Maximilian Leire
Maximilian Leire Max started working for Ordina in 2019 as a security consultant, his preferred domains are red teaming and vulnerability management. He is the co-developer of this blog.

Microsoft Security Update July 2020

Microsoft Security Update July 2020

Every second Tuesday of the month, Microsoft releases a security update for all their software products. The update released on 14 July 2020 affects Windows, Microsoft’s web browsers and office applications as well as the .NET framework, SharePoint, Azure, Visual Studio and Hyper-V.

The security patches fix 123 known vulnerabilities. Of these vulnerabilities, 18 allow for Remote code execution. This would enable attackers to run their own, likely very malicious code on computers in a remote network.

The most dangerous vulnerability found this month was codenamed SIGRed. By abusing this security flaw, an attacker could gain domain administrator rights. These rights are the highest one can obtain in a Microsoft environment, and give the user a status of “God’ within the domain. This means it is possible to steal data and/or alter/destroy the complete IT infrastructure of an organization including installing and detonating ransomware. Due to the severity of this flaw, this vulnerability got the maximum CVSS (this is a system that ranks vulnerabilities on their potential to inflict damage, ranging from 1-10) score of 10.0. It is highly recommended to apply this patch as soon as possible.

Until July 2020, 742 vulnerabilities have been disclosed by Microsoft in 2020. We are well on our way to pass the total of 851 in 2019 and have already passed the total of 2017 and 2018 in only 7 months. This shows that digital security becomes increasingly important every year and staying current with security vulnerabilities/patches is crucial.

If you need any assistance or have any questions regarding digital security of your company, don’t hesitate to contact us.

Sources: