This one allows attackers to execute code on the victim's server by connecting a malicious Dynamics Business Central client. The first and incoming update, now code-named Windows 10 20H1 (also known as Windows 10 Version 2004) is nearly finished.
Windows 10 has been allowing the installation of custom drivers for quite some time, but that privilege might be coming to an end.
Elsewhere, the Redmond-based company also issued fixes for remote code execution vulnerabilities tied to Internet Explorer (CVE-2020-0833, CVE-2020-0824), Chakra scripting engine (CVE-2020-0811), and Edge browser (CVE-2020-0816).
Out of the 13 Office security updates released by Microsoft today, 12 of them patch RCE vulnerabilities (details in CVE-2020-0850, CVE-2020-0852, and CVE-2020-0892,) within Word 2010, SharePoint Server 2010, SharePoint Foundation 2010, SharePoint Server 2010 Office Web Apps, Word 2013, SharePoint Enterprise Server 2013, SharePoint Foundation 2013, Word 2016, SharePoint Enterprise Server 2016, SharePoint Server 2019 Language Pack, and Office Online Server.
NBA Suspends Season After Player Tests Positive for Coronavirus
And now, a pandemic - which could also cost the league hundreds of millions in lost revenue , depending on how long it lasts. According to the World Health Organization , most people who catch the COVID-19 illness caused by the coronavirus recover.
While Cisco Talos and Fortinet have updated their advisories to remove references to the vulnerability, enough people saw the descriptions. Attackers who exploit the issue successfully "gain the ability to execute code on the target SMB Server or SMB Client" according to Microsoft's disclosure.
Cisco Talos said in its now-removed description that a "wormable" attack would be able to exploit the vulnerability to "move from victim to victim".
Also, while some users anxious that the new file manager would only be able to browse OneDrive files, a Twitter user has seemingly put those fears to bed by playing around with the emulator and accessing his C drive through the new app. Despite Microsoft upgrading Windows 10 times through time, the volume controllers of the system have remained unchanged. While there is no workaround available, the update was optional.
"TCP port 445 is used to initiate a connection with the affected component". However, this would not help if the attackers are already in the network.
Doing so affords only partial protection, as attacks from within enterprise network perimeters could still succed, Microsoft warned.