Every few weeks, Microsoft releases a new update package to fix bugs and vulnerabilities, which is known as patching. This serves to protect users from possible failures or unwanted access to their systems and, therefore, their data. And it’s not just Microsoft that releases these packages; many companies do this. Learn more details in the rest of the article.
Microsoft fixes more than 71 bugs with these updates
The technological giant has released its new update package, expecting to solve more than 71 flaws and vulnerabilities that are distributed among several of its products: Windows, Office, Exchange, and Defender, among others. Of all these failures, three were categorized as Critical and the others as Important in severity. It should be clarified that none of these were found to be actively exploited; three of them are known to the public.
We also can’t forget that Microsoft, at the beginning of the month, released a package of updates but only aimed at fixing 21 bugs found in the Chromium-based Microsoft Edge browser. The three Critical flaws that experts were concerned about are the ones that impact:
- HEVC Video Extensions (CVE-2022-22006)
- Microsoft Exchange Server (CVE-2022-23277)
- VP9 Video Extensions (CVE-2022-24501)
The Microsoft Exchange Server vulnerability was one of the most interesting cases. Discovered by researcher Markus Wulftange, it needed the attacker to be authenticated to exploit the server. “The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution,” the Windows mother company said. “As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server’s account through a network call.”
Other vulnerabilities were found in NET and Visual Studio Remote Code Execution, Remote Desktop Client Remote Code Execution, Windows Fax and Scan Service Elevation of Privilege. Also, Windows SMBv3 Client/Server, Microsoft Office, and Paint 3D, as well as privilege escalation flaws in Xbox Live Auth Manager, Microsoft Defender for IoT, and Azure Site Recovery, among several others.
Other companies also released their own update packages
The giant creator of Windows was not the only one to send an update package; the following companies also fixed various flaws and vulnerabilities:
- Juniper Networks
- Linux distributions Oracle Linux, Red Hat, and SUSE
- Mozilla Firefox and Firefox ESR
- Schneider Electric, and
For many users, an update package is tedious and a waste of time, but they are extremely important to keep everything up to date and, above all, to secure each user’s data and their systems. That way of thinking has become one of the biggest challenges for these companies and one that cybercriminals take advantage of. Keep in touch with our blog to read the latest news and innovations in the cybersecurity world.
Facebook: Eagle Tech Corp
LinkedIn: Eagle Tech
YouTube: Eagle Tech Corp