Microsoft August 2020 Patch Tuesday fixes 120 vulnerabilities, two zero-days

By -

 Microsoft says attackers have used a Windows zero-day to spoof file signatures and another RCE in the Internet Explorer scripting engine to execute code on users' devices.

Microsoft has started rolling out today the August 2020 Patch Tuesday security updates.


This month, the company has patched 120 vulnerabilities across 13 different products, from Edge to Windows, and from SQL Server to the .NET Framework.

Among the 120 vulnerabilities fixed this month, 17 bugs have received the highest severity rating of "Critical," and there are also two zero-days — vulnerabilities that have been exploited by hackers before Microsoft was able to provide today's patches.

Zero-day #1

The first of the two zero-days patched this month is a bug in the Windows operating system. Tracked as CVE-2020-1464, Microsoft says that an attacker can exploit this bug and have Windows incorrectly validate file signatures.

The OS maker says attackers can (ab)use this bug to "bypass security features and load improperly signed files."

As with all Microsoft security advisories, technical details about the bug and the real-world attacks have not been made public. Microsoft security team uses this approach to prevent other hackers from inferring how and where the vulnerability wors/resides, and prolong the time it takes for other exploits to appear in the wild.

Zero-day #2

As for the second zero-day, this one is tracked as CVE-2020-1380, and resides in the scripting engine that ships with Internet Explorer.

Microsoft said it received a report from antivirus maker Kaspersky that hackers had found a remote code execution (RCE) bug in the IE scripting engine and where abusing it in real-world attacks.

While the bug resides in the IE scripting engine, other native Microsoft apps are also impacted, such as the company's Office suite.

This is because Office apps use the IE scripting engine to embed and render web pages inside Office documents, a feature where the scripting engine plays a major role.

This means the bug can be exploited by luring users on malicious sites, or by sending them booby-trapped Office files.

Below is some useful information about today's Microsoft Patch Tuesday, but also the security updates released by other companies this month, which sysadmins might also need to address as well, besides Microsoft's batch.

  • Microsoft's official Security Update Guide portal lists all security updates in a filterable table.
  • Microsoft has published this file listing all this month's security advisories on one single page.
  • Adobe's security updates are detailed here.
  • SAP security updates are available here.
  • VMWare security updates are available here.
  • Citrix has also released some patches today.
  • Oracle's quarterly patches (for Q2 2020, July edition) are available here.
  • Chrome 84 security updates are detailed here.
  • The Android Security Bulletin for August 2020 is detailed here. Patches started rolling out to users' phones last week.

Comments

Post a Comment

Popular Posts

Hacker steals data of millions of Bulgarians, emails it to local media

By -
Image
  Source of the data breach appears to be the country's National Revenue Agency A mysterious hacker has stolen the personal details of millions of Bulgarians and has emailed download links to the stolen data to local news publications. The data's origin is believed to be the country's National Revenue Agency (NRA), a department of the Bulgarian Ministry of Finance. In a  message posted on its website  on Monday, the NRA said it was working with the Ministry of the Interior and the State Agency for National Security (SANS) to investigate the hack. "We are currently verifying whether the data is real," said the NRA. Hours after this article's publication, the Bulgarian Ministry of the Interior  confirmed the hack . HACKER STOLE 110 DATABASES, LEAKED 57 According to reports from local media [ 1 ,  2 ,  3 ,  4 ,  5 ], who received part of the data, the hacker said they stole the personal details of over five million Bulgarians, of the country's total populatio
Read more

​Linux totally dominates supercomputers

By -
Image
It finally happened. Today, all 500 of the world's top 500 supercomputers are running Linux. Linux rules supercomputing. This day has been coming since 1998, when Linux first appeared on the TOP500 Supercomputer list . Today it finally happened:  All 500 of the world's fastest supercomputers are running Linux . The last two non-Linux systems, a pair of Chinese IBM POWER computers running AIX, dropped off the  November 2017 TOP500 Supercomputer list . Overall, China now leads the supercomputing race with 202 computers to the US' 144. China also leads the US in aggregate performance. China's supercomputers represent 35.4 percent of the Top500's flops, while the US trails with 29.6 percent. With an anti-science regime in charge of the government, America will only continue to see its technological lead decline. When the  first Top500 supercomputer list was compiled in June 1993 , Linux was barely more than a toy. It hadn't even adopted Tux as its masc
Read more

Microsoft tries to stem its self-made collaboration-tool confusion

By -
Image
Microsoft is using this week's Ignite conference to try to help clarify its collaboration-tool strategy. Here's how SharePoint, Teams and Yammer figure in the mix. Choice is good. But too much choice, especially when it comes to collaboration tools, has been a problem for Microsoft. This isn't news to customers, partners or Microsoft execs themselves. But at the company's Ignite IT Pro conference in Orlando this week, Microsoft execs took a step to try to clarify the company's strategy and messaging in this area. Microsoft Office 365 Marketing chief Ron Markezich kicked off the conference this week with a slide entitled "Microsoft 365 Teamwork: Where to Start a Conversation." That slide attempts to do what  Microsoft initially attempted with a 60-plus-page whitepaper : Clarify which collaboration tools customers should use when. The slide, which features SharePoint -- and its files, sites and content storage at the center -- is broken down into t
Read more