Patch set includes ‘critical’ privilege elevation error
Fixes include vulnerabilities in Windows, Microsoft Scripting Engine, SQL Server, ArrayNET Framework, ASP.NET Core, Office and Office Services and Web Apps, Microsoft Dynamics, and more.
Under attack:
– Jamie Brummell (@jamiebrummell) 12 August 2020
CVE-2020-1380: Script Engine Memory Corruption Vulnerability
This error in IE causes the attacker to execute its code in a target formula if an affected edition of IS presents a specially crafted website.
– Maddie Stone (@maddiestone) August 11, 2020
The error reported via Kaspersky, it is moderate to assume that there is malware involved.
– Ryan Newington ?? (@RyanLNewington) August 12, 2020
More to come.
h/t ZDI and Qualys.
© 2020 COMPUTER BUSINESS REVIEW. ALL RIGHTS ARE RESERVED.
Your favorite messages stored in your browser’s cookies. If you delete cookies, your favorite messages will also be deleted.