Microsoft has released patches for 120 CVEs, out of which 17 are critical, and 103 is important
Microsoft has released patches for 120 CVEs, out of which 17 are critical, and 103 is important, according to the software giant’s August Patch Tuesday Security updates.
Five of the critical bugs (CVE-2020-1554, CVE-2020-1492, CVE-2020-1379, CVE-2020-1477 and CVE-2020-1525) are tied to Microsoft's Windows Media Foundation (WMF).
“These vulnerabilities exist in the way WMF handles objects in memory. Successful exploitation would allow an attacker to install malicious software, manipulate data or create new accounts, ” said Liska.
One of the Windows-spoofing bugs CVE-2020-1464 is under active exploitation in the wild.
The flaw is rated “important,” as it affects all supported versions of Windows and permits an adversary to “bypass security features intended to prevent improperly signed files from being loaded,” said Microsoft. The worst part is 25% of connected Windows devices are still running Windows 7.
The second bug is tracked as CVE-2020-1380, is a remote code execution (RCE) bug that resides in the scripting engine’s library jscript9.dll, and is rated “critical.” The company says that a successful hack gives the attacker the same rights as the current user.
"An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements," Microsoft says in its advisory.
Trend Micro Zero Day Initiative’s Dustin Childs also signed out vulnerability tracked as CVE-2020-1472, that could be exploited by unauthenticated attackers to utilize Netlogon Remote Protocol (MS-NRPC) to connect to a Domain Controller (DC) and attain administrative access to run malicious applications on a device on the network.
Home users and server administrators are recommended to upgrade the latest security patches to prevent malware attacks.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?