Almost 120 vulnerabilities closed by Microsoft on March 10 – vulnerabilities that Microsoft considers critical. These affect Windows, Internet Explorer and Office.
Microsoft Classifies The Remaining Gaps As High Risk
Microsoft offers details of all vulnerabilities for self-searching in the confusing security update guide. The majority of the vulnerabilities are spread across the various versions of Windows for which Microsoft still offers security updates. Windows 7 is still mentioned in the security reports, but updates are only available to organizations participating in the chargeable program. Microsoft rates some of these Windows vulnerabilities as critical. This month there is again a newly discovered vulnerability that affects all versions of Windows. Your CVE number is lower than that of the gap plugged in the previous month. Microsoft should have known it for a longer time. There are also two gaps in all Windows versions. Microsoft has fixed critical vulnerabilities in the Windows Media Foundation. These only affect newer versions of Windows, like Windows 10 and Server 2019.
The open source Application Inspector could be used to inject and execute code. To do this, the attacker would have to make his victim to release the software on code that contains a specially prepared third-party component. Microsoft apparently fixed the bug in version in January and has only just released it.
The server message protocol in Windows 10 and Windows Server is susceptible to attacks with prepared packets. If successful, an attacker could execute the injected code. The vulnerability, previously unofficially known as CVE-2020 is said to be safe. Microsoft has not yet released an update to address the vulnerability. In the security recommendation, Microsoft advises to deactivate the SMBv3 compression and also shows how this can be done. However, this only protects against attacks on SMB servers clients. Here it can help to block the port from access. It is not yet known when Microsoft wants to close the gap.