In a past month, Microsoft has released patches for over 70 vulnerabilities in its products.
The company has been under the fire from users and system administrators for quite some time. The pressure was following the stream of vulnerabilities, including two of a zero-day type flaws. The zero-day vulnerabilities are still being actively exploited in the cyber world. They should be a top priority for every sysadmin.
The 15 updates include fixes for 74 unique Common Vulnerabilities and Exposures (CVE) in Windows, Office, Exchange, Internet Explorer (IE), Edge, and SharePoint.
Recent zero-day vulnerabilities are part of the Win32k component, which resides in all versions of Windows. One of the most significant flaws here is the Elevation of Privilege. It is often a part of the next phase of a cyber attack. In second step perpetrators aims to gain control of the user’s machines and the rest of the networks.
IT professionals must not only focus on the severe, highly prioritized vulnerabilities, but on a less significant ones, as well. It is important not to leave systems exposed via others which fall down the priority list. For example, remote code execution vulnerabilities affect Windows 7, 8 and 10 and Windows Server 2008, 2012, 2016 and 2019. There is an high chance that attackers will exploit these vulnerabilities as soon as possible. Given the full range of Windows systems is a potential target, patching them should be mandatory.
43 Common Vulnerabilities and Exposures had patches released for several Microsoft products, including Adobe Reader, Acrobat, and AIR. A special note goes for Flash and Shockwave: this product has already reached end-of-life so there are further updates will be provided to address its critical flaws.
Multiple vulnerabilities now permanently existing in majority of Shockwave installs will lead to imminent exploit. We recommend immediately removing Shockwave from your network and PCs.