In August, Microsoft has patched 120 flaws across 13 different products, from Edge to Windows, and from SQL Server to the .NET Framework.

Tracked as CVE-2020-1464, the Windows spoofing flaw is linked to Windows erroneously authenticating file signatures. A hacker can exploit this vulnerability to sidestep security features and load inadequately signed files.

The software giant says it’s aware of exploitation attempts against both the latest and older versions of Windows.

The second vigorously exploited flaw fixed this month is CVE-2020-1380, a remote code execution issue pertaining to how the scripting engine used by Internet Explorer deals with objects in memory.

The security hole can be abused by tricking the targeted user to a particularly created website, persuading them to open a malicious Office document, or through a malvertising attack.

Researchers at Kaspersky reported CVE-2020-1380 flaw to Microsoft and the security company is expected to reveal some information about the flaw and the attacks in the next few hours or days.

15 of the flaws fixed by the tech giant this month have been critical. They typically affect Windows, but some affect Edge, Internet Explorer, Outlook, and the .NET framework, and most of them can be exploited for remote code execution.

More than 100 flaws have been termed as important. They impact Windows, Dynamics 365, Office, Outlook, SharePoint, and Visual Studio Code, and they can be exploited for remote code execution, privilege escalation, XSS attacks, DoS attacks, and to receive information.

Dustin Childs of Trend Micro’s Zero Day Initiative, which has analyzed this month’s patches, said that this is the sixth month in succession with over 110 CVEs from Microsoft.

“This brings the total number of Microsoft patches released this year to 862 – 11 more patches than Microsoft shipped in all of 2019,” Childs said. “If they maintain this pace, it’s quite possible for them to ship more than 1,300 patches this year. This volume – along with difficult servicing scenarios – puts extra pressure on patch management teams.”

Leave a Reply

Your email address will not be published. Required fields are marked *