Patch Tuesday (August 2020): Microsoft patches 120 vulnerabilities. Two zero-days have been discovered
Beware the Windows Spoofing and Remote Code Execution Vulnerabilities. Make sure you apply your patches!
Microsoft’s August 2020 Patch Tuesday security updates are now out. This month, the company has released patches for 120 vulnerabilities. Among them, there are two zero-days, which means that malicious hackers have been exploiting two out of these vulnerabilities in the wild before Microsoft issued the patches. It is the sixth month in a row when the vendor has provided security updates for its software for more than 100 bugs. HeimdalTM Security advises you to update your systems as soon as you can, especially in the context of two zero-day vulnerabilities being leveraged right now. Below I will go through all the details you must know about in relation to the August 2020 Patch Tuesday.
Zero-day #1 – CVE-2020-1464 – Windows Spoofing Vulnerability
The first zero-day is related to the Windows OS. The vulnerability has been titled CVE-2020-1464 and refers to the way improper way Windows validates file signatures. According to Microsoft, the spoofing vulnerability appears as Windows does not validate files correctly, thus allowing attackers “to bypass security features and load improperly signed files”. In an attack case, an intruder may circumvent protection mechanisms designed to avoid incorrectly signed files from being loaded. Basically, attackers could spoof companies when digitally signing an executable. Specific information regarding the vulnerability and the real-world attacks has not been made public by Microsoft. The vendor uses this strategy to deter cyberattackers from taking advantage of it, hence trying to prevent such vulnerabilities from being exploited.
Zero-day #2 – CVE-2020-1380 – Scripting Engine Memory Corruption Vulnerability
This is a remote code execution vulnerability (dubbed CVE-2020-138) that “exists in the way that the scripting engine handles objects in memory in Internet Explorer.” The bug could corrupt memory in such a way as to enable an intruder to execute arbitrary code in the context of the current user, allowing the attacker to gain the same rights as him/her. Users logged in with admin rights would be the ones most affected, as attackers could easily take complete control over the targeted system and “install programs; view, change, or delete data; or create new accounts with full user rights.” On a side note, besides updating your systems, one way to avoid the misusage of administrative rights is to manage them using an advanced Privileged Access Management solution like Heimdal™ Privileged Access Management.
Heimdal® Privileged Access Management
- Automate the elevation of admin rights on request;
- Approve or reject escalations with one click;
- Provide a full audit trail into user behavior;
- Automatically de-escalate on infection;
The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. Intruders may host a specially built website intended to manipulate the weakness via Internet Explorer and then lure users into accessing this webpage. Within a program or a Microsoft Office document that hosts the IE rendering engine, an intruder may also inject an ActiveX control labeled as “secure for initialization”. Microsoft stated they got a warning from Kaspersky that malicious hackers discovered a remote code execution flaw in the IE scripting engine, with evidence that it has been exploited in the real-world.
Other fixed vulnerabilities
Other vulnerabilities have been patched in Microsoft Edge, Outlook, the .NET Framework, Windows Media, Media Foundation, the Windows Codecs Library, the MSHTML Engine, and the Scripting Engine. The Outlook updates should also be kept in mind since they patch two bugs (CVE-2020-1483, a remote code execution vulnerability, and CVE-2020-1493, an Information Disclosure Vulnerability) that could be caused by the Preview Pane. Microsoft has also fixed CVE-2020-1337, a Windows Print Spooler Elevation of Privilege Vulnerability that affects all versions of Windows from Windows 7 to Windows 10.
How to easily stay on top of your patching
Our Heimdal™ Threat Prevention and Heimdal™ Patch & Asset Management customers enjoy an automated patching process, which means that they can enable automatic patches and schedule them according to their own needs. Get in touch with us for a free demo and learn how automated patch management will simplify your cybersecurity and your sysadmins’ lives.
Heimdal® Threat Prevention - Endpoint
- Machine learning powered scans for all incoming online traffic;
- Stops data breaches before sensitive info can be exposed to the outside;
- Advanced DNS, HTTP and HTTPS filtering for all your endpoints;
- Protection against data leakage, APTs, ransomware and exploits;