Today is Microsoft's August 2020 Patch Tuesday, and while this is just a typical day for most of you, Windows administrators around the world want to pull their hair out.
With the release of the August 2020 Patch Tuesday security updates, Microsoft has released one Servicing Stack Update for Windows 10 advisory and fixes for 120 vulnerabilities in Microsoft products.
Of these vulnerabilities, 17 are classified as Critical, and 103 are classified as Important.
This release is the third-largest Patch Tuesday update ever released by Microsoft, with the second-largest being 123 fixes in July 2020, and the largest being issued in June 2020 with 129 fixes.
As these updates fix two zero-day vulnerabilities that have been actively exploited in attacks, users should install these security updates as soon as possible.
For information about the non-security Windows updates, you can read about today's Windows 10 KB4566782 & KB4565351 cumulative updates.
Two zero-day vulnerabilities used in active attacks
According to Microsoft, two of the vulnerabilities are actively being used in attacks, with one of them publicly disclosed.
The first is "CVE-2020-1380 | Scripting Engine Memory Corruption Vulnerability," a remote code execution vulnerability in Internet Explorer 11 that Boris Larin (Oct0xor) of Kaspersky Lab.
"In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability."
According to Microsoft, this vulnerability is being actively exploited in attacks, and as it can be used in malicious Office documents, it was most likely spotted in phishing campaigns.
The second vulnerability that is actively being used and publicly disclosed is "CVE-2020-1464 | Windows Spoofing Vulnerability" and allows attackers to spoof other companies when digitally signing an executable.
These spoofed signatures could allow an attacker to "bypass security features intended to prevent improperly signed files from being loaded."
Fix for CVE-2020-1472 rolled out in two phases
In addition to the actively exploited zero-days, the fix for "CVE-2020-1472 | Netlogon Elevation of Privilege Vulnerability" is of particular interest as it is being rolled out in two phases.
"An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network.
To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access."
The patch released as part of the August 2020 Patch Tuesday updates will enable secure Remote Procedure Call (RPC) communication for machine accounts on Windows based devices, trust accounts, and all Windows and non-Windows DCs.
The patch will also log non-compliant devices so that system administrators can resolve their issues or replace them before the second phase of the fix rolls out.
In the February 2021 updates, Microsoft will enabled the second part of this fix and automatically enforce secure RPC communications for all devices on the network and no longer log non-compliant devices.
Recent security updates from other companies
Other vendors who released security updates in August include:
- Adobe released security updates today for Adobe Acrobat, Reader, and Lightstream.
- Android released their June 2020 security updates on June 1st.
- Apple released security updates for iCloud for Windows [1, 2] on August 10th.
- Google Chrome 84.0.4147.125 was released on August 10th, with fifteen security fixes.
- Intel patched 22 vulnerabilities today with their August 2020 Platform Update.
- SAP released their June 2020 security updates today.
The August 2020 Patch Tuesday Security Updates
Below is the full list of resolved vulnerabilities and released advisories in the August 2020 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET Framework | CVE-2020-1476 | ASP.NET and .NET Elevation of Privilege Vulnerability | Important |
| .NET Framework | CVE-2020-1046 | .NET Framework Remote Code Execution Vulnerability | Critical |
| ASP.NET | CVE-2020-1597 | ASP.NET Core Denial of Service Vulnerability | Important |
| Internet Explorer | CVE-2020-1567 | MSHTML Engine Remote Code Execution Vulnerability | Critical |
| Microsoft Dynamics | CVE-2020-1591 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability | Important |
| Microsoft Edge | CVE-2020-1569 | Microsoft Edge Memory Corruption Vulnerability | Important |
| Microsoft Edge | CVE-2020-1568 | Microsoft Edge PDF Remote Code Execution Vulnerability | Critical |
| Microsoft Graphics Component | CVE-2020-1562 | Microsoft Graphics Components Remote Code Execution Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-1577 | DirectWrite Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-1561 | Microsoft Graphics Components Remote Code Execution Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-1510 | Win32k Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-1529 | Windows GDI Elevation of Privilege Vulnerability | Important |
| Microsoft JET Database Engine | CVE-2020-1473 | Jet Database Engine Remote Code Execution Vulnerability | Important |
| Microsoft JET Database Engine | CVE-2020-1558 | Jet Database Engine Remote Code Execution Vulnerability | Important |
| Microsoft JET Database Engine | CVE-2020-1557 | Jet Database Engine Remote Code Execution Vulnerability | Important |
| Microsoft JET Database Engine | CVE-2020-1564 | Jet Database Engine Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2020-1483 | Microsoft Outlook Memory Corruption Vulnerability | Critical |
| Microsoft Office | CVE-2020-1504 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2020-1503 | Microsoft Word Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2020-1495 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2020-1494 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2020-1493 | Microsoft Outlook Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2020-1496 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2020-1502 | Microsoft Word Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2020-1498 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2020-1497 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Microsoft Office | CVE-2020-1581 | Microsoft Office Click-to-Run Elevation of Privilege Vulnerability | Important |
| Microsoft Office | CVE-2020-1563 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2020-1582 | Microsoft Access Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2020-1583 | Microsoft Word Information Disclosure Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1505 | Microsoft SharePoint Information Disclosure Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1573 | Microsoft Office SharePoint XSS Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1499 | Microsoft SharePoint Spoofing Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1500 | Microsoft SharePoint Spoofing Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1580 | Microsoft Office SharePoint XSS Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1501 | Microsoft SharePoint Spoofing Vulnerability | Important |
| Microsoft Scripting Engine | CVE-2020-1570 | Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2020-1555 | Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2020-1380 | Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Video Control | CVE-2020-1492 | Media Foundation Memory Corruption Vulnerability | Critical |
| Microsoft Windows | CVE-2020-1485 | Windows Image Acquisition Service Information Disclosure Vulnerability | Important |
| Microsoft Windows | CVE-2020-1587 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1551 | Windows Backup Engine Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1484 | Windows Work Folders Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1489 | Windows CSC Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1584 | Windows dnsrslvr.dll Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1486 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1488 | Windows AppX Deployment Extensions Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1490 | Windows Storage Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1515 | Windows Telephony Server Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1513 | Windows CSC Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1553 | Windows Runtime Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1552 | Windows Work Folder Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1566 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1579 | Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1512 | Windows State Repository Service Information Disclosure Vulnerability | Important |
| Microsoft Windows | CVE-2020-1511 | Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1480 | Windows GDI Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1542 | Windows Backup Engine Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1543 | Windows Backup Engine Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1540 | Windows Backup Engine Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1541 | Windows Backup Engine Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1544 | Windows Backup Engine Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1547 | Windows Backup Engine Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1519 | Windows UPnP Device Host Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1545 | Windows Backup Engine Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1546 | Windows Backup Engine Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1539 | Windows Backup Engine Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1528 | Windows Radio Manager API Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1530 | Windows Remote Access Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1526 | Windows Network Connection Broker Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1527 | Windows Custom Protocol Engine Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1534 | Windows Backup Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1537 | Windows Remote Access Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1520 | Windows Font Driver Host Remote Code Execution Vulnerability | Important |
| Microsoft Windows | CVE-2020-1535 | Windows Backup Engine Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1536 | Windows Backup Engine Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1470 | Windows Work Folders Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1509 | Local Security Authority Subsystem Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1459 | Windows ARM Information Disclosure Vulnerability | Important |
| Microsoft Windows | CVE-2020-1538 | Windows UPnP Device Host Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1475 | Windows Server Resource Management Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1464 | Windows Spoofing Vulnerability | Important |
| Microsoft Windows | CVE-2020-1467 | Windows Hard Link Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1550 | Windows CDP User Components Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1517 | Windows File Server Resource Management Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1518 | Windows File Server Resource Management Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1516 | Windows Work Folders Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1549 | Windows CDP User Components Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1383 | Windows RRAS Service Information Disclosure Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2020-1574 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability | Critical |
| Microsoft Windows Codecs Library | CVE-2020-1560 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability | Critical |
| Microsoft Windows Codecs Library | CVE-2020-1585 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability | Critical |
| Netlogon | CVE-2020-1472 | Netlogon Elevation of Privilege Vulnerability | Critical |
| SQL Server | CVE-2020-1455 | Microsoft SQL Server Management Studio Denial of Service Vulnerability | Important |
| Visual Studio | CVE-2020-0604 | Visual Studio Code Remote Code Execution Vulnerability | Important |
| Windows AI | CVE-2020-1521 | Windows Speech Runtime Elevation of Privilege Vulnerability | Important |
| Windows AI | CVE-2020-1522 | Windows Speech Runtime Elevation of Privilege Vulnerability | Important |
| Windows AI | CVE-2020-1524 | Windows Speech Shell Components Elevation of Privilege Vulnerability | Important |
| Windows COM | CVE-2020-1474 | Windows Image Acquisition Service Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2020-1578 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2020-1417 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2020-1479 | DirectX Elevation of Privilege Vulnerability | Important |
| Windows Media | CVE-2020-1379 | Media Foundation Memory Corruption Vulnerability | Critical |
| Windows Media | CVE-2020-1554 | Media Foundation Memory Corruption Vulnerability | Critical |
| Windows Media | CVE-2020-1339 | Windows Media Remote Code Execution Vulnerability | Critical |
| Windows Media | CVE-2020-1525 | Media Foundation Memory Corruption Vulnerability | Critical |
| Windows Media | CVE-2020-1487 | Media Foundation Information Disclosure Vulnerability | Important |
| Windows Media Player | CVE-2020-1478 | Media Foundation Memory Corruption Vulnerability | Important |
| Windows Media Player | CVE-2020-1477 | Media Foundation Memory Corruption Vulnerability | Critical |
| Windows Print Spooler Components | CVE-2020-1337 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
| Windows RDP | CVE-2020-1466 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | Important |
| Windows Registry | CVE-2020-1377 | Windows Registry Elevation of Privilege Vulnerability | Important |
| Windows Registry | CVE-2020-1378 | Windows Registry Elevation of Privilege Vulnerability | Important |
| Windows Shell | CVE-2020-1565 | Windows Elevation of Privilege Vulnerability | Important |
| Windows Shell | CVE-2020-1531 | Windows Accounts Control Elevation of Privilege Vulnerability | Important |
| Windows Update Stack | CVE-2020-1571 | Windows Setup Elevation of Privilege Vulnerability | Important |
| Windows Update Stack | CVE-2020-1548 | Windows WaasMedic Service Information Disclosure Vulnerability | Important |
| Windows WalletService | CVE-2020-1556 | Windows WalletService Elevation of Privilege Vulnerability | Important |
| Windows WalletService | CVE-2020-1533 | Windows WalletService Elevation of Privilege Vulnerability | Important |
Update 8/12/20: Added list of updates and further information for CVE-2020-1472.
Top 10 MITRE ATT&CK© Techniques Behind 93% of Attacks
Based on an analysis of 14M malicious actions, discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them.
Comments
0bytesleft - 4 years ago
When will this nightmare end?
Triplehammer - 4 years ago
So the largest, second largest and third largest patches ever happened within the past three months. Microsofties are apparently more productive working from home.
the_moss_666 - 4 years ago
"... Microsofties are apparently more productive working from home."
It's more likely due to increased activity of hackers (all hat colors) during Covid. There was also a shift from attacking users and small business to big corporations and government.
[https://www.interpol.int/News-and-Events/News/2020/INTERPOL-report-shows-alarming-rate-of-cyberattacks-during-COVID-19]