Microsoft releases a cyber security update to fix 59 vulnerabilities in its products, out of them 9 were “Critical”

Microsoft fixed 59 vulnerabilities that affected various products with a security update. Out of them, nine were“Critical” and mainly affected the MS office. The rest were cathegorized “Important”  and “Moderate”. According to the cyber security experts, In the first category there are 20 flaws that could allow attackers to perform elevation of privileges on vulnerable products. In general, the last patch covers Windows, Internet Explorer, Edge (EdgeHTML-based), ChakraCore, Office and Office Services and Web Apps, SQL Server Management Studio, Open Source Software, Dynamics 365, and Update Assistant. Moreover, unlike previous patches, in last there is no zero-day vulnerability fixed, and no active exploit have seen in the wide. However, the company recommended installing these security updates for all the windows users to avoid the security risk and protect their systems.

The Company counters in particular the Remote Code Execution (RCE)

According to the cyber security experts, the Microsoft products critical vulnerabilities included a remote Desktop Client Remote Code Execution Vulnerability, that affected hundreds of millions of Windows computers. Furthermore, 4 critical memory corruption remote code execution flaws have been patched in the Chakra Scripting Engine, a JavaScript engine developed by Microsoft for its Microsoft Edge web browser. Another 2 Critical remote code execution vulnerabilities fixed affected Excel. They allowed an attacker to execute the arbitrary code in the context of the current user to perform a denial of service. Finally, has been solved another remote code execution vulnerability that affected Azure App service. It let an attacker exploit the vulnerability, and execute code in the context of NT AUTHORITY\system, thereby escaping the Sandbox an unprivileged function.