Microsoft Patch Tuesday fixes six critical vulnerabilities

Microsoft logo with hand holding tiny lock

Alberto Garcia Guillen/Shutterstock

Microsoft on Tuesday disclosed 56 vulnerabilities, including six critical ones and one moderate vulnerability that has been exploited. 

The patches released address common vulnerabilities and exposures (CVEs) in: Microsoft Windows and Windows Components; Azure; Office and Office Components; SysInternals; Microsoft Edge (Chromium-based); SharePoint Server; and the .NET framework.

Windows 11

The one exploited CVE disclosed on Patch Tuesday impacts the Windows SmartScreen Security Feature. To exploit it, an attacker could craft a malicious file that would evade Mark of the Web (MOTW) defenses.

When you download a file from the internet, Windows adds the zone identifier, or MOTW, to the file. 

That MOTW prompts Windows SmartScreen to conduct a reputation check. 

However, this exploit results in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.

Also: Is Microsoft really going to cut off security updates for your ‘unsupported’ Windows 11 PC?

To exploit the vulnerability, the attacker would have to convince a user to visit a malicious website or click on a malicious attachment. 

The six critical CVEs disclosed on Tuesday were all Remote Code Execution (RCE) vulnerabilities. They impact: Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises), Microsoft SharePoint Server, PowerShell, and Windows Secure Socket Tunneling Protocol (SSTP).

READ MORE HERE