Skip to main content
Patch ManagementPatch Tuesday

Microsoft August Patch Tuesday Fixes 120 Vulnerabilities

By September 8, 2020June 22nd, 2022No Comments
||

Microsoft August Patch Tuesday Fixes 120 Vulnerabilities

Microsoft released updates to resolve at least 120 security issues, including two actively exploited zero-day vulnerabilities.

[vc_empty_space]
[vc_single_image image=”39653″ img_size=”full”]

August Patch Tuesday Arrives with Two Major Vulnerabilities

Microsoft has officially rolled out the latest August Patch Tuesday updates. There are 120 vulnerabilities remediated, including 17 Critical with the remaining 103 marked Important. Microsoft has surpassed the entire bug list of 2019 isn’t showing any sign of slowing down.

Windows 7 & Windows Server 2008 (including R2) Post January 14 Updates

  • Windows 7 (extended support ESU): 52 vulnerabilities, Critical and 48 Important
  • Windows Server 2008 R2 (extended support ESU): 41 vulnerabilities, 5 Critical and 36 Important

With this year’s release cadence, we believe the number of addressed vulnerabilities will become the new normal for Patch Tuesday. It is highly likely that it will not drop much lower due to the number of supported Windows 10 Feature Updates still under mainstream support. IT professionals should review their patching strategy to ensure their toolset and selection criteria are built for efficiency, especially if they have a highly-distributed workforce.

Top Patch Tuesday Vulnerabilities

CVE-2020-1380 – This Critically rated vulnerability is weaponized. Exploits have been detected and there are no counter-measures available. This is an Internet Explorer 11 vulnerability affecting nearly every Microsoft OS. The vulnerability could allow memory to be corrupted, enabling the system to be exploited with the same rights as the logged-on user. We have made this our number one choice due to the vendor severity, CVSS score, and weaponized status. Although it’s not officially recognized, this should be considered a zero-day vulnerability. 

CVE-2020-1464 – This Important rated vulnerability is both weaponized and publicly aware. This file signature vulnerability isn’t likely to be used to exploit a system. However, if successful, the security features of all Windows OS could load signed files properly and cause widescale system instability or crashing. This should also be considered a zero-day vulnerability.

CVE-2020-1585 – Carrying a CVSS score of 8.8, this vulnerability should be familiar to anyone who follows out-of-band updates. This vulnerability is similar to CVE-2020-1425 which we have highlighted previously. Based on our experience actors are always trying to use both new and established ways to hack into devices.

[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Experience the Power of Syxsense

Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1586908107967{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

What to Patch this Month

Based on the vendor severity and CVSS score, we have made a few patch recommendations. Pay close attention to any patches which are publicly aware or weaponized.

 

Reference Description Vendor Severity CVSS Score Weaponised Publicly Aware Counter-measure Syxsense Recommended
CVE-2020-1380 Scripting Engine Memory Corruption Vulnerability Critical 7.5 Yes No No Yes
CVE-2020-1464 Windows Spoofing Vulnerability Important 5.3 Yes Yes No Yes
CVE-2020-1585 Microsoft Windows Codecs Library Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2020-1472 Net Logon Elevation of Privilege Vulnerability Critical 8.8 No No No Yes
CVE-2020-1509 Local Security Authority Subsystem Service Elevation of Privilege Vulnerability Important 8.8 No No No Yes
CVE-2020-1554 Media Foundation Memory Corruption Vulnerability Critical 8 No No No Yes
CVE-2020-1525 Media Foundation Memory Corruption Vulnerability Critical 7.8 No No No Yes
CVE-2020-1379 Media Foundation Memory Corruption Vulnerability Critical 7.8 No No No Yes
CVE-2020-1477 Media Foundation Memory Corruption Vulnerability Critical 7.8 No No No Yes
CVE-2020-1492 Media Foundation Memory Corruption Vulnerability Critical 7.8 No No No Yes
CVE-2020-1046 .NET Framework Remote Code Execution Vulnerability Critical TBA No No No Yes
CVE-2020-1483 Microsoft Outlook Memory Corruption Vulnerability Critical TBA No No No Yes
CVE-2020-1511 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1473 Jet Database Engine Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2020-1478 Media Foundation Memory Corruption Vulnerability Important 7.8 No No No Yes
CVE-2020-1561 Microsoft Graphics Components Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2020-1562 Microsoft Graphics Components Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2020-1571 Windows 10 Update Assistant Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1531 Windows Accounts Control Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1587 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1488 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1527 Windows Custom Protocol Engine Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1584 Windows dnsrslvr.dll Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1517 Windows File Server Resource Management Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1518 Windows File Server Resource Management Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1520 Windows Font Driver Host Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2020-1579 Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1529 Windows GDI Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1480 Windows GDI Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1467 Windows Hard Link Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1417 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1526 Windows Network Connection Broker Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1337 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1528 Windows Radio Manager API Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1377 Windows Registry Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1378 Windows Registry Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1530 Windows Remote Access Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1537 Windows Remote Access Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1553 Windows Runtime Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1521 Windows Speech Runtime Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1522 Windows Speech Runtime Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1524 Windows Speech Shell Components Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1515 Windows Telephony Server Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1519 Windows UPnP Device Host Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1538 Windows UPnP Device Host Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1548 Windows Was Medic Service Information Disclosure Vulnerability Important 7.8 No No No Yes
CVE-2020-1533 Windows Wallet Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1552 Windows Work Folders Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1470 Windows Work Folders Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1516 Windows Work Folders Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1484 Windows Work Folders Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1567 MSHTML Engine Remote Code Execution Vulnerability Critical 7.5 No No No Yes
CVE-2020-1570 Scripting Engine Memory Corruption Vulnerability Critical 7.5 No No No Yes
CVE-2020-1560 Microsoft Windows Codecs Library Remote Code Execution Vulnerability Critical 7.3 No No No Yes
CVE-2020-1574 Microsoft Windows Codecs Library Remote Code Execution Vulnerability Critical 7.3 No No No Yes
CVE-2020-1339 Windows Media Remote Code Execution Vulnerability Critical 7.3 No No No Yes
CVE-2020-1568 Microsoft Edge PDF Remote Code Execution Vulnerability Critical 4.2 No No No Yes
CVE-2020-1555 Scripting Engine Memory Corruption Vulnerability Critical TBA No No No
CVE-2020-1476 ASP.NET and .NET Elevation of Privilege Vulnerability Important TBA No No No
CVE-2020-1597 ASP.NET Core Denial of Service Vulnerability Important TBA No No No
CVE-2020-1557 Jet Database Engine Remote Code Execution Vulnerability Important TBA No No No
CVE-2020-1558 Jet Database Engine Remote Code Execution Vulnerability Important TBA No No No
CVE-2020-1564 Jet Database Engine Remote Code Execution Vulnerability Important TBA No No No
CVE-2020-1582 Microsoft Access Remote Code Execution Vulnerability Important TBA No No No
CVE-2020-1591 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Important TBA No No No
CVE-2020-1497 Microsoft Excel Information Disclosure Vulnerability Important TBA No No No
CVE-2020-1494 Microsoft Excel Remote Code Execution Vulnerability Important TBA No No No
CVE-2020-1495 Microsoft Excel Remote Code Execution Vulnerability Important TBA No No No
CVE-2020-1496 Microsoft Excel Remote Code Execution Vulnerability Important TBA No No No
CVE-2020-1498 Microsoft Excel Remote Code Execution Vulnerability Important TBA No No No
CVE-2020-1504 Microsoft Excel Remote Code Execution Vulnerability Important TBA No No No
CVE-2020-1581 Microsoft Office Click-to-Run Elevation of Privilege Vulnerability Important TBA No No No
CVE-2020-1563 Microsoft Office Remote Code Execution Vulnerability Important TBA No No No
CVE-2020-1573 Microsoft Office SharePoint XSS Vulnerability Important TBA No No No
CVE-2020-1580 Microsoft Office SharePoint XSS Vulnerability Important TBA No No No
CVE-2020-1493 Microsoft Outlook Information Disclosure Vulnerability Important TBA No No No
CVE-2020-1505 Microsoft SharePoint Information Disclosure Vulnerability Important TBA No No No
CVE-2020-1499 Microsoft SharePoint Spoofing Vulnerability Important TBA No No No
CVE-2020-1500 Microsoft SharePoint Spoofing Vulnerability Important TBA No No No
CVE-2020-1501 Microsoft SharePoint Spoofing Vulnerability Important TBA No No No
CVE-2020-1455 Microsoft SQL Server Management Studio Denial of Service Vulnerability Important TBA No No No
CVE-2020-1502 Microsoft Word Information Disclosure Vulnerability Important TBA No No No
CVE-2020-1503 Microsoft Word Information Disclosure Vulnerability Important TBA No No No
CVE-2020-1583 Microsoft Word Information Disclosure Vulnerability Important TBA No No No
CVE-2020-0604 Visual Studio Code Remote Code Execution Vulnerability Important TBA No No No
CVE-2020-1535 Windows Backup Engine Elevation of Privilege Vulnerability Important TBA No No No
CVE-2020-1536 Windows Backup Engine Elevation of Privilege Vulnerability Important TBA No No No
CVE-2020-1539 Windows Backup Engine Elevation of Privilege Vulnerability Important TBA No No No
CVE-2020-1540 Windows Backup Engine Elevation of Privilege Vulnerability Important TBA No No No
CVE-2020-1541 Windows Backup Engine Elevation of Privilege Vulnerability Important TBA No No No
CVE-2020-1542 Windows Backup Engine Elevation of Privilege Vulnera

Leave a Reply