Set of patches features an strange “critical” rated elevation of privilege bug
Microsoft has patched a hundred and twenty CVEs for August, which includes 17 labelled crucial and two underneath active assault in the wild. The release provides its patches to 862 so far this year — more than comprehensive-year 2019.
The patches plug vulnerabilities in Windows, Microsoft Scripting Engine, SQL Server, .Net Framework, ASP.Net Main, Business and Business Companies and Net Applications, Microsoft Dynamics and more.
Less than active assault:
CVE-2020-1464 – Windows Spoofing Vulnerability
This spoofing bug permits an attacker to load improperly signed documents, bypassing signature verification.
With a new Windows file signature spoofing vuln (CVE-2020-1464) currently being actively exploited in the wild – review the detection policies you have in place that warn when (what purport to be) Windows method documents behave abnormally. Several illustrations under employing @cortexbypanw & @sansforensics https://t.co/2PwaXnZQLO
— Jamie Brummell (@jamiebrummell) August 12, 2020
Microsoft does not listing the place this is community or how a lot of people today are affected by the attacks, but all supported variations of Windows are affected, so exam and deploy this a single rapidly.
CVE-2020-1380 – Scripting Engine Memory Corruption Vulnerability
This bug in IE allows attacker operate their code on a goal method if an affected version of IE views a specially crafted internet site.
1 vuln exploited in-the-wild in present day MSFT patch tuesday: CVE-2020-1380. Yet another IE vuln. Is it the JScript bug that nonetheless won’t die? Reported by @oct0xor https://t.co/R4psm27sry
— Maddie Stone (@maddiestone) August eleven, 2020
The bug was reported by Kaspersky, it’s realistic to think malware is concerned.
CVE-2020-1472 – NetLogon Elevation of Privilege Vulnerability
An strange elevation of privilege bug that is rated crucial, this vulnerability is in the Netlogon Remote Protocol (MS-NRPC). An unauthenticated attacker would use MS-NRPC to link to a Domain Controller (DC) to receive administrative obtain. Worryingly, there is not a comprehensive repair readily available. As the ZDI notes: “This patch permits the DCs to shield devices, but a 2nd patch at the moment slated for Q1 2021 enforces secure Remote Technique Simply call (RPC) with Netlogon to fully handle this bug.”
This is a digest of my comprehension of #CVE-2020-1472 for the Microsoft Netlogon secure channel vulnerability and what you want to do to shield your self. Thread. ⬇️
— Ryan Newington [MVP] 🇦🇺 (@RyanLNewington) August 12, 2020
Just after making use of this patch, you’ll nonetheless want to make variations to your DC. Microsoft released guidelines to aid directors choose the accurate options.
As Onebite notes, Microsoft also launched patches for six memory corruption vulnerabilities in Media Basis (CVE-2020-1525, CVE-2020-1379, CVE-2020-1477, CVE-2020-1478, CVE-2020-1492, CVE-2020-1554).
An attacker persuading a consumer to open up a destructive file would get the same legal rights as that consumer. All Media Basis installations should be prioritised for patching.
Much more to comply with.
h/t ZDI and Qualys.