Microsoft’s Mega Patch Tuesday is Largest Ever

Written by

Microsoft released fixes for 129 vulnerabilities in its regular monthly update round yesterday, the fourth month in a row to hit over 100 CVEs and the largest of any Patch Tuesday.

Of the 129 CVEs, only 11 are rated critical and there are no flaws being actively exploited in the wild.

Some 98 vulnerabilities can be resolved by deploying OS and browser updates, while the other 31 are spread across Office, SharePoint, Defender, Endpoint Protection and developer tools like Visual Studio, ChakraCore and Azure Dev Ops, according to Ivanti senior product manager, Todd Schell.

He argued that the COVID-related shift to mass home working is causing problems for companies reliant on VPNs to patch.

“There are many solutions that can manage updates without the need for a VPN. Another difficulty companies are facing is user connectivity,” he added.

“I had a conversation with one company that is managing updates without needing to use a VPN to access the network. Their challenge is their users have low internet speeds. Monthly updates requiring hundreds of megabytes of patches, or gigabytes in some cases, become problematic as well.”

Allan Liska, intelligence analyst at Recorded Future, said admins should start with CVE-2020-1281, a remote code execution vulnerability in Microsoft’s Object Linking & Embedding (OLE). It affects Windows 7-10 and Windows Server 2008-2019.

“The vulnerability exists in the way OLE validates user input. An attacker who sent a specially crafted file or program, or convinced a victim to download one, could execute malicious code on the victim’s machine,” he explained. “Microsoft assigned this vulnerability a CVSS score of 7.8; a similar vulnerability, CVE-2017-0199, has been widely exploited including by the Lazarus group and APT 34.”

Others pointed to a remote code execution bug in SharePoint as demanding urgent attention.

CVE-2020-1181 affects the way SharePoint processes unsafe ASP .Net web controls. Although it requires a user to be authenticated to exploit the flaw, SharePoint itself is an increasingly popular target for attackers.

What’s hot on Infosecurity Magazine?