Microsoft Patch Tuesday, August 2020 Edition – Cancer on Security


Microsoft today released updates to plug in at least 120 security holes Windows operating systems and support software, including two newly discovered vulnerabilities that are being actively exploited. Yes, good people of the Windows world, it’s time to back up and patch!

At least 17 of the bugs in the August patch batch vulnerability were shaken as Microsoft ‘critical’, meaning they could be exploited by miscreants or malware to gain complete, remote control over a affected system with little or no help from users. This is the sixth month in a row Microsoft has sent fixes for more than 100 defects in its products.

The most relevant of these seems to be CVE-2020-1380, which is a weak point in Internet Explorer that can result in system compromise simply by browsing with IE to a hacked or malicious website. Microsoft’s advice says that this bug is currently being exploited in active attacks.

The other bug that enjoys active exploitation is CVE-2020-1464, which is a “spoofing” bug in the virtually supported version of Windows that could allow an attacker to bypass Windows security features and load incorrectly signed files.

The Zero Day initiative of Trend Micro points to another fix – CVE-2020-1472 – which involves a critical issue Windows Server versions that allow an unverified attacker to gain administrative access to a Windows domain controller and run an application of their choice. A domain controller is a server that responds to security requests for authentication in a Windows environment, and a compromised domain controller can give attackers the keys to the realm of a corporate network.

“It’s rare to see a critically-assessed increase in privilege breach, but this one deserves it,” ZDI’S said. Dustin Childs. “What’s less is that there is no complete fix available.”

Perhaps the most “elite” vulnerability addressed this month has earned the distinction of the name CVE-2020-1337, referring to a security hole in the Windows Print Spooler service that allows an attacker like malware to escalate their privileges if they were already logged in as a regular (non-administrator) user.

Satnam Narang by Tenable notes that CVE-2020-1337 is a patch bypass for CVE-2020-1048, another vulnerability in Windows Print Spooler that was patched in May 2020. Narang said researchers found that the patch for CVE-2020-1048 was incomplete and presented their findings for CVE-2020-1337 to the Black hat security conference earlier this month. More information on CVE-2020-1337, including a video demonstration of a proof-of-concept exploit, is available here.

Adobe has graciously given us another months’ respite from patching Flash Player flaws, but it has released critical security updates for them Acrobat en PDF reader the product. More information about these updates is available here.

Keep in mind that while staying up-to-date on Windows patches is a must, it’s important to make sure you update only after you have backed up important data and files. A reliable backup means you are less likely to pull your hair out if the odd buggy patch causes problems when booting the system.

Do yourself a favor and back up your files before installing patches. Windows 10 even has some built-in tools to help you do that, either by per file / folder or by making a full and bootable copy of your hard drive at once.

And as always, if you experience glitches or issues installing any of these patches this month, please consider leaving a comment below; There’s a better chance than other readers have experienced the same and can catch up here with some useful tips.

Tags: Adobe Acrobat, Adobe Reader, Black Hat, CVE-2020-1048, CVE-2020-1337, CVE-2020-1380, CVE-2020-1464, CVE-2020-1472, Dustin Childs, Internet Explorer nul-dei, Microsoft Patch Tuesday August 2020, Satnam Narang, Tenable, Trend Micro Zero Day Initiative

This entry was posted on Tuesday, August 11th, 2020 at 4:55 pm and is filed under final warnings, other, time to patch. You can follow any comments on this entry via the RSS 2.0 feed. You can skip to the end and leave a comment. Pinging is currently not allowed.