To paraphrase Yoda ...
"A total of 111 fixes [...] none are being actively exploited ..."
Now they've been announced, to paraphrase Yoda "they will be ... they will be". So grit your teeth and hope none of the fixes bork your systems.
The May edition of Patch Tuesday landed this week. And there are scores of security fixes to install. A total of 111 fixes were released by Microsoft, though on the bright side none are being actively exploited, as far as we know. Sixteen earned Microsoft's top rating of critical, and range from remote code execution to …
"One standout programming blunder was CVE-2020-1067, a remote-code execution (RCE) vulnerability in all supported versions of Windows."
This would suggest the vulnerability is in both 32-bit and 64-bit code and thus has been around sometime; I wonder which is the first version of Windows it occurs in - NT 3.51? - has anyone investigated?
Never open a file from someone you don't know until you've checked that they had a reason to send it to you.
Never open a file from someone who's mail domain is not from the domain they say they work for.
Never open a file without checking that the extension is legit (a .pdf.exe is a big no-no).
And never, ever open a file from an email that says some throw-away easy phrase like "Important information enclosed !". It's just another skiddie trying to get you to open malware.
111 sounds alot but that is in a number of different programes, most of which are quite complex, Adobe managed 36 in two relatively simple applications, but this programming inadquacy seems to have been glossed over by the reporter and should have more scorn aimed at it..
You're correct, that's not actually a lot. Now if you add up all of the bugs in Windows 10 that have been fixed. That's a lot. Its also separate from the 'a lot' of bugs fixed in Server 2012 R2, and separately in Server 2016 and separately in Server 2019.
I bet Microsoft will still be fixing bugs in Windows when the sun dies.
Biting the hand that feeds IT © 1998–2020