SoylentNews

fliptop [soylentnews.org] writes:

One moderate vulnerability that's already exploited [forbes.com] impacts the Windows SmartScreen Security Feature [zdnet.com]:

Microsoft on Tuesday disclosed 56 vulnerabilities [microsoft.com], including six critical ones and one moderate vulnerability that has been exploited.

The patches released address common vulnerabilities and exposures (CVEs) in: Microsoft Windows and Windows Components; Azure; Office and Office Components; SysInternals; Microsoft Edge (Chromium-based); SharePoint Server; and the .NET framework.

The one exploited CVE [microsoft.com] disclosed on Patch Tuesday impacts the Windows SmartScreen Security Feature. To exploit it, an attacker could craft a malicious file that would evade Mark of the Web (MOTW) defenses.

[...] The six critical CVEs disclosed on Tuesday were all Remote Code Execution (RCE) vulnerabilities. They impact: Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises), Microsoft SharePoint Server, PowerShell, and Windows Secure Socket Tunneling Protocol (SSTP).

Original Submission