Microsoft Patch Tuesday – August 2020

Microsoft-Patch-Tuesday-september-2020

⚡ TL;DR | Go Straight to the August 2020 Patch Tuesday Audit Report.

Microsoft released their August 2020 Patch Tuesday updates to address 120 CVE-numbered vulnerabilities, 17 of which are rated as critical. The August 2020 security updates also include fixes for 2 actively exploited zero-day vulnerabilities.

2 Actively Exploited Zero-day Vulnerabilities Fixed

Microsoft has patched two 0-day vulnerabilities (CVE-2020-1380 and CVE-2020-1464) that are currently actively exploited in the wild.

CVE-2020-1380 is a Remote Code Execution (RCE) vulnerability in Internet Explorer due to scripting engine memory corruption. Microsoft stated that his vulnerability is actively exploited in phishing campaigns.

"In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website", Microsoft explained.

The other publicly disclosed zero-day currently under active attack is CVE-2020-1464, which is a Windows spoofing vulnerability that enables hackers to bypass security features.

Other critical vulnerabilities that have been fixed resided in the .NET Framework, Media Foundation, Microsoft Edge, the Windows Codecs Library, the MSHTML Engine, the Scripting Engine, Windows Media, and Outlook.

Critical CVE Codes

We compiled a list of the most critical vulnerabilities in the August 2020 Microsoft updates.

CVE-CodeProduct NameCVE Vulnerability Description
Microsoft Internet Explorer CVE-2020-1380Scripting Engine Memory Corruption Vulnerability
Microsoft Windows CVE-2020-1464Windows Spoofing Vulnerability
Windows Server CVE-2020-1472Netlogon Elevation of Privilege Vulnerability
Windows Print Spooler CVE-2020-1337Windows Print Spooler Elevation of Privilege Vulnerability
Windows Print Spooler CVE-2020-1048Print Spooler Elevation of Privilege Vulnerability
Microsoft Edge CVE-2020-1568PDF Remote Code Execution Vulnerability
Microsoft Excel CVE-2020-1495Remote Code Execution Vulnerability

Run the August 2020 Patch Tuesday Audit Report

Similar to previous months, we've created an Audit Report that checks if the assets in your network are on the latest Microsoft patch update. It's color-coded to give you an easy and quick overview of which assets are already on the latest Windows update, and which ones still need to be patched. As always, all admins are advised to install these security updates as soon as possible to protect Windows from security risks.

Patch Tuesday August
Sample Report

If you haven't already, start your free trial of Lansweeper to run the Microsoft Patch Tuesday Report. Make sure to subscribe via the form below if you want to receive the latest Microsoft Patch reports and bonus network reports.

Receive the Latest Patch Tuesday Report for FREE Every Month

Share

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

Try Lansweeper for Free

Learn why Lansweeper is used by thousands of enterprises worldwide.​
FREE WHITE PAPER
Why centralized IT Asset Discovery is more crucial than ever.