This month, the company fixed 120 vulnerabilities in 13 different products, from Edge, Windows, to SQL Server and the .NET Framework.
Among the 120 vulnerabilities fixed this month, 17 bugs were identified as "Critical" but there are also two zero day vulnerabilities exploited by hackers before the release of Microsoft today's updates.
1st zero day
The first zero day fixed this month is a bug in the Windows operating system. It has been recorded as CVE-2020-1464, and the Microsoft states if an attacker can exploit it they can incorrectly validate file signatures.
Intruders can use this error to "bypass security features and upload unsigned files."
As with all its security advisories Microsoft, the technical details of the error have not been made public for obvious reasons.
2st zero day
As for the second zero day, it has been recorded as CVE-2020-1380 and exists in the Internet Explorer scripting engine.
OR Microsoft said it had received a report from Kaspersky that hackers had discovered a remote code execution error (RCE) on the IE script machine and that they were using it in real-world attacks.
While the error is in the IE scripting engine, and that other native applications are affected Microsoft, such as the Office Suite.
This is because Office applications use the IE scripting engine to integrate and render web pages within Office documents, a feature that the scripting engine plays an important role in.
This means that the error can be exploited by attracting users to malicious websites or by sending them trapped Office files.
Below is some useful information about today Microsoft Patch Tuesday, but also security updates released by other companies this month that sysadmins may need to deal with in addition to its batch Microsoft.