The pandemic has sparked a boom in telecommuting. However, this new way of working, which is much more flexible, allows companies to continue with their activity, but it can also represent an opportunity for cybercrime. Almost weekly we tell you about a new case in which millions of devices are affected by new viruses.
Again from the National Institute of Cybersecurity they report that Microsoft has published a newsletter every month in which it details all the vulnerabilities found in its software products. In this month of November, they warn of up to 104 new vulnerabilities, of which 16 are critical and affect several families of the manufacturer’s products, some of which are widely used in the business environment.
The importance of keeping updates up to date
In most cases, the affected software will be updated automatically by default, but in the event that such update is not carried out automatically, Microsoft makes available to users a web portal with all the related information, as well as the patches of the affected products for download and that can be consulted here: Microsoft Security Updates Guide. November 2020.
It is recommended to update the affected software to the latest version as soon as possible and activate automatic updates in case they are not being applied by default.
Critical vulnerabilities in browsers
Some of the main critical vulnerabilities could allow a cybercriminal to escalate privileges and cause memory failures in Internet Explorer 11 and Edge (HTML-based), as well as execute malicious code remotely in the file system in Windows 10 network. Vulnerabilities can also cause denial of service, information disclosure, circumvention of security measures, spoofing and tampering.
Also in other Microsoft products
There are also other affected Microsoft products whose assessment is not critical, but which also require attention as they are particularly sensitive to being used by cybercriminals. These would be:
- Microsoft Edge (Chromium-based),
- Microsoft Exchange Server,
- Microsoft Dynamics,
- Microsoft Windows Codecs Library,
- Azure Sphere,
- Windows Defender,
- Microsoft Teams.
At the moment, Microsoft has not disclosed any details of the critical vulnerabilities to prevent their use by cybercriminals.