[ad_1]
Yesterday was the second Tuesday of the month, which meant – you guessed it! – it was time for Microsoft to release its latest set of security fixes.
On this occasion, Microsoft fixed more than 100 security vulnerabilities in a wide variety of its products, some of which could allow critical remote code execution attacks if left unchecked.
But the update that will probably get the most attention is CVE-2020-17087, a zero-day vulnerability that has been exploited in active attacks against users of Windows 7 and Windows 10.
News, advice and security tips.
The vulnerability, which allows elevation of local privilege and sandbox evasion, was made public by Google’s Project Zero team late last month.
It was just seven days after Microsoft was notified of the security breach, as security researchers said it was being exploited – in coordination with a Google Chrome flaw (itself patched on October 20) – by cybercriminals in targeted attacks.
Personally, I am impressed to see Microsoft fix the vulnerability and spread it so quickly to its millions of users just days after discovering the vulnerability.
If you are running Windows on a computer for which you are responsible and want to ensure that your security patches are installed, select “Start”, then go to Settings > Update and security > Windows Update.
did you find this article interesting? Follow Graham Cluley on Twitter to learn more about the exclusive content we publish.
[ad_2]
Source link