Advisory Overview
Microsoft has addressed two zero-day vulnerabilities in this week’s rollout of security patches. One of the zero-day vulnerabilities could allow an attacker to bypass security features intended to prevent improperly signed files from being loaded; the other zero-day vulnerability could allow an attacker to gain the same user rights as the current user of an affected machine, which could then allow the attacker to install programs; view, change, or delete data; or create new accounts with full user rights. SKOUT recommends applying the appropriate patches for Windows and Internet Explorer as soon as possible in order to properly address these vulnerabilities.
Technical detail and additional information
What is the threat?
The two zero-day vulnerabilities present different threats which are described in the CVEs for each. CVE-2020-1464 is a spoofing vulnerability that could allow an attacker to exploit the bug to bypass security features and load improperly signed files. CVE-2020-1380 is a scripting engine memory corruption vulnerability in Internet Explorer that could allow remote code execution.
Why is this noteworthy?
Regarding CVE-2020-1464, this spoofing vulnerability exists in most supported and unsupported Windows systems and could permit an attacker to load improperly signed files, which could allow an attacker to trick Windows into believing a malicious file is from a trusted source. Regarding CVE-2020-1380, a successful exploit of this flaw could enable a remote code execution leading to an attacker gaining user access rights. A couple of things to be aware of regarding this scripting engine vulnerability is that the exploit could get triggered by a user visiting a malicious website or by using an embedded ActiveX control in an application or Microsoft Office document.
What is the exposure or risk?
Both CVE-2020-1464 and CVE-2020-1380 were exploited prior to updates being released this month and, according to a report that Microsoft said it received from Kaspersky, CVE-2020-1380 was publicly disclosed and was being abused in real-world attacks. The zero-day vulnerabilities alone pose enough of a threat to make it a considerable risk, but with the total amount of vulnerabilities (120) addressed this month being so high, it should be a priority to make sure that the systems in your environment are thoroughly patched.
What are the recommendations?
SKOUT recommends applying the patches released by Microsoft as soon as possible to address the discovered zero-day vulnerabilities.
- Security Update lists for Windows systems affected are included, respectively, at the Microsoft links listed below.
- Additionally, confirm that updates are applied to Microsoft Edge (if installed) and all Office Applications, since these are common targets for malware and phishing.
- Lastly, confirm that Microsoft .NET Framework updates are also applied throughout your environment.
References:
For more in-depth information about the recommendations, please visit the following links:
- https://www.zdnet.com/google-amp/article/microsoft-august-2020-patch-tuesday-fixes-120-vulnerabilities-two-zero-days/?__twitter_impression=true&s=09
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1464
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1380
If you have any questions, please contact our Security Operations Center.