On Tuesday, tech giant Microsoft issued a fresh batch of security updates to patch as many as 129 new security flaws impacting different versions of its Windows operating systems and relevant software.
Unlike the last few months, none of the security flaws the Microsoft fixed in September are registered as being widely recognized or under active attack at the time of release.
A memory corruption susceptibility (CVE-2020-16875) in Microsoft Exchange software is worth underscoring all the major vulnerabilities. The misuse of this fault could let a hacker run random code at the SYSTEM level by sending an especially made email to a susceptible Exchange Server.
“A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory,” Microsoft explains. “An attacker could then install programs; view, change, or delete data; or create new accounts.”
The tech giant also fixed two major remote code execution flaws in Windows Codecs Library. In addition, two remote code execution faults impact the on-premises execution of Microsoft Dynamics 365, but both require the hacker to be authentic.
Microsoft also fixed six serious remote code execution flaws in SharePoint and one in SharePoint Server. Other critical flaws the company patched this month reside in Windows, Windows Media Audio Decoder, Windows Text Service Module, Windows Camera Codec Pack, Visual Studio, Scripting Engine, Microsoft COM for Windows, Microsoft Browser, and Graphics Device Interface.