Welcome back to this week's security bulletin!
Do you know that Microsoft has released updates for 129 flaws contained by Microsoft operating system and related software? In these 129 flaws, 23 are listed as critical, 105 are important, and one is moderate in severity. The critical vulnerabilities include remote code execution bugs that allow the attacker to control the compromised server and execute malicious codes. These bugs allow information disclosure, the elevation of privilege, and cross-Site Scripting.
Out of these critical flaws, Memory corruption vulnerability in Microsoft Exchange software is critical as it allows attackers to execute remote code at the system level just by sending an email to a vulnerable Exchange server.
Vulnerabilities marked as important reside in Windows, Active Directory, Active Directory Federation Services (ADFS), Internet Explorer Browser Helper, Jet Database Engine, ASP.NET Core, Dynamics 365, Excel, Graphics Component, Office, Office SharePoint, SharePoint Server, SharePoint, Word, OneDrive for Windows, Scripting Engine, Visual Studio, Win32k, Windows Defender Application Control, Windows DNS, etc.
In order to keep your system protected, all Windows users are advised to install the latest security updates.
The SSL certificate's validity is now limited from 27 months (825 days) to 398 days, and browsers of Apple, Google, and Mozilla will reject website connectivity, which has certificate validity more than 13 months from the date of issue.
The certificates issued before this enforcement will not be affected, and Google will reject others with the error "ERR_CERT_VALIDITY_TOO_LONG."
You may wonder why to shorten the lifespan of certificates. Because it improves website security by limiting the validity of compromised certificates as it causes fishing or malware attacks. So next time you see a "validity too long" error, please re-issue the certificate so that you will get one as per the standards.