Yesterday was the second Tuesday of the month which meant – you guessed it! – it was time for Microsoft to release its latest bundle of security patches.
On this occasion Microsoft fixed more than 100 security holes in a wide variety of its products, some of which could allow critical remote code execution attacks if left unpatched.
But the update which will probably grab the most attention is CVE-2020-17087, a zero-day vulnerability that has been exploited in active attacks against users of Windows 7 and Windows 10.
The vulnerability, which allows local privilege escalation and sandbox escape, was made public by Google’s Project Zero team at the end of last month.
That was just seven days after Microsoft was informed of the security hole, because security researchers said it was being exploited – in co-ordination with a Google Chrome flaw (itself patched on October 20th) – by cybercriminals in targeted attacks.
Personally I’m impressed to see Microsoft patch the vulnerability and push it out to its many millions of users so quickly just a few days after finding out about it.
If you are running Windows on a computer you are responsible for, and want to ensure your security patches are installed, select “Start”, and then go to Settings > Update & Security > Windows Update.