Add to favorites
Established of patches includes an abnormal “critical” rated elevation of privilege bug
Microsoft has patched one hundred twenty CVEs for August, which include seventeen labelled significant and two under energetic assault in the wild. The launch brings its patches to 862 so significantly this yr — more than whole-yr 2019.
The patches plug vulnerabilities in Windows, Microsoft Scripting Engine, SQL Server, .Internet Framework, ASP.Internet Main, Office and Office Expert services and World wide web Apps, Microsoft Dynamics and more.
Underneath energetic assault:
CVE-2020-1464 – Windows Spoofing Vulnerability
This spoofing bug enables an attacker to load improperly signed files, bypassing signature verification.
With a new Windows file signature spoofing vuln (CVE-2020-1464) staying actively exploited in the wild – critique the detection principles you have in area that inform when (what purport to be) Windows system files behave abnormally. Several examples under applying @cortexbypanw & @sansforensics https://t.co/2PwaXnZQLO
— Jamie Brummell (@jamiebrummell) August twelve, 2020
Microsoft does not listing the place this is community or how a lot of individuals are afflicted by the assaults, but all supported versions of Windows are afflicted, so take a look at and deploy this one particular immediately.
CVE-2020-1380 – Scripting Engine Memory Corruption Vulnerability
This bug in IE lets attacker operate their code on a focus on system if an afflicted model of IE sights a specially crafted web page.
One particular vuln exploited in-the-wild in present day MSFT patch tuesday: CVE-2020-1380. Another IE vuln. Is it the JScript bug that nevertheless won’t die? Described by @oct0xor https://t.co/R4psm27sry
— Maddie Stone (@maddiestone) August 11, 2020
The bug was claimed by Kaspersky, it is sensible to suppose malware is concerned.
CVE-2020-1472 – NetLogon Elevation of Privilege Vulnerability
An abnormal elevation of privilege bug which is rated significant, this vulnerability is in the Netlogon Remote Protocol (MS-NRPC). An unauthenticated attacker would use MS-NRPC to connect to a Area Controller (DC) to attain administrative obtain. Worryingly, there is not a whole fix offered. As the ZDI notes: “This patch allows the DCs to defend gadgets, but a 2nd patch now slated for Q1 2021 enforces secure Remote Method Contact (RPC) with Netlogon to totally tackle this bug.”
This is a digest of my comprehending of #CVE-2020-1472 for the Microsoft Netlogon secure channel vulnerability and what you want to do to defend by yourself. Thread. ⬇️
— Ryan Newington [MVP] 🇦🇺 (@RyanLNewington) August twelve, 2020
Soon after implementing this patch, you will nevertheless want to make variations to your DC. Microsoft released guidelines to assistance administrators pick the correct options.
As Onebite notes, Microsoft also produced patches for 6 memory corruption vulnerabilities in Media Foundation (CVE-2020-1525, CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1492, CVE-2020-1554).
An attacker persuading a user to open a destructive file would get the exact same legal rights as that user. All Media Foundation installations really should be prioritised for patching.
Far more to stick to.
h/t ZDI and Qualys.