The latest Microsoft Windows Patch Tuesday pack has been released bringing in fixes for 120 vulnerabilities. They reveal how hackers could have used exploits in order to hack into the systems using a lot of different methods and components of the operating system.
August 2020 Patch Tuesday Released: Update Your Microsoft Windows Systems To Protect Yourself
Microsoft released their latest set of Patch Tuesday for August 2020 addressing a total of 120 software vulnerabilities in the Microsoft Windows operating system and its components. According to the published information 17 of them are critical in their severity ratings.
The weaknesses shows that there are multiple ways through which the systems can be hacked. Two of the bugs are zero-day meaning that it is very likely that hacker have exploited them in attacks. At the time of discovery the specialists cannot estimate as to what extent hacking attacks have been made using it.
Microsoft reveals that one of them is a remote code execution in all versions Internet Explorer since version 9. It is still installed by default in Microsoft Windows and is used by core system components. The problem lies in the JavaScript library – it is a vulnerability which corrupts the dynamic memory. As a result of these actions a remote code execution scenario will follow. If a user is logged in with administrative access the hackers can overtake full control of the systems. This particular security vulnerability is tracked in the CVE-2020-1380 advisory.
This Internet Explorer rendering service can also be exploited by using Microsoft Office documents. Hackers can include malicious ActiveX controls that are marked as sae for initialization which will be run by this module. They can be programmed to exploit the engine using this method and as such lead to dangerous code execution.
The other zero-day vulnerability is spoofing issue affecting the operating system as a whole. It allows criminals to bypass security features and load malware files. The reason or this is an improper handling of file signatures, this particular bug is accounted in CVE-2020-1464.
Another serious flaw which is part of the pack of updates is the critical bug described as a privilege escalation in the NetLogon service — it is part of the Windows Server family of operating systems, particularly when the target computer acts as a domain controller. It is described in the CVE-2020-1472 showing that the systems can be exploited by attackers.
Other bugs which are part of this Patch Tuesday allows a system to be hacked by playing videos or listening to music by taking advantage of flaws in Microsoft Media Foundation and Windows Codecs. Bugs in Microsoft Outlook allows the hackers to take advantage of the weakness when emails are read. PDF file viewing are also impacted by a bug in the Microsoft Edge PDF Reader as well.
As always we recommend that the latest Microsoft Windows patches are applied as soon as possible.