This Patch Tuesday follows the 2020 trend of 100+ vulnerabilities, but unlike last month, no major alarm bells to sound. August brings us fixes for 120 unique vulnerabilities, with 17 of them listed as \u201cCritical,\u201d with 97 listed as \u201cImportant.\u201d Only a handful are listed as \u201cLow\u201d or \u201cModerate.\u201d There are, however, a few listed as \u201cExploitation More Likely,\u201d and one is listed as \u201cExploitation Detected.\u201d This means it\u2019s still important to deploy patches in a timely manner and make sure your other layers of security are up to date and functioning properly. As always, we\u2019ll focus on the vulnerabilities listed as \u201cCritical\u201d and a few others that still need attention.<\/p>\n
CVE-2020-1472<\/a>\u00a0is a\u00a0Netlogon Elevation of Privilege Vulnerability\u00a0<\/b>that could allow an attacker to gain Domain Administrator privileges if it were to send a specially crafted packet using the Netlogon Remote Protocol to a Domain Controller. It\u2019s listed as \u201cExploitation Less Likely\u201d by Microsoft.<\/p>\n According to Microsoft, this fix will require two stages: this month\u2019s update and a follow-on update in Q1 of 2021 to enforce the changes being made to the secure channel connections. With this update, you\u2019ll see new Event IDs for systems that use the vulnerable connections and can enable enforcement now with a registry change. There\u2019s also a new Group Policy object that will allow you to make exceptions for non-compliant systems. Once the second phase is rolled out, the insecure connections will be refused, even for those systems you\u2019ve configured an exclusion for. In short, it\u2019s important to read the FAQ in the linked article and the accompanying documentation (supplied\u00a0here<\/a>) to fully understand the implications of these changes. That way, you can be prepared when the enforcement phase comes next year. This vulnerability affects all Server Operating systems from 2008R2 up to current version, including Core versions.<\/p>\n There are five vulnerabilities with the title\u00a0Media Foundation Memory Corruption Vulnerability\u00a0<\/b>this month, with affected operating systems being slightly different.<\/p>\n CVE-2020-1477<\/a>,\u00a0CVE-2020-1379<\/a>, and\u00a0CVE 2020-1554<\/a>\u00a0are Remote Code Execution vulnerabilities that could grant an attacker full control over the system if a user were tricked into opening a specially crafted document or visited a malicious webpage. They\u2019re both rated as \u201cExploitation Less Likely\u201d and affect Windows 7 up to the current version of Windows 10, including the corresponding Server versions.<\/p>\n CVE-2020-1492<\/a>\u00a0has the same description as above but only affects Windows 8.1 through the current version of Windows 10 and Server 2012R2 and above, including Core installations.<\/p>\n CVE-2020-1525<\/a>\u00a0only affects all versions of Windows 10 up to the current version, including Server versions.<\/p>\n CVE-2020-1560<\/a>\u00a0and\u00a0CVE-2020-1585<\/a>\u00a0are both titled\u00a0Microsoft Windows Codecs Library Remote Code Execution Vulnerability.\u00a0<\/b>They address how images are handled in memory. This fixes an issue where a user could be tricked into opening the image file and granting the attacker access to the system. They\u2019re listed as \u201cExploitation Less Likely\u201d and affect Windows 10 from version 1709 up to the current version, including the corresponding Server editions.<\/p>\n CVE-2020-1574<\/a>\u00a0has the same description as above but only affects Windows 10 version 1909 and 2004.<\/p>\n Next up is\u00a0CVE-2020-1339<\/a>, a\u00a0Windows Media Remote Code Execution Vulnerability\u00a0<\/b>in Windows 7 up to the current version of Windows 10 (including all Server versions). It\u2019s a remote code execution vulnerability that would grant an attacker full rights to a system if the user were to open a document or visit a webpage.<\/p>\n CVE-2020-1046<\/a>\u00a0is a\u00a0.NET Framework Remote Code Execution Vulnerability\u00a0<\/b>that would require an attacker to upload a specially crafted file to a web application that used one of the affected versions of .Net Framework. The vulnerability affects .Net Framework 2.0 SP2, 3.5, 3.5.1, 4.7.2, and 4.8 on all supported operating systems.<\/p>\n There are a few that need some attention here, as there are \u201cExploitation More Likely\u201d ratings and one \u201cExploitation Detected\u201d in this month\u2019s browser patches.<\/p>\n CVE-2020-1380<\/a>\u00a0is a\u00a0Scripting Engine Memory Corruption Vulnerability\u00a0<\/b>in Internet Explorer 11 on all supported operating systems. It\u2019s a remote code execution vulnerability that can be triggered if a user visits a malicious website. Microsoft indicates there are active attacks against this vulnerability with the \u201cExploitation Detected\u201d rating, so browsers should get special attention this month.<\/p>\n Another\u00a0Scripting Engine Memory Corruption Vulnerability<\/b>,\u00a0CVE-2020-1570<\/a>\u00a0, found in Internet Explorer 11 on all supported operating systems, and Internet Explorer 9 on Server 2008, is listed as \u201cExploitation More Likely.\u201d<\/p>\n The final\u00a0Scripting Engine Memory Corruption Vulnerability\u00a0<\/b>this month affects Edge. This one,\u00a0CVE-2020-1555<\/a>, is in the EdgeHTML version of the Edge browser, on all versions of Windows 10 that support it. It\u2019s listed as \u201cExploitation Less Likely.\u201d<\/p>\n Another \u201cExploitation More Likely\u201d rating goes to\u00a0CVE-2020-1567<\/a>, a\u00a0MSHTML Engine Remote Code Execution Vulnerability\u00a0<\/b>in IE11. This vulnerability requires the user to be tricked into editing a file and would grant the same privileges as the logged-on user.<\/p>\n The last \u201cCritical\u201d browser vulnerability is\u00a0CVE-2020-1568<\/a>, the\u00a0Microsoft Edge PDF Remote Code Execution Vulnerability\u00a0<\/b>in the Edge-HTML version of Microsoft Edge. This vulnerability grants an attacker the same rights as the logged-on user if the user were to access a malicious PDF or a website that hosted it. It\u2019s listed as \u201cExploitation Less Likely.\u201d<\/p>\n The final \u201cCritical\u201d is a\u00a0Microsoft Outlook Memory Corruption Vulnerability<\/b>.\u00a0CVE-2020-1483<\/a>\u00a0is a remote code execution vulnerability that would grant the same rights as the user if they were to access a file or visit a website that hosts the file. Microsoft states in the article that this vulnerability is rated as \u201cCritical\u201d mainly because the Preview Pane in Outlook is an attack vector\u2014meaning the user wouldn\u2019t have to fully open the attached document to be vulnerable. This vulnerability affects Microsoft 365 Apps for Enterprise, Microsoft Office 2019, and Outlook 2010 through 2016.<\/p>\n During my reviews, I occasionally run across an \u201cImportant\u201d vulnerability that is rated as \u201cExploitation More Likely\u201d or \u201cExploit Detected.\u201d I assume they\u2019re not listed as \u201cCritical\u201d because they\u2019re not remote code execution and require access to the vulnerable systems. However, sometimes one of these \u201cImportant\u201d vulnerabilities can end up as part of a multi-stage attack.<\/p>\n It seems that may the case with\u00a0CVE-2020-1464<\/a>\u00a0, a\u00a0Windows Spoofing Vulnerability\u00a0<\/b>that could allow an attacker to bypass security features in the operating system and load malicious files. This vulnerability is listed as \u201cExploitation Detected,\u201d meaning it\u2019s been seen in the wild. It affects Windows 7 up to the current version of Windows 10, including Server operating systems.<\/p>\nBrowsers<\/h3>\n
Other applications<\/h3>\n
Not listed as \u201cCritical,\u201d but deserves attention<\/h3>\n