Patch Tuesday delivers critical fixes for Microsoft SharePoint, Exchange

Microsoft's last Patch Tuesday of the year has arrived and this month the software giant has included fixes for some of the most seriou...

Microsoft's last Patch Tuesday of the year has arrived and this month the software giant has included fixes for some of the most serious vulnerabilities it has addressed in the past 12 months.

Compared to November's Patch Tuesday which provided patches for 112 different vulnerabilities in its products, this month's series of fixes from Microsoft addresses 56 vulnerabilities in its software including SharePoint and Exchange. 

According to a blog post from SophosLabs, the software giant has fixed 1,245 bugs this year with an average of more than 100 updates per month over the past year.

While Microsoft has patched half as many vulnerabilities this month as it did in November, nearly 40 percent of the bugs addressed in December's Patch Tuesday can lead to attackers being able to launch malicious code on targeted systems.

Remote code execution

Two of the most important vulnerabilities addressed this month exist in Microsoft SharePoint and Exchange and if exploited, they could lead to remote code execution.

The SharePoint vulnerability, tracked as CVE-2020-17121, is a directory traversal vulnerability that can be triggered when the software processes an attacker's malicious input. An attacker could exploit this vulnerability to cause an unsafe deserialization of malicious input which would lead to remote code execution. However, in order to execute this kind of attack, an attacker would need valid user credentials to target a SharePoint site in order to log into it and create a new Team Site on it.

The Exchange vulnerability, tracked as CVE-2020-17144, is quite serious but poses less risk to end users due to the fact that it only affects the Exchange 2010 mail server (which Microsoft recently stopped supporting) and requires an attacker to have valid account credentials for at least one email user on the affected server. If an attacker does manage to exploit this vulnerability, it would expose the contents of the mailboxes used by all accounts on the Exchange server.

Microsoft's latest series of patches will be rolling out to users soon but you can also check out the complete list to see all 56 vulnerabilities that were addressed as well as their severity level.

Via Sophos News



from TechRadar - All the latest technology news https://ift.tt/3gxuPcd
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,183,Video,5,XIAOMI,13,YouTube - 9to5Google,182,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: Patch Tuesday delivers critical fixes for Microsoft SharePoint, Exchange
Patch Tuesday delivers critical fixes for Microsoft SharePoint, Exchange
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2020/12/patch-tuesday-delivers-critical-fixes.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2020/12/patch-tuesday-delivers-critical-fixes.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy