Microsoft August Patch Tuesday Fixes 120 Vulnerabilities

Microsoft August Patch Tuesday Fixes 120 Vulnerabilities

August Patch Tuesday Arrives with Two Major Vulnerabilities

Microsoft has officially rolled out the latest August Patch Tuesday updates. There are 120 vulnerabilities remediated, including 17 Critical with the remaining 103 marked Important. Microsoft has surpassed the entire bug list of 2019 isn’t showing any sign of slowing down.

Windows 7 & Windows Server 2008 (including R2) Post January 14 Updates

  • Windows 7 (extended support ESU): 52 vulnerabilities, Critical and 48 Important
  • Windows Server 2008 R2 (extended support ESU): 41 vulnerabilities, 5 Critical and 36 Important

With this year’s release cadence, we believe the number of addressed vulnerabilities will become the new normal for Patch Tuesday. It is highly likely that it will not drop much lower due to the number of supported Windows 10 Feature Updates still under mainstream support. IT professionals should review their patching strategy to ensure their toolset and selection criteria are built for efficiency, especially if they have a highly-distributed workforce.

Top Patch Tuesday Vulnerabilities

CVE-2020-1380 – This Critically rated vulnerability is weaponized. Exploits have been detected and there are no counter-measures available. This is an Internet Explorer 11 vulnerability affecting nearly every Microsoft OS. The vulnerability could allow memory to be corrupted, enabling the system to be exploited with the same rights as the logged-on user. We have made this our number one choice due to the vendor severity, CVSS score, and weaponized status. Although it’s not officially recognized, this should be considered a zero-day vulnerability. 

CVE-2020-1464 – This Important rated vulnerability is both weaponized and publicly aware. This file signature vulnerability isn’t likely to be used to exploit a system. However, if successful, the security features of all Windows OS could load signed files properly and cause widescale system instability or crashing. This should also be considered a zero-day vulnerability.

CVE-2020-1585 – Carrying a CVSS score of 8.8, this vulnerability should be familiar to anyone who follows out-of-band updates. This vulnerability is similar to CVE-2020-1425 which we have highlighted previously. Based on our experience actors are always trying to use both new and established ways to hack into devices.

Experience the Power of Syxsense

Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.