Established of patches contains an strange “critical” rated elevation of privilege bug
Microsoft has patched one hundred twenty CVEs for August, which include seventeen labelled critical and two less than energetic attack in the wild. The release brings its patches to 862 so far this 12 months — extra than entire-12 months 2019.
The patches plug vulnerabilities in Home windows, Microsoft Scripting Engine, SQL Server, .Net Framework, ASP.Net Core, Place of work and Place of work Expert services and World-wide-web Apps, Microsoft Dynamics and extra.
Below energetic attack:
CVE-2020-1464 – Home windows Spoofing Vulnerability
This spoofing bug permits an attacker to load improperly signed documents, bypassing signature verification.
With a new Home windows file signature spoofing vuln (CVE-2020-1464) remaining actively exploited in the wild – overview the detection policies you have in spot that warn when (what purport to be) Home windows program documents behave abnormally. Couple of illustrations underneath using @cortexbypanw & @sansforensics https://t.co/2PwaXnZQLO
— Jamie Brummell (@jamiebrummell) August twelve, 2020
Microsoft does not checklist wherever this is general public or how lots of individuals are afflicted by the assaults, but all supported variations of Home windows are afflicted, so take a look at and deploy this one rapidly.
CVE-2020-1380 – Scripting Engine Memory Corruption Vulnerability
This bug in IE lets attacker operate their code on a concentrate on program if an afflicted version of IE views a specially crafted internet site.
A person vuln exploited in-the-wild in present day MSFT patch tuesday: CVE-2020-1380. Yet another IE vuln. Is it the JScript bug that nonetheless won’t die? Described by @oct0xor https://t.co/R4psm27sry
— Maddie Stone (@maddiestone) August 11, 2020
The bug was documented by Kaspersky, it’s reasonable to suppose malware is included.
CVE-2020-1472 – NetLogon Elevation of Privilege Vulnerability
An strange elevation of privilege bug that is rated critical, this vulnerability is in the Netlogon Remote Protocol (MS-NRPC). An unauthenticated attacker would use MS-NRPC to hook up to a Domain Controller (DC) to obtain administrative obtain. Worryingly, there is not a entire deal with readily available. As the ZDI notes: “This patch enables the DCs to guard gadgets, but a 2nd patch at present slated for Q1 2021 enforces secure Remote Process Phone (RPC) with Netlogon to completely handle this bug.”
Here’s a digest of my understanding of #CVE-2020-1472 for the Microsoft Netlogon secure channel vulnerability and what you require to do to guard by yourself. Thread. ⬇️
— Ryan Newington [MVP] 🇦🇺 (@RyanLNewington) August twelve, 2020
Following applying this patch, you’ll nonetheless require to make improvements to your DC. Microsoft published guidelines to aid directors pick out the appropriate configurations.
As Onebite notes, Microsoft also released patches for 6 memory corruption vulnerabilities in Media Foundation (CVE-2020-1525, CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1492, CVE-2020-1554).
An attacker persuading a consumer to open a malicious file would get the very same rights as that consumer. All Media Foundation installations need to be prioritised for patching.
More to abide by.
h/t ZDI and Qualys.