Microsoft fixed 120 bugs in an update for Windows 10 released last Tuesday (11). Among the fixes, two were known as zero-day vulnerabilities, being flaws existing since the release of the operating system.
Published on the official list, the fixes were applied to 13 software, such as Windows, Microsoft Edge, Microsoft Office and Internet Explorer. The update does not add new features to the system, restricting itself to adjust the known flaws.
Of the 120 vulnerabilities fixed, 17 were categorized as severe in Microsoft’s Common Vulnerability Scoring System (CVSS) ranking.
One of the zero-day loopholes was found in part of the old Internet Explorer 11.Source: Baixaki/Reproduction
One of the zero-day occurrences within Windows could be used to “surpass security features and load files with improperly signed signatures”. Thus, the fix resolves the error in reading software signatures to prevent these files from loading and putting your computer at risk.
The second loophole of its kind was found by security professionals at Kaspersky and reworked the old browser’s scripting engine. Characterized as critical, the vulnerability “could corrupt memory so that the attacker could execute malicious code on the user’s machine,” according to the complaint. This error could be especially dangerous if the hacker were looking for access through administrator privileges, as once secured, he could install software, create, delete and edit documents, or create users with broader powers on the machine.
Due to the seriousness of the issues resolved, the company asks all users to install the update as soon as possible. More information about the 120 fixes can be found on Microsoft’s official website.