Somewhere an someone is saying, “We don’t need to patch…” Maybe it’s an executive. Maybe it’s an old IT guy who says, “We’ve always done it this way.” Where “this way” means applying patches a few times per year. Microsoft July 2020 Patch Tuesday: 123 vulnerabilities, 18 Critical!.
Today is Microsoft’s July 2020 Patch Tuesday, and if you see Windows administrators cursing for no reason, now you know why!
There are several reasons for all the cursing…
So, there’s a wormable vulnerability in Microsoft Server, remote code execution problems in both Edge and the VBScript engine, an Elevation of Privilege vulnerability, a few problems that could enhance Phishing attacks, and more.
And for the wormable vulnerability in Microsoft Server, known as SigRed, there is already example code available that makes use of the vulnerability. Does anyone remember WannaCry? This Is A Big Deal. SigRed: A 17-year-old ‘wormable’ vulnerability for hijacking Microsoft Windows Server.
Dubbed “SigRed,” the cybersecurity team says the vulnerability is of particular importance to the enterprise as it is wormable — or self-propagating — and as such, is able to jump across vulnerable machines without any user interaction, potentially compromising an entire organization’s network of PCs in the process.
Data Stealing. Ransomware. Once a bad-guy is inside a corporate network with “arbitrary code execution,” they can do anything they want.