Microsoft August Patch Tuesday Fixes 120 Vulnerabilities
Microsoft released updates to resolve at least 120 security issues, including two actively exploited zero-day vulnerabilities.
August Patch Tuesday Arrives with Two Major Vulnerabilities
Microsoft has officially rolled out the latest August Patch Tuesday updates. There are 120 vulnerabilities remediated, including 17 Critical with the remaining 103 marked Important. Microsoft has surpassed the entire bug list of 2019 isnt showing any sign of slowing down.
Windows 7 & Windows Server 2008 (including R2) Post January 14 Updates
- Windows 7 (extended support ESU): 52 vulnerabilities, 4 Critical and 48 Important
- Windows Server 2008 R2 (extended support ESU): 41 vulnerabilities, 5 Critical and 36 Important
With this years release cadence, we believe the number of addressed vulnerabilities will become the new normal for Patch Tuesday. It is highly likely that it will not drop much lower due to the number of supported Windows 10 Feature Updates still under mainstream support. IT professionals should review their patching strategy to ensure their toolset and selection criteria are built for efficiency, especially if they have a highly-distributed workforce.
Top Patch Tuesday Vulnerabilities
CVE-2020-1380 This Critically rated vulnerability is weaponized. Exploits have been detected and there are no counter-measures available. This is an Internet Explorer 11 vulnerability affecting nearly every Microsoft OS. The vulnerability could allow memory to be corrupted, enabling the system to be exploited with the same rights as the logged-on user. We have made this our number one choice due to the vendor severity, CVSS score, and weaponized status. Although its not officially recognized, this should be considered a zero-day vulnerability.
CVE-2020-1464 This Important rated vulnerability is both weaponized and publicly aware. This file signature vulnerability isnt likely to be used to exploit a system. However, if successful, the security features of all Windows OS could load signed files properly and cause widescale system instability or crashing. This should also be considered a zero-day vulnerability.
CVE-2020-1585 Carrying a CVSS score of 8.8, this vulnerability should be familiar to anyone who follows out-of-band updates. This vulnerability is similar to CVE-2020-1425 which we have highlighted previously. Based on our experience actors are always trying to use both new and established ways to hack into devices.
Experience the Power of Syxsense
Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.