• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Home
  • About
  • DMCA
  • Privacy Policy
  • Contact US
  • Sitemap
  • Guest Post

Internet Do

Internet - All things Internet

  • Internet
  • Technology
  • Domain – Host – VPS
  • WEB – BLOG
  • Bitcoin
  • Reviews
You are here: Home / Internet / Microsoft fixes Windows and Internet Explorer zero-day flaws in latest Patch Tuesday – TechRepublic

Microsoft fixes Windows and Internet Explorer zero-day flaws in latest Patch Tuesday – TechRepublic

08/12/2020 by admin

The latest series of Patch Tuesday security updates for Windows 10 includes patches for 17 bugs marked ‘Critical’ and 97 listed as ‘Important’.

Microsoft has issued fixes for 120 vulnerabilities – including two zero-day exploits – in its latest Patch Tuesday security update for Windows 10.

The latest series of updates covers 13 products and includes patches for 17 bugs flagged by Microsoft as ‘Critical’ and 97 listed as ‘Important’. Microsoft began rolling out the fixes yesterday, August 11, covering Windows 10 version 2004 all the way back to Windows 7 and Server 2008.

SEE: Zero trust security: A cheat sheet (free PDF) (Free PDF) (TechRepublic)

Amongst the main vulnerabilities to be have patched is the bug designated CVE-2020-1464, a spoofing vulnerability through which an attacker could bypass Windows 10’s security features and load improperly signed files on a user’s machine. This vulnerability has been publicly disclosed and detected in real-world attacks, though no other details have been provided by Microsoft.

The second zero-day exploit being remedied by Microsoft is CVE-2020-1380, a remote-code execution vulnerability in Internet Explorer’s scripting engine. This vulnerability was flagged to Microsoft by antivirus software provider Kaspersky, and allows attackers to execute malicious code in Internet Explorer through which an unauthorised user could then take control of other parts of the victim’s system.

According to Microsoft, an attacker who successfully exploited the vulnerability could gain the same user rights as the authorised user: if the current user is logged on with administrator rights, for instance, the attacker could take control of the system and install programs; view, change, or delete data; or create new accounts at will.

Kaspersky explained that the exploit was dangerous regardless of whether Internet Explorer was used as the primary web browser on a PC: some Microsoft applications, such as Office, often use Internet Explorer to display video and render web pages within documents via the ActiveX extension. An attacker could, therefore, exploit code into ActiveX and either launch it via a document or lure users to a malicious site.

SEE: Windows 10 Start menu hacks (TechRepublic Premium)

Another notable vulnerability resolved in August’s security update is CVE-2020-147. This exploit enabled an attacker to use the Netlogon Remote Protocol (MS-NRPC) to connect to a domain controller and obtain domain administrator access. Microsoft is addressing this vulnerability in a two-part update, starting with a modification to how Netlogon handles the use of secure channels.

Additional patches being rolled out by Microsoft cover its Edge browser, Office, SQL Server Management Studio, .Net Framework, alongside other components and development tools. Adobe has also pitched in with 26 fixes for vulnerabilities in its Acrobat and Reader applications.

All of the latest Patch Tuesday fixes are available via Windows Update. ZDNet has published an exhaustive list of everything that’s included, alongside a list of security updates released by other companies this week.

Cybersecurity Insider Newsletter

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays



Sign up today

Also see

===========
Website of source

Share this:

  • Click to share on Facebook (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on Tumblr (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Pinterest (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to email this to a friend (Opens in new window)

Related

Filed Under: Internet Tagged With: Internet News

Primary Sidebar

Categories

  • Bitcoin (5,370)
  • Domain – Host – VPS (790)
  • Internet (45,997)
    • Images (233)
    • Videos (277)
  • Make Money Online (955)
  • Reviews (12)
  • Technology (66,823)
  • WEB – BLOG (1,115)

INTERNETDO.COM © 2015 - 2020 - ALL THINGS INTERNET - Hosted by INTERSERVER.NET - LLODO TECH - Q&A English Online.

loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.