Microsoft has fixed 112 bugs across its range of products, including patching a Windows zero-day vulnerability that was exploited in the wild. The security updates, 24 for code execution (RCE) bugs, were part of Microsoft’s November 2020 Patch Tuesday.
Systems running the Windows 10 Anniversary Update were shielded from two exploits even before Microsoft had issued patches for them, its researchers have found. The zero-day bug was disclosed on October 30 by the Google Project Zero and TAG security teams.
A team of Google security researchers revealed a zero-day vulnerability in the Microsoft Windows operating system that is under active exploitation. The zero-day bug in the Windows kernel can be exploited to elevate an attacker’s code with additional permissions. The vulnerability impacts all Windows versions between Windows 7 and the most recent Windows 10.
Google discovered the zero-day around mid-October and gave Microsoft seven days to release a patch, reports ZDNet. Microsoft has also fixed 24 bugs that can allow remote code execution (RCE) attacks in apps such as Excel, Microsoft Sharepoint, Microsoft Exchange Server, the Windows Network File System, the Windows GDI+ component, the Windows printing spooler service, and even in Microsoft Teams.
