Microsoft began rolling out security updates for Patch Tuesday in August 2020 today.
This month, the 120 constant corporate vulnerabilities in thirteen other products, from Edge to Windows and from SQL Server to the ArrayNET Framework.
Of this month’s 120 constant vulnerabilities, 17 insects scored the highest severity score of “Critical,” and there are also two zero-days: vulnerabilities that were exploited by hackers before Microsoft could provide today’s fixes.
The first of the two 0 days of this month is an error in the Windows operating system. With a trace like CVE-2020-1464, Microsoft claims that an attacker can take advantage of this error and cause Windows to incorrectly validate log signatures.
The manufacturer of operational formulas states that attackers can (ab) use this error to “avoid security and upload badly signed files”.
As with all Microsoft security warnings, the main technical points of error and real-world attacks have not been made public. The Microsoft security team uses this technique to prevent other hackers from inducting how and where the vulnerability deteriorates/resides, and extends the time it takes to appear other exploits in the wild.
As for the time of day zero, it is tracked as CVE-2020-1380 and is located in the script engine provided with Internet Explorer.
Microsoft said it won a report from antivirus manufacturer Kaspersky that the hackers had discovered a remote code execution (RCE) error in the IE script engine and abused it in the attacks.
While the error resides in the IE script engine, other local Microsoft programs are also affected, such as the company’s Office suite.
Office programs use the IE scripting engine to incorporate and render Internet pages into Office documents, a feature in which the scripting engine plays a major role.
This is that the error can be exploited by attracting users to malicious sites or by sending them trapped Office files.
Below are useful facts about today’s Microsoft Patch Tuesday, but also about security updates released through other corporations this month, which formula managers may also want to address, in addition to the Microsoft bundle.
[ZDNet provides a list of all constant bugs each month, but today the Microsoft API no longer responds. The list will be provided once the API is updated with this month’s updates.]
Threema joins rows of E2EE chat apps that encrypt video calls
Mozilla fires 250 workers as it focuses on advertising products
Security researcher publishes the main points and uses code for a zero-day vBulletin
A mysterious organization hijacked Tor’s outbound nodes to perform SSL suppression attacks
By registering, you agree to the terms of use and knowledge practices defined in the privacy policy.
You’ll get a loose subscription to ZDNet’s Tech Update Today and ZDNet Announcement newsletters. You may opt out of receiving these newsletters at any time.
You agree to get CBS circle updates, alerts and promotions from business family members by adding ZDNet Tech Update Today and ZDNet Announcement. You can choose to leave at any time.