Microsoft Today has released updates to seal at least 120 internal security holes Windows Supported operating systems and software, including both newly discovered vulnerabilities that are being actively exploited. Well, the good people of the Windows world, it’s time to back up and patch again!
At least 17 of the bugs that were resolved in the August series of patches were rated “critical” by Microsoft, meaning they can be exploited by an attacker or malware to gain control from away from the affected system without user assistance. This is the sixth consecutive month that Microsoft has released fixes for more than 100 bugs in its products.
Of most concern among these appears to be CVE-2020-1380, which is a weakness in Internet Explorer can lead to system intrusion just by browsing by IE to a hacked or malicious website. The vulnerability is currently being exploited in aggressive attacks, Microsoft advises.
Another vulnerability that is actively exploited is CVE-2020-1464, which is a “fake” bug in a mostly supported version of Windows that allows attackers to bypass Windows security features and download files. incorrectly signed.
Trend Micro’s Zero Day Initiative points out another fix – CVE-2020-1472 – related to a serious problem in Windows server Instances could allow an unauthenticated attacker to have administrative access to Windows domain controllers and to run applications of their choice. A domain controller is a server that responds to security authentication requests in a Windows environment, and a compromised domain controller can give attackers the key to the realm within the corporate network.
“Rarely has the privilege lift bug rated Serious, but the bug deserves it,” said ZDI’S. Dustin Childs. “What’s worse is that there is no full fix.”
Perhaps the most “elite” vulnerability addressed this month has made a difference being named CVE-2020-1337 and mentions a security flaw in Windows Print Spooler A service can allow an attacker or malware to elevate their privileges on the system if they are logged on as a regular user (not an administrator).
Satnam narang in Can say note that CVE-2020-1337 is a patch for CVE-2020-1048, another Windows Print Spooler vulnerability that was fixed in May 2020. Narang said researchers noticed that the patch for CVE -2020-1048 is incomplete and presents their findings to CVE-2020-1337 at Black hat security conference earlier this month. More information on CVE-2020-1337, including demonstration video on evidence-of-concept mining, is available here.
Adobe Have graciously given us a month’s rest after patching Flash player flaws, but it has released important security updates for circus performers and PDF reader products. More information on these updates is available here.
Keep in mind that while Windows patches are always kept up to date, it’s important to make sure you do it only after you’ve backed up your important data and files. A reliable backup means you’re less likely to pluck your hair when the weird patch is causing your system boot issue.
So help yourself and back up your files before installing any patches. Windows 10 even has some built-in tools to help you do that, either on a file / folder basis or by making a complete copy and possibly booting your hard drive at the same time.
And as ever, if you’re having glitches or problems installing any of these patches this month, feel free to consider leaving a comment below; There is a better chance that other readers have experienced the same thing and can call up here with some helpful tips.
Tags: adobe acrobat, adobe reader, Black Hat, CVE-2020-1048, CVE-2020-1337, CVE-2020-1380, CVE-2020-1464, CVE-2020-1472, Dustin Childs, Internet Explorer zero-day, Microsoft Patch Tuesday, August 2020, Satnam Narang, Tenable, Micro Zero Trends Day Initiative
This entry was posted on Tuesday, August 11th, 2020 at 4:55 pm and was posted under Latest Alerts, Other, Time to patch. You can follow any comments about this item through the RSS 2.0 feed. You can skip to the end and leave a comment. Ping is not currently allowed.