TechTronBlog.com

Technology, Innovation, Collaboration
Menu
  • Features
  • Gadget
  • Mobile
  • Uncategorized

Daily Tech Updates Sent to your Email

Join our Newsletter
Home
Features
Microsoft fixes Windows and Internet Explorer zero-day flaws in latest Patch Tuesday
Features

Microsoft fixes Windows and Internet Explorer zero-day flaws in latest Patch Tuesday

August 17, 2020

The latest series of Patch Tuesday security updates for Windows 10 includes patches for 17 bugs marked ‘Critical’ and 97 listed as ‘Important’.


Microsoft has issued fixes for 120 vulnerabilities – including two zero-day exploits – in its latest Patch Tuesday security update for Windows 10.


The latest series of updates covers 13 products and includes patches for 17 bugs flagged by Microsoft as ‘Critical’ and 97 listed as ‘Important’. Microsoft began rolling out the fixes yesterday, August 11, covering 
Windows 10 version 2004

all the way back to Windows 7 and Server 2008.

SEE: Zero trust security: A cheat sheet (free PDF) (Free PDF) (TechRepublic)

Amongst the main vulnerabilities to be have patched is the bug designated CVE-2020-1464, a spoofing vulnerability through which an attacker could bypass Windows 10’s security features and load improperly signed files on a user’s machine. This vulnerability has been publicly disclosed and detected in real-world attacks, though no other details have been provided by Microsoft.

The second zero-day exploit being remedied by Microsoft is CVE-2020-1380, a remote-code execution vulnerability in Internet Explorer’s scripting engine. This vulnerability was flagged to Microsoft by antivirus software provider Kaspersky, and allows attackers to execute malicious code in Internet Explorer through which an unauthorised user could then take control of other parts of the victim’s system.

According to Microsoft, an attacker who successfully exploited the vulnerability could gain the same user rights as the authorised user: if the current user is logged on with administrator rights, for instance, the attacker could take control of the system and install programs; view, change, or delete data; or create new accounts at will.

Kaspersky explained that the exploit was dangerous regardless of whether Internet Explorer was used as the primary web browser on a PC: some Microsoft applications, such as Office, often use Internet Explorer to display video and render web pages within documents via the ActiveX extension. An attacker could, therefore, exploit code into ActiveX and either launch it via a document or lure users to a malicious site.

SEE: Windows 10 Start menu hacks (TechRepublic Premium)

Another notable vulnerability resolved in August’s security update is CVE-2020-147. This exploit enabled an attacker to use the Netlogon Remote Protocol (MS-NRPC) to connect to a domain controller and obtain domain administrator access. Microsoft is addressing this vulnerability in a two-part update, starting with a modification to how Netlogon handles the use of secure channels.

Additional patches being rolled out by Microsoft cover its Edge browser, Office, SQL Server Management Studio, .Net Framework, alongside other components and development tools. Adobe has also pitched in with 26 fixes for vulnerabilities in its Acrobat and Reader applications.

All of the latest Patch Tuesday fixes are available via Windows Update. ZDNet has published an exhaustive list of everything that’s included, alongside a list of security updates released by other companies this week.







Cybersecurity Insider Newsletter


Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays




Sign up today





Share
Tweet
Email
Prev Article
Next Article

Related Articles

https://www.techrepublic.com/article/how-to-find-and-fix-vulnerable-default-credentials-on-your-network/#ftag=RSS56d97e7

How to find and fix vulnerable default credentials on your network

https://www.techrepublic.com/article/ai-enabled-future-crimes-ranked-deepfakes-spearphishing-and-more/#ftag=RSS56d97e7

AI-enabled future crimes ranked: Deepfakes, spearphishing, and more

About The Author

Leave a Reply

Cancel reply

Recent Posts

  • New tech and gadgets you absolutely can’t miss
  • Razer Pro Click ergonomic wireless mouse maximizes your productivity
  • Lume Cube Panel Mini Bicolor LED Light provides on-the-go lighting for photographers
  • LINKA LEO GPS Smart Bike Lock can track your bicycle’s movements in more than 100 countries
  • Razer Pro Glide soft mouse mat cushions your hand during use

Recent Comments

    Archives

    • August 2020

    Categories

    • Features
    • Gadget
    • Mobile
    • Uncategorized

    Meta

    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org

    TechTronBlog.com

    Technology, Innovation, Collaboration
    Copyright © 2021 TechTronBlog.com
    Theme by MyThemeShop.com

    Ad Blocker Detected

    Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by disabling your ad blocker.

    Refresh