilities have been detected since 2016, the company will now assess each vulnerability and display the details that make up the score in its new version of the Security Update Guide.
At the same time, Microsoft security researchers can now edit the fields displayed in the Security Update Guide to indicate the vulnerability release date, CVE number, CVE title, description, article, FAQ, mitigation and more.