Leave a Comment / Microsoft, Windows / By

The most recent series of updates covers thirteen products and includes patches for 17 bugs reported through Microsoft as “critical” and 97 indexed as “important”. Microsoft began rolling out the patches yesterday, August 11, covering the edition of Windows 10 2004 through Windows 7 and Server 2008.

SEE: Zero Trust Security: A Cheat Sheet (Free PDF) (Free PDF) (TechRepublic)

Among the main vulnerabilities to fix is the error designated CVE-2020-1464, an identity theft vulnerability through which an attacker can simply pass the security functions of Windows 10 and upload badly signed files on a user’s machine. This vulnerability has been publicly revealed and detected in real-world attacks, no additional important points have been provided through Microsoft.

The time the zero-day exploit was fixed through Microsoft is CVE-2020-1380, a remote code execution vulnerability in the Internet Explorer script engine. This vulnerability was reported to Microsoft via antivirus software vendor Kaspersky and allows attackers to execute malicious code in Internet Explorer through which an unauthorized user can take other parts of the victim’s system.

According to Microsoft, an attacker who manages to exploit the vulnerability may simply download the same user rights as the legal user: if the existing user is logged in with administrator rights, for example, the attacker can simply take the formula and install programs; View, edit, or delete knowledge or create new accounts at will.

Kaspersky explained that the feat was harmful regardless of whether or not Internet Explorer was used as the main Internet browser on a PC: some Microsoft applications, such as Office, use Internet Explorer to watch videos and render Internet pages in documents through the ActiveX extension. An attacker can therefore exploit the code in ActiveX and publish it through a document or lure users to a malicious site.

SEE: Windows 10 Start Menu Tricks (TechRepublic Premium)

Additional patches deployed through Microsoft canopy, its Edge browser, Office, SQL Server Management Studio, ArrayNet Framework, as well as other parts and progression tools. Adobe has also introduced 26 vulnerability patches in its Acrobat and Reader applications.

All the latest Patch Tuesday patches will be obtained through Windows Update. ZDNet has released an exhaustive list of all included, as well as a list of security updates released through other corporations this week.

Owen Hughes is a London-based journalist for ZDNet and TechRepublic.

Leave a Comment

Your email address will not be published. Required fields are marked *