This month Microsoft patched 129 vulnerabilities, 12 of which are rated “Critical” by Microsoft. None of the vulnerabilities have been exploited in the wild. Adobe has also released a patch for Adobe Flash Player to fix a “Critical” rated remote code execution vulnerability.
The Windows Kernel always gets a little TLC on Patch Tuesday. This month has an interesting vulnerability that bypasses the null pointer dereference protection, which was introduced in Windows 8. On its own, this vulnerability is harmless. However null pointer exceptions are extremely common bugs, making exploiting the system far easier if you can leverage this vulnerability (CVE-2020-1241).
Office received its usual attention this month. Some of the more noteworthy vulnerabilities are in Outlook, and Excel. Attackers would be able to execute code with security context of the currently logged in user, resulting in compromising entire systems if the user is an administrator. Remember to practice the principle of least privilege when using any application.
Windows Cab Files
Cab Files are a type of compressed folder, typically used in installers. When processing a cab file, it is possible to gain execution control with this vulnerability and others like it. Installers typically run with elevated privilege, so this is a very severe vulnerability. An attacker leveraging this vulnerability by convincing a user to open a maliciously crafted cab file would be able to completely take over the system.
The big scary SMB bugs are back… or at least any SMBv1 installation. Most systems leveraging SMB do not use the v1.0 version of the protocol, but those that do are vulnerable to some of the most dangerous vulnerabilities, like EternalBlue. SMB runs on exposed ports on your network, so an attacker must send a maliciously crafted message to your system over the network to execute code with system privileges. Microsoft rates the exploitation of this vulnerability as more likely, so be quick with your patches!