August 2020 Patch Tuesday has seen Microsoft release 120 patches covering 13 products and a Servicing Stack Update for Windows 10 advisory. 17 of the vulnerabilities are rated critical, including 2 zero days, and 103 have been rated important.
The two zero days are being actively exploited and an exploit for one of those flaws has been released publicly, so it is important for the security updates to be applied as soon as possible.
The two zero-days are a scripting engine memory corruption vulnerability – CVE-2020-1380 – affecting Internet Explorer 11 that allows remote code execution. The flaw can be exploited by convincing a user to visit a specially crafted website, including websites that accept content from users or advertisements. “An attacker could also embed an ActiveX control marked “safe for initialization” in an application or Microsoft Office document that hosts the IE rendering engine,” according to Microsoft, which makes it ideal for use in phishing attacks. Exploitation of the flaw would give the attacker the same rights as the current user.
The other zero-day is a Windows spoofing vulnerability tracked as CVE-2020-1464 which allows an attacker to spoof a company when digitally signing an executable, thus bypassing security controls that detect improperly signed files.
The other critical flaws could be exploited to gain full control of a vulnerable system. Vulnerabilities of note in this month’s round of updates include a patch bypass vulnerability – CVE-2020-1337 – in the Windows Print Spooler service. A patch was released by Microsoft to correct the flaw CVE-2020-1048 in May 2020, but the patch was incomplete and could easily be bypassed. A PoC exploit for the vulnerability has been released and exploitation of the patch bypass was demonstrated at the Black Hat security conference this August. An attacker could escalate privileges if they are already logged on as a regular user.
A patch has also been released to correct a critical Netlogon flaw in Windows Server – CVE-2020-1472 – which could be exploited to gain administrative access to a Windows domain controller.
A .NET remote code execution vulnerability – CVE-2020-1046 – has also been corrected that could be exploited by uploading a specially crafted file to a web application. Exploitation of the flaw would allow an attacker to gain admin privileges on a vulnerable system.
As always, it is important to apply the patches as soon as possible to prevent exploitation, although make sure you backup files before installing any patches in case you experience any issues after applying the updates.