Patch Tuesday: August 2020

Microsoft released their August 2020 Patch Tuesday updates to address 120 vulnerabilities,

17 of which are rated as critical.

The August 2020 security updates also include fixes for 2 actively exploited zero-day vulnerabilities.

2 Actively Exploited Zero-day Vulnerabilities Fixed

 CVE-2020-1380 is a Remote Code Execution (RCE) vulnerability in Internet Explorer due to scripting engine memory corruption. Microsoft stated that this vulnerability is actively exploited in phishing campaigns.

IF you are still using IE, your should switch to Edge or Chrome.

 “In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website”, Microsoft explained.

 The other publicly disclosed zero-day currently under active attack is CVE-2020-1464, which is a Windows spoofing vulnerability that enables hackers to bypass security features.

Other critical vulnerabilities that have been fixed resided in the .NET Framework, Media Foundation, Microsoft Edge, the Windows Codecs Library, the MSHTML Engine, the Scripting Engine, Windows Media, and Outlook.

Thomas Guard subscribers are receiving updates immediately. Please Reboot if your device indicates the need.

Non-Critical updates will be tested before application on Thomas Guard Managed Devices.