Patch Tuesday: Multiple severe vulnerabilities in multiple Microsoft products
108 vulnerabilities, of which:
Multiple vulnerabilities in Microsoft products, carrying a range of risks. Some vulnerabilities may only crash the targeted device, while others can be used to take complete control over the device.
This month’s Patch Tuesday includes several severe vulnerabilities for Microsoft Exchange, that can be used to run arbitrary code on the vulnerable device. These vulnerabilities are marked as “Critical” by Microsoft and require urgent attention.
The patch list also includes several critical vulnerabilities in the Remote Procedure Call (RPC) implementation. These vulnerabilities can again be used to run arbitrary code on the vulnerable device. This is true for both workstations and servers.
Other vulnerabilities are also present, ranging from “Moderate” to “Critical”. In total, Microsoft released patches for 108 vulnerabilities. 19 of these vulnerabilities have the highest severity (Critical) and 1 is actively being exploited.
Microsoft has released multiple patches for vulnerabilities covering a range of their products. These monthly releases are called “Patch Tuesday”, and contain security fixes for Microsoft devices and software. This month’s release covers 108 vulnerabilities, 19 of which are considered “Critical”. One of these vulnerabilities is also actively exploited. Due to the high severity and risk of these vulnerabilities, urgent patching is advised.
CERT.be recommends installing updates for vulnerable devices with the highest priority. Updates can be done through Microsoft’s Update panel, and/or through their Security Advisory website (1)