Microsoft fixes 130 bugs in Windows OS, other software
Microsoft has fixed nearly 130 security vulnerabilities in its Windows operating system and supported software with its Patch Tuesday September update.
According to reports, 23 of these bugs could be exploited by hackers to control Windows computers “with little or no help from users”.
Microsoft patched 130 vulnerabilities across 15 products, ranging from Windows to ASP.NET.
“The majority of the most dangerous or “critical” bugs deal with issues in Microsoft’s various Windows operating systems and its web browsers, Internet Explorer and Edge,” reports Krebsonsecurity.
Of these, 32 were classified as remote code execution issues. These are vulnerabilities that allow hackers to exploit vulnerable apps remotely over a network.
Among the chief concerns is CVE-2020-16875, which involves a critical flaw in the email software Microsoft Exchange Server 2016 and 2019.
“An attacker could leverage the Exchange bug to run code of his choosing just by sending a booby-trapped email to a vulnerable Exchange server”.
There are no security updates available for Adobe’s Flash Player. The last time Adobe Flash got a security update was in June this year.
Microsoft has announced to end support for Adobe Flash Player on Microsoft Edge and Internet Explorer 11 at the end of 2020.