released fixes for 120 vulnerabilities on its monthly patchday. They affect thirteen different products including Windows, Edge, Internet Explorer, and . The company rates 17 weak points as critical. Two holes are also being actively exploited by hackers.
The first zero-day gap can be found in all supported Windows versions, from Windows 7 (only paid support) toas well as from Server 2008 to Server Version 2004. Microsoft rates the update as important.
Because Windows may not properly verify file signatures, the operating system is vulnerable to spoofing. An attacker should be able to circumvent security functions and load incorrectly signed files.
Also already publicly known and used for hacker attacks is a bug in the script engine of Internet Explorer 11. Microsoft assumes a critical severity level here. An attacker can smuggle in malicious code and execute it with the rights of the logged-in user in order to take control of an affected system.
In addition, both versions of the Edge browser, Microsoft Chakra Core, SQL Server, JET Database Engine, .NET Framework and ASP.NET Core are vulnerable. There are other weaknesses inas well as Office Services and Office Web Apps, the Windows Codecs Library and Microsoft Dynamics.
Cumulative updates are also available for download for Windows 10 versions 2004, 1909, 1903, 1809, 1803 and 1709. They not only close security gaps, but also fix some non-security-relevant errors. As always, the update takes place via the update function integrated in Windows.