Microsoft patched over 2020 CVEs again in August 100 and repaired 120 CVEs, including 17 critical vulnerabilities. For the first time in three months, two vulnerabilities were reported that were exploited "in the wild".
CVE-2020-1380 is a remote code execution vulnerability in Microsoft's scripting engine. It is caused by the way Internet Explorer's memory handles objects. To exploit this vulnerability, an attacker would have to induce a victim to visit a website with exploit code or to open a malicious document that contains an embedded ActiveX control. This would give the attacker the ability to run any code as the current user. If the affected user has administrator rights, the attacker could even take a number of serious actions: create accounts with full rights, access or delete data, and install programs. Hackers have reportedly exploited the in-the-wild vulnerability as a zero-day vulnerability - likely as part of a targeted attack.
CVE-2020-1464 is a spoofing vulnerability in Windows that stems from a file signature validation issue. This vulnerability could allow an attacker to bypass file signature verification to load incorrectly signed files. Microsoft says this vulnerability was exploited "in the wild" and is public knowledge, but doesn't provide any further details. Because it affects all currently supported versions of Windows, organizations should apply these patches as soon as possible.
Other vulnerabilities and patches
The current release also contains a fix for CVE-2020-1337, a vulnerability that allows user rights to be extended in the Windows Print Spooler. An attacker could use it to execute any code, create new accounts with full rights, access or delete data and install programs. The Windows Print Spooler is already known in a similar context: ten years ago it was exploited as an attack vector by the infamous Stuxnet worm through another vulnerability. CVE-2020-1337 is a "patch bypass" for CVE-2020-1048, another vulnerability in the Windows Print Spooler that was patched in May 2020. Researchers determined that the patch for CVE-2020-1048 was incomplete and presented their results for CVE-2020-1337 at the Black Hat conference earlier this month. "
More on this at Tenable.com
About Tenable Tenable is a Cyber Exposure company. Over 24.000 companies worldwide trust Tenable to understand and reduce cyber risk. Nessus inventors have combined their vulnerability expertise in Tenable.io, delivering the industry's first platform that provides real-time visibility into and secures any asset on any computing platform. Tenable's customer base includes 53 percent of the Fortune 500, 29 percent of the Global 2000, and large government agencies.