September 30, 2020

Microsoft August Patch Tuesday: Security Risk Notice of High-risk Vulnerabilities in Multiple Microsoft Products

3 min read

On August 11, 2020, Microsoft officially released the August Patch Tuesday. The security update released patches for 120 vulnerabilities, mainly covering the following components: Windows operating system, IE/Edge browser, ChakraCore, script engine, SQL Server, .Net framework, Windows codec library, including 17 serious vulnerabilities, 103 high-risk vulnerabilities. The Microsoft notice identified 1 high-risk vulnerability and 1 critical vulnerability that have been exploited.

Microsoft November Patch Tuesday

Vulnerability Details

  • CVE-2020-1464 | Windows Spoofing Vulnerability

    A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files.

    In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded.

  • CVE-2020-1380 | Scripting Engine Memory Corruption Vulnerability

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

    In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked “safe for initialization” in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

  • CVE-2020-1472 | Netlogon Elevation of Privilege Vulnerability

    An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network.

    To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access.

  • CVE-2020-1585 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability

    A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

    Exploitation of the vulnerability requires that a program process a specially crafted image file.

  • CVE-2020-1568 | Microsoft Edge PDF Remote Code Execution Vulnerability

    A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

    To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website that contains malicious PDF content. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted PDF content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker’s site.

In this regard, we recommend that users upgrade all Windows components to the latest version in time.