Latest News Latest News

Google Researcher Reported 3 Flaws in Apache Web Server Software

If your web-server runs on Apache, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over it.

Read More...

Two Critical Flaws in Zoom Could've Let Attackers Hack Systems via Chat

If you're using Zoom—especially during this challenging time to cope with your schooling, business, or social engagement—make sure you are running the latest version of the widely popular video conferencing software on your Windows, macOS, or Linux computers.

Read More...

New Android Malware Steals Banking Passwords, Private Data and Keystrokes

NA new type of mobile banking malware has been discovered abusing Android's accessibility features to exfiltrate sensitive data from financial applications, read user SMS messages, and hijack SMS-based two-factor authentication codes.

Read More...

Microsoft Issues Patches for 4 Bugs Exploited as Zero-Day in the Wild

It's April 2020 Patch Tuesday, and during these challenging times of coronavirus pandemic, this month's patch management process would not go easy for many organizations where most of the resources are working remotely.

Read More...

New Zoom Hack Lets Hackers Compromise Windows and Its Login Password

Zoom has been there for nine years, but the immediate requirement of an easy-to-use video conferencing app during the coronavirus pandemic overnight made it one of the most favorite communication tool for millions of people around the globe.

Read More...

Warning — Two Unpatched Critical 0-Day RCE Flaws Affect All Windows Versions

Microsoft today issued a new security advisory warning billions of Windows users of two new critical, unpatched zero-day vulnerabilities that could let hackers remotely take complete control over targeted computers.

Read More...

New Android Cookie-Stealing Malware Found Hijacking Facebook Accounts

A new simple but dangerous strain of Android malware has been found in the wild that steals users' authentication cookies from the web browsing and other apps, including Chrome and Facebook, installed on the compromised devices.

Read More...

Warning — Unpatched Critical 'Wormable' Windows SMBv3 Flaw Disclosed

Shortly after releasing its monthly batch of security updates, Microsoft late yesterday separately issued an advisory warning billions of its Windows users of a new critical, unpatched, and wormable vulnerability affecting Server Message Block 3.0 (SMBv3) network communication protocol.

Read More...

Microsoft Issues March 2020 Updates to Patch 115 Security Flaws

Microsoft today released security updates to fix a total of 115 new security vulnerabilities in various versions of its Windows operating system and related software—making March 2020 edition the biggest ever Patch Tuesday in the company's history.

Read More...

Critical PPP Daemon Flaw Opens Most Linux Systems to Remote Hackers

The US-CERT today issued advisory warning users of a new dangerous 17-year-old remote code execution vulnerability affecting the PPP daemon (pppd) software that comes installed on almost all Linux based operating systems, as well as powers the firmware of many other networking devices.

Read More...

Most Viewed News Most Viewed News

Back

Microsoft Issues March 2020 Updates to Patch 115 Security Flaws

Microsoft today released security updates to fix a total of 115 new security vulnerabilities in various versions of its Windows operating system and related software—making March 2020 edition the biggest ever Patch Tuesday in the company's history.

Of the 115 bugs spanning its various products — Microsoft Windows, Edge browser, Internet Explorer, Exchange Server, Office, Azure, Windows Defender, and Visual Studio — that received new patches, 26 have been rated as critical, 88 received a severity of important, and one is moderate in severity.

However, unlike last month, none of the vulnerabilities the tech giant patched this month are listed as being publicly known or under active attack at the time of release.

It's worth highlighting that the patch addresses critical flaws that could be potentially exploited by bad actors to execute malicious code by specially crafted LNK files and word documents.

Titled "LNK Remote Code Execution Vulnerability" (CVE-2020-0684), the flaw allows an attacker to create malicious LNK shortcut files that can perform code execution.
"The attacker could present to the user a removable 
drive, or remote share, that contains a malicious .LNK file and an associated malicious binary," Microsoft detailed in its advisory. "When the user opens this drive(or remote share) in Windows Explorer or any other application that parses the .LNK file, the malicious binary will execute code of the attacker's choice on the target system."

The other bug, Microsoft Word Remote Code Execution Vulnerability (CVE-2020-0852), allows the malware to execute code on a system by merely viewing a specially crafted Word file in the Preview Pane with the same permissions as the currently logged-on user. Microsoft has warned that Microsoft Outlook Preview Pane is also an attack vector for this vulnerability.

Elsewhere, the Redmond-based company also issued fixes for remote code execution vulnerabilities tied to Internet Explorer (CVE-2020-0833, CVE-2020-0824), Chakra scripting engine (CVE-2020-0811), and Edge browser (CVE-2020-0816).

One other bug worthy of note is CVE-2020-0765 impacting Remote Desktop Connection Manager (RDCMan), for which there is no fix. "Microsoft is not planning on fixing this vulnerability in RDCMan and has deprecated the application. Microsoft recommends using supported Remote Desktop clients and exercising caution when opening RDCMan configuration files (.rdg)," the disclosure reads.

It's recommended that users and system administrators test and apply the latest security patches as soon as possible to prevent malware or miscreants from exploiting them to gain complete, remote control over vulnerable computers without any intervention.

For installing the latest security updates, Windows users can head to Start > Settings > Update & Security > Windows Update, or by selecting Check for Windows updates.


Contact Us Contact Us

Free Call[OH]: 933

Phone Number: +251-900-89-64-48,

                            +251-944-33-68-02

E-mail: ethiocert@insa.gov.et

P.O.Box: 124498

Download PGP Keys


Report an Incident

Values Values

  • Trustworthiness
  • Innovation
  • Scientific
  • Democracy
  • Synergy
  • Saving