Microsoft has released August 2020 Security updates, that includes a patch for an actively attacked memory corruption vulnerability (CVE-2020-1380) in the Scripting Engine. Adobe also released updates for Adobe Acrobat and Reader, as well as Lightroom.
In all, the Microsoft security updates address 120 vulnerabilities (17 rated Critical) in the following products:
- .NET Frame
- .NET Framework
- ASP.NET Core
- Internet Explorer
- Microsoft ChakraCore
- Microsoft Dynamics
- Microsoft Edge (Chromium-based)
- Microsoft Edge (EdgeHTML-based)
- Microsoft JET Database Engine
- Microsoft Office and Microsoft Office Services and Web Apps
- Microsoft Scripting Engine
- Microsoft Windows
- Microsoft Windows Codecs Library
- SQL Server.
Microsoft has provided patches for each of the vulnerabilities and summarized them in the August 2020 Security Updates Release Notes.
Readers can also check out more vulnerability and patch details in Microsoft’s Security Update Guide.
Scripting Engine vulnerability (CVE-2020-1380)
Microsoft has confirmed a Scripting Engine vulnerability (CVE-2020-1380) is under active attack and could result in remote code execution and full system compromise.
“In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked ‘safe for initialization’ in an application or Microsoft Office document that hosts the IE rendering engine,” Microsoft warned in the advisory.
“The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.”
In addition, Microsoft addressed another Scripting Engine Memory Corruption vulnerability CVE-2020-1570.
The company confirmed that “exploitation is more likely“, so should also be prioritized for patching.
Media Foundation vulnerabilities
Microsoft also fixed 5 Critical Media Foundation memory corruption vulnerabilities that could result in remote code execution (RCE).
“A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights,” Microsoft stated in the advisory.
In short, organizations should prioritize the patching of all Media Foundation software installations.
Windows Codecs Library RCE vulnerabilities
Exploitation of each of these vulnerabilities would require a program process a specially crafted image file. As a result, an attacker could take control of impacted systems.
The only silver lining on these is Microsoft acknowledged that exploitation is less likely for each of the bugs.
Other Critical vulnerabilities
Rounding out the remaining Critical vulnerabilities include:
- CVE-2020-1046: .NET Framework Remote Code Execution Vulnerability
- CVE-2020-1339: Windows Media Remote Code Execution Vulnerability
- CVE-2020-1472: Netlogon Elevation of Privilege Vulnerability
- CVE-2020-1483: Microsoft Outlook Memory Corruption Vulnerability
- CVE-2020-1555: Scripting Engine Memory Corruption Vulnerability
- CVE-2020-1567: MSHTML Engine Remote Code Execution Vulnerability
- CVE-2020-1568: Microsoft Edge PDF Remote Code Execution Vulnerability.
Another notable “Important” Windows Spoofing Vulnerability (CVE-2020-1464) is also under attack. An attacker could bypass security features intended to prevent improperly signed files from being loaded.
Finally, Adobe released a security advisory for Adobe Acrobat and Reader (APSB20-48) and Adobe Lightroom (APSB20-51). The Acrobat and Reader update includes fixes for 11 Critical arbitrary code execution vulnerabilities.
In a tweet sent out September 23, Microsoft said they have spotted active exploits in wild of a Netlogon vulnerability CVE-2020-1472 dubbed Zerologon.
Just last week, security experts warned of publicly available exploit code was published for a Microsoft Netlogon vulnerability CVE-2020-1472 that could allow attackers to hijack Windows domain controllers.
- Microsoft warns of active exploits in the wild of Zerologon vulnerability
- Samba addresses Critical Zerologon vulnerability
- Exploit code available for ‘Zerologon’ vulnerability (CVE-2020-1472) that affects Microsoft Netlogon
- Microsoft July 2020 Security Updates and patch for ‘Wormable’ RCE Vulnerability in Window DNS Server
- Microsoft takes down malicious domains used in COVID-19 related phishing campaign
- Microsoft releases out-of-band patch for Windows 10 vulnerability (CVE-2020-1441)
- Microsoft June 2020 Security Updates (and a Critical Adobe Flash patch)
- BIND and Microsoft DNS security updates