⚡ TL;DR | Go Straight to the August 2020 Patch Tuesday Audit Report.
Microsoft released their August 2020 Patch Tuesday updates to address 120 CVE-numbered vulnerabilities, 17 of which are rated as critical. The August 2020 security updates also include fixes for 2 actively exploited zero-day vulnerabilities.
2 Actively Exploited Zero-day Vulnerabilities Fixed
Microsoft has patched two 0-day vulnerabilities (CVE-2020-1380 and CVE-2020-1464) that are currently actively exploited in the wild.
CVE-2020-1380 is a Remote Code Execution (RCE) vulnerability in Internet Explorer due to scripting engine memory corruption. Microsoft stated that his vulnerability is actively exploited in phishing campaigns.
“In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website”, Microsoft explained.
The other publicly disclosed zero-day currently under active attack is CVE-2020-1464, which is a Windows spoofing vulnerability that enables hackers to bypass security features.
Other critical vulnerabilities that have been fixed resided in the .NET Framework, Media Foundation, Microsoft Edge, the Windows Codecs Library, the MSHTML Engine, the Scripting Engine, Windows Media, and Outlook.
Critical CVE Codes
We compiled a list of the most critical vulnerabilities in the August 2020 Microsoft updates.
| CVE-Code | Product Name | CVE Vulnerability Description |
|---|---|---|
| Microsoft Internet Explorer | CVE-2020-1380 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Windows | CVE-2020-1464 | Windows Spoofing Vulnerability |
| Windows Server | CVE-2020-1472 | Netlogon Elevation of Privilege Vulnerability |
| Windows Print Spooler | CVE-2020-1337 | Windows Print Spooler Elevation of Privilege Vulnerability |
| Windows Print Spooler | CVE-2020-1048 | Print Spooler Elevation of Privilege Vulnerability |
| Microsoft Edge | CVE-2020-1568 | PDF Remote Code Execution Vulnerability |
| Microsoft Excel | CVE-2020-1495 | Remote Code Execution Vulnerability |
Run the August 2020 Patch Tuesday Audit Report
Similar to previous months, we’ve created an Audit Report that checks if the assets in your network are on the latest Microsoft patch update. It’s color-coded to give you an easy and quick overview of which assets are already on the latest Windows update, and which ones still need to be patched. As always, all admins are advised to install these security updates as soon as possible to protect Windows from security risks.
If you haven’t already, start your free trial of Lansweeper to run the Microsoft Patch Tuesday Report. Make sure to subscribe via the form below if you want to receive the latest Microsoft Patch reports and bonus network reports.
