Microsoft Updates released today to fix at least 120 vulnerabilities in its Windows Operating systems and supported software, including two newly discovered vulnerabilities that are actively being exploited. Yes, good people from the Windows world, it’s time to back up and patch again!
At least 17 of the bugs that were fixed in the patch batch in August fix security holes that Microsoft classifies as “critical”. This means that they can be exploited by malefactors or malware to gain complete remote control of an affected system with little or no help from users. This is the sixth consecutive month that Microsoft has made fixes for more than 1
The most worrying appears to be CVE-2020-1380, which is a vulnerability in Internet Explorer This can lead to system compromises if you use Internet Explorer to navigate to a hacked or malicious website. Microsoft recommends that this flaw is currently exploited in active attacks.
The other bug that is actively exploited is CVE-2020-1464, a “spoofing” bug in a virtually supported version of Windows that allows an attacker to bypass Windows security features and load incorrectly signed files.
Trend Micro’s Zero Day Initiative refers to another fix – CVE-2020-1472 – that addresses a critical issue in Windows Server Versions that allow an unauthenticated attacker to gain administrative access to a Windows domain controller and run an application of their choice. A domain controller is a server that responds to security authentication requests in a Windows environment. A compromised domain controller could give attackers the keys to the kingdom within a corporate network.
“It is rare for a privilege escalation bug to occur, but it deserves it,” said ZDI’S Dustin Childs. “What’s worse is that there is no complete solution.”
Perhaps the most “elitist” vulnerability fixed this month was named CVE-2020-1337 and refers to a vulnerability in the Windows Print Spooler Service with which an attacker or malware can extend their permissions on a system if they are already logged on as a regular user (without an administrator).
Satnam Narang at the Durable notes that CVE-2020-1337 is a patch bypass for CVE-2020-1048, another Windows Print Spooler vulnerability that was patched in May 2020. Narang said the researchers determined that the patch for CVE-2020-1048 was incomplete and presented their results for CVE-2020-1337 on Black hat Security conference earlier this month. More information about CVE-2020-1337, including a video demonstration of a proof-of-concept exploit, is available here.
Adobe kindly gave us another month off patching Flash player Flaws, but it has released critical security updates for its acrobat and PDF reader Products. You can find more information about these updates here.
Note that while staying up to date with Windows patches is a must, it is important to make sure that you only update after you have backed up your important data and files. Having a reliable backup means you’re less likely to pull your hair out of your head if the strange buggy patch causes problems booting the system.
Do yourself a favor and back up your files before installing any patches. Windows 10 even has some built-in tools to help you do this, either per file / folder or by making a full and bootable copy of your hard drive at once.
And as always, if you have any issues or issues installing any of these patches this month, please leave a comment below. There’s an above-average chance that other readers have experienced the same thing and interfere here with some helpful tips.
Tags: Adobe Acrobat, Adobe Reader, Black Hat, CVE-2020-1048, CVE-2020-1337, CVE-2020-1380, CVE-2020-1464, CVE-2020-1472, Dustin Childs, Internet Explorer Zero-Day, Microsoft Patch Tuesday, August 2020, Satnam Narang, Tenable, Trend Micro Zero Day Initiative
This entry was posted on Tuesday, August 11th, 2020 at 4:55 pm and is filed under Latest Warnings, Other, Patch Time. You can follow any comments on this entry through the RSS 2.0 feed. You can jump to the end and leave a comment. Ping is currently not allowed.