Microsoft today released its August 2020 batch of software security updates for all supported versions of its Windows operating systems and other products total of 120 vulnerabilities including 17 critical including 2 zero-days.
Here is a list of some major flaws(from thehackernews.com)
- Play a video file — thanks to flaws in Microsoft Media Foundation and Windows Codecs
- Listen to audio — thanks to bugs affecting Windows Media Audio Codec
- Browser a website — thanks to ‘all time buggy’ Internet Explorer
- Edit an HTML page — thanks to an MSHTML Engine flaw
- Read a PDF — thanks to a loophole in Microsoft Edge PDF Reader
- Receive an email message — thanks to yet another bug in Microsoft Outlook
The august update has also patched 2 zero-day vulnerabilities which are under active attack, one of the zero-day vulnerabilities tracked as CVE-2020-1380, was spotted by Kaspersky Labs and has been rated critical because IE remains an important component of Windows as it still comes installed by default in the latest Windows OS under active attack is a remote code execution bug that resides in the scripting engine’s library jscript9.dll, which is used by default by all versions of Internet Explorer since IE9.
Kaspersky researchers explain the flaw is a use-after-free vulnerability in JScript that corrupts the dynamic memory in IE in such a way that an attacker could execute arbitrary code in the context of the current user. So, if the current user is logged in with administrative privileges, the attacker could control the affected system.
Microsoft says “An attacker could also embed an ActiveX control marked “safe for initialization” in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements,”
The second Zero-day vulnerability tracked as CVE-2020-1464 is a Windows spoofing bug that exists when Windows incorrectly validates file signatures and it affects all supported versions of Windows and allows attackers to load improperly signed files by bypassing security features created to prevent incorrectly signed files from being loaded.
Microsoft recommends to update the Windows10 with August2020 update as soon as possible