Sign up for our newsletter
Technology / Cybersecurity

Microsoft Patches Another 120 Bugs — Two Under Active Attack

Microsoft has patched 120 CVEs for August, including 17 labelled critical and two under active attack in the wild. The release brings its patches to 862 so far this year — more than full-year 2019.

The patches plug vulnerabilities in Windows, Microsoft Scripting Engine, SQL Server, .NET Framework, ASP.NET Core, Office and Office Services and Web Apps, Microsoft Dynamics and more.

Under active attack:

CVE-2020-1464 – Windows Spoofing Vulnerability

White papers from our partners

This spoofing bug allows an attacker to load improperly signed files, bypassing signature verification.

Microsoft does not list where this is public or how many people are affected by the attacks, but all supported versions of Windows are affected, so test and deploy this one quickly.

CVE-2020-1380 – Scripting Engine Memory Corruption Vulnerability

This bug in IE lets attacker run their code on a target system if an affected version of IE views a specially crafted website.

The bug was reported by Kaspersky, it’s reasonable to assume malware is involved.

CVE-2020-1472 – NetLogon Elevation of Privilege Vulnerability

An unusual elevation of privilege bug that’s rated critical, this vulnerability is in the Netlogon Remote Protocol (MS-NRPC). An unauthenticated attacker would use MS-NRPC to connect to a Domain Controller (DC) to obtain administrative access. Worryingly, there is not a full fix available. As the ZDI notes: “This patch enables the DCs to protect devices, but a second patch currently slated for Q1 2021 enforces secure Remote Procedure Call (RPC) with Netlogon to fully address this bug.”

After applying this patch, you’ll still need to make changes to your DC. Microsoft published guidelines to help administrators choose the correct settings.

As Onebite notes, Microsoft also released patches for 6 memory corruption vulnerabilities in Media Foundation (CVE-2020-1525CVE-2020-1379CVE-2020-1477CVE-2020-1478CVE-2020-1492CVE-2020-1554).

An attacker persuading a user to open a malicious file would get the same rights as that user. All Media Foundation installations should be prioritised for patching.

More to follow.

h/t ZDI and Qualys.
This article is from the CBROnline archive: some formatting and images may not be present.

CBR Staff Writer

CBR Online legacy content.