Microsoft has patched 120 CVEs for August, including 17 labelled critical and two under active attack in the wild. The release brings its patches to 862 so far this year — more than full-year 2019.
The patches plug vulnerabilities in Windows, Microsoft Scripting Engine, SQL Server, .NET Framework, ASP.NET Core, Office and Office Services and Web Apps, Microsoft Dynamics and more.
This spoofing bug allows an attacker to load improperly signed files, bypassing signature verification.
With a new Windows file signature spoofing vuln (CVE-2020-1464) being actively exploited in the wild – review the detection rules you have in place that alert when (what purport to be) Windows system files behave abnormally. Few examples below using @cortexbypanw & @sansforensicshttps://t.co/2PwaXnZQLO
Microsoft does not list where this is public or how many people are affected by the attacks, but all supported versions of Windows are affected, so test and deploy this one quickly.
This bug in IE lets attacker run their code on a target system if an affected version of IE views a specially crafted website.
One vuln exploited in-the-wild in today's MSFT patch tuesday: CVE-2020-1380. Another IE vuln. Is it the JScript bug that still won't die? Reported by @oct0xorhttps://t.co/R4psm27sry
The bug was reported by Kaspersky, it’s reasonable to assume malware is involved.
CVE-2020-1472 – NetLogon Elevation of Privilege Vulnerability
An unusual elevation of privilege bug that’s rated critical, this vulnerability is in the Netlogon Remote Protocol (MS-NRPC). An unauthenticated attacker would use MS-NRPC to connect to a Domain Controller (DC) to obtain administrative access. Worryingly, there is not a full fix available. As the ZDI notes: “This patch enables the DCs to protect devices, but a second patch currently slated for Q1 2021 enforces secure Remote Procedure Call (RPC) with Netlogon to fully address this bug.”
Here's a digest of my understanding of #CVE-2020-1472 for the Microsoft Netlogon secure channel vulnerability and what you need to do to protect yourself. Thread. ⬇️
After applying this patch, you’ll still need to make changes to your DC. Microsoft published guidelines to help administrators choose the correct settings.
An attacker persuading a user to open a malicious file would get the same rights as that user. All Media Foundation installations should be prioritised for patching.
More to follow.
h/t ZDI and Qualys.
This article is from the CBROnline archive: some formatting and images may not be present.
Join Our Newsletter
Want more on technology leadership?
Sign up for Tech Monitor's weekly newsletter, Changelog, for the latest insight and analysis delivered straight to your inbox.
Industry leading data and analysis for the FDI community
Close
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site you consent to the use of cookies. OKPrivacy policy