Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ The August 2020 Security Update Review

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š The August 2020 Security Update Review


๐Ÿ’ก Newskategorie: Hacking
๐Ÿ”— Quelle: thezdi.com

August is here and so is the latest batch of security patches from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details of security patches for this month.

Adobe Patches for August 2020

The Adobe release for August includes only two patches. The update forย Adobe Readerย fixes a total of 26 bugs, eight of which came through the ZDI program. Most of these are Out-Of-Bounds (OOB) Reads, but there are also some Use-After-Free (UAF), OOB Write, stack exhaustion, and memory corruption bugs addressed. One interesting bug being fixed here is CVE-2020-9697, which was found by ZDI Vulnerability Analysis Manager Abdul-Aziz Hariri. The reliable info disclosure leak appears to have existed for more than a decade. Weโ€™llย tweetย out the proof-of-concept demonstration for this one tomorrow. Yes โ€“ the demo is short enough to fit in a tweet. Also of note is the Critical-rated CVE-2020-9712. This bug could allow attackers to bypass HTML parsing mitigations within Acrobat Pro DC. Through this, an attacker can trigger the parsing of HTML documentsย remotelyย from within Acrobat. The other patch fixes one privilege escalation bug inย Adobe Lightroom.ย 

None of the bugs patched by Adobe today are listed as publicly known or under active attack at the time of release. In the past two months, Adobe released additional patches later in the month. It will be interesting to see if that trend continues.

Microsoft Patches for August 2020

For August, Microsoft released patches for 120 CVEs in Microsoft Windows, Edge (EdgeHTML-based and Chromium-based), ChakraCore, Internet Explorer (IE), Microsoft Scripting Engine, SQL Server, .NET Framework, ASP.NET Core, Office and Office Services and Web Apps, Windows Codecs Library, and Microsoft Dynamics. Thatโ€™s now six straight months of 110+ CVEs and brings the yearly total to 862 โ€“ 11 more patches than Microsoft shipped in all of 2019. If they maintain this pace, itโ€™s quite possible for them to ship more than 1,300 patches this year. This volume โ€“ along with difficult servicing scenarios โ€“ puts extra pressure on patch management teams.

Of these 120 patches, 17 are listed as Critical and 103 are listed as Important in severity. Eleven of these bugs came through the ZDI program. One of these bugs is listed as being publicly known and two are listed as being under active attack at the time of release. Letโ€™s take a closer look at some of the more interesting updates for this month, starting with the bugs currently being exploited in the wild:

-ย ย ย ย ย ย ย CVE-2020-1380ย - Scripting Engine Memory Corruption Vulnerability
This bug in IE is currently under active attack. Attackers could run their code on a target system if an affected version of IE views a specially crafted website. It is not known how extensive the attacks are, but considering this bug was reported by Kaspersky, itโ€™s reasonable to assume malware is involved. If youโ€™re still using IE, make this one your top priority.

-ย ย ย ย ย ย ย CVE-2020-1464ย - Windows Spoofing Vulnerability
This spoofing bug is publicly known and currently being exploited. It allows an attacker to load improperly signed files, bypassing signature verification. Microsoft does not list where this is public or how many people are affected by the attacks. Regardless, this bug affects all supported versions of Windows, so test and deploy this one quickly.

-ย ย ย ย ย ย ย CVE-2020-1472ย - NetLogon Elevation of Privilege Vulnerability
Itโ€™s rare to see a Critical-rated elevation of privilege bug, but this one deserves it. A vulnerability in the Netlogon Remote Protocol (MS-NRPC) could allow attackers to run their applications on a device on the network. An unauthenticated attacker would use MS-NRPC to connect to a Domain Controller (DC) to obtain administrative access. Whatโ€™s worse is that there is not a full fix available. This patch enables the DCs to protect devices, but a second patch currently slated for Q1 2021 enforces secure Remote Procedure Call (RPC) with Netlogon to fully address this bug. After applying this patch, youโ€™ll still need to make changes to your DC. Microsoft publishedย guidelinesย to help administrators choose the correct settings.ย 

-ย ย ย ย ย ย ย CVE-2020-1585ย - Microsoft Windows Codecs Library Remote Code Execution Vulnerability
This is one of two codec bugs reported by ZDIโ€™s Abdul-Aziz Hariri. The bug allows for code execution if an attacker can convince a user to view a specially crafted image file. The โ€œAV1 Video Extensionโ€ codec is impacted here, and it is only available through the Windows Store, which means the patch is only available through the Windows store. The codec is not a default component, so if you have offline systems, they are unlikely to have the codec installed.ย 

Hereโ€™s the full list of CVEs released by Microsoft for August 2020.ย 

CVE Title Severity Public Exploited XI - Latest XI - Older Type
CVE-2020-1464 Windows Spoofing Vulnerability Important Yes Yes 0 0 Spoof
CVE-2020-1380 Scripting Engine Memory Corruption Vulnerability Critical No Yes 0 N/A RCE
CVE-2020-1046 .NET Framework Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-1525 Media Foundation Memory Corruption Vulnerability Critical No No 2 2 RCE
CVE-2020-1379 Media Foundation Memory Corruption Vulnerability Critical No No 2 2 RCE
CVE-2020-1477 Media Foundation Memory Corruption Vulnerability Critical No No 2 2 RCE
CVE-2020-1492 Media Foundation Memory Corruption Vulnerability Critical No No 2 2 RCE
CVE-2020-1554 Media Foundation Memory Corruption Vulnerability Critical No No 2 2 RCE
CVE-2020-1568 Microsoft Edge PDF Remote Code Execution Vulnerability Critical No No 2 N/A RCE
CVE-2020-1483 Microsoft Outlook Memory Corruption Vulnerability Critical No No 2 2 RCE
CVE-2020-1560 Microsoft Windows Codecs Library Remote Code Execution Vulnerability Critical No No 2 N/A RCE
CVE-2020-1574 Microsoft Windows Codecs Library Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-1585 Microsoft Windows Codecs Library Remote Code Execution Vulnerability Critical No No N/A 2 RCE
CVE-2020-1567 MSHTML Engine Remote Code Execution Vulnerability Critical No No 1 1 RCE
CVE-2020-1472 NetLogon Elevation of Privilege Vulnerability Critical No No 2 2 EoP
CVE-2020-1555 Scripting Engine Memory Corruption Vulnerability Critical No No 2 N/A RCE
CVE-2020-1570 Scripting Engine Memory Corruption Vulnerability Critical No No 1 1 RCE
CVE-2020-1339 Windows Media Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-1476 ASP.NET and .NET Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1597 ASP.NET Core Denial of Service Vulnerability Important No No 2 2 DoS
CVE-2020-1511 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1577 DirectWrite Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1479 DirectX Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1473 Jet Database Engine Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1557 Jet Database Engine Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1558 Jet Database Engine Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1564 Jet Database Engine Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1509 Local Security Authority Subsystem Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1487 Media Foundation Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1478 Media Foundation Memory Corruption Vulnerability Important No No 2 2 RCE
CVE-2020-1582 Microsoft Access Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1591 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Important No No 2 N/A XSS
CVE-2020-1569 Microsoft Edge Memory Corruption Vulnerability Important No No 2 N/A RCE
CVE-2020-1497 Microsoft Excel Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1494 Microsoft Excel Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1495 Microsoft Excel Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1496 Microsoft Excel Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1498 Microsoft Excel Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1504 Microsoft Excel Remote Code Execution Vulnerability Important No No N/A 2 RCE
CVE-2020-1561 Microsoft Graphics Components Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1562 Microsoft Graphics Components Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1581 Microsoft Office Click-to-Run Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1563 Microsoft Office Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1573 Microsoft Office SharePoint XSS Vulnerability Important No No 2 2 XSS
CVE-2020-1580 Microsoft Office SharePoint XSS Vulnerability Important No No 2 2 XSS
CVE-2020-1493 Microsoft Outlook Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1505 Microsoft SharePoint Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1499 Microsoft SharePoint Spoofing Vulnerability Important No No 2 2 Spoof
CVE-2020-1500 Microsoft SharePoint Spoofing Vulnerability Important No No 2 2 Spoof
CVE-2020-1501 Microsoft SharePoint Spoofing Vulnerability Important No No 2 2 Spoof
CVE-2020-1455 Microsoft SQL Server Management Studio Denial of Service Vulnerability Important No No 2 N/A DoS
CVE-2020-1502 Microsoft Word Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1503 Microsoft Word Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1583 Microsoft Word Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0604 Visual Studio Code Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1510 Win32k Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1571 Windows 10 Update Assistant Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1531 Windows Accounts Control Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1587 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2020-1488 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1459 Windows ARM Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1535 Windows Backup Engine Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1536 Windows Backup Engine Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1539 Windows Backup Engine Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1540 Windows Backup Engine Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1541 Windows Backup Engine Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1542 Windows Backup Engine Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1543 Windows Backup Engine Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1544 Windows Backup Engine Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1545 Windows Backup Engine Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1546 Windows Backup Engine Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1547 Windows Backup Engine Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1551 Windows Backup Engine Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1534 Windows Backup Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1549 Windows CDP User Components Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1550 Windows CDP User Components Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1489 Windows CSC Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1513 Windows CSC Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1527 Windows Custom Protocol Engine Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1584 Windows dnsrslvr.dll Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2020-1565 Windows Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1517 Windows File Server Resource Management Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1518 Windows File Server Resource Management Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1520 Windows Font Driver Host Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1579 Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1529 Windows GDI Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2020-1480 Windows GDI Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2020-1467 Windows Hard Link Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1474 Windows Image Acquisition Service Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1485 Windows Image Acquisition Service Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1417 Windows Kernel Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1486 Windows Kernel Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1566 Windows Kernel Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2020-1578 Windows Kernel Information Disclosure Vulnerability Important No No 1 1 Info
CVE-2020-1526 Windows Network Connection Broker Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1337 Windows Print Spooler Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1528 Windows Radio Manager API Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1377 Windows Registry Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1378 Windows Registry Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1530 Windows Rem ...



๐Ÿ“Œ August View review: August smart doorbell has an easy-breezy install


๐Ÿ“ˆ 22.04 Punkte

๐Ÿ“Œ The August 2020 Security Update Review


๐Ÿ“ˆ 21.22 Punkte

๐Ÿ“Œ The August 2019 Security Update Review


๐Ÿ“ˆ 18.66 Punkte

๐Ÿ“Œ The August 2021 Security Update Review


๐Ÿ“ˆ 18.66 Punkte

๐Ÿ“Œ The August 2022 Security Update Review


๐Ÿ“ˆ 18.66 Punkte

๐Ÿ“Œ The August 2023 Security Update Review


๐Ÿ“ˆ 18.66 Punkte

๐Ÿ“Œ Apple's August 2022 in review: iPhone 14 event looms, roaming AirTags, and more


๐Ÿ“ˆ 14.23 Punkte

๐Ÿ“Œ Apple's August 2023 in review - Vision Pro grows nearer, Apple TV+ gets Messi, iPhone end call button drama


๐Ÿ“ˆ 14.23 Punkte

๐Ÿ“Œ Android Security Update for August 2019 Now Rolling Out with 26 Security Fixes


๐Ÿ“ˆ 14.16 Punkte

๐Ÿ“Œ The January 2020 Security Update Review


๐Ÿ“ˆ 13.4 Punkte

๐Ÿ“Œ The February 2020 Security Update Review


๐Ÿ“ˆ 13.4 Punkte

๐Ÿ“Œ The March 2020 Security Update Review


๐Ÿ“ˆ 13.4 Punkte

๐Ÿ“Œ The April 2020 Security Update Review


๐Ÿ“ˆ 13.4 Punkte

๐Ÿ“Œ The May 2020 Security Update Review


๐Ÿ“ˆ 13.4 Punkte

๐Ÿ“Œ The June 2020 Security Update Review


๐Ÿ“ˆ 13.4 Punkte

๐Ÿ“Œ The July 2020 Security Update Review


๐Ÿ“ˆ 13.4 Punkte

๐Ÿ“Œ The September 2020 Security Update Review


๐Ÿ“ˆ 13.4 Punkte

๐Ÿ“Œ The October 2020 Security Update Review


๐Ÿ“ˆ 13.4 Punkte

๐Ÿ“Œ The November 2020 Security Update Review


๐Ÿ“ˆ 13.4 Punkte

๐Ÿ“Œ The December 2020 Security Update Review


๐Ÿ“ˆ 13.4 Punkte

๐Ÿ“Œ The December 2020 Security Update Review


๐Ÿ“ˆ 13.4 Punkte

๐Ÿ“Œ Summer Game Fest 2020: Digitale Veranstaltungsreihe mehrerer Publisher bis August 2020 mit Geoff Keighley


๐Ÿ“ˆ 12.93 Punkte

๐Ÿ“Œ CynergisTek Will Host Conference Call on Thursday, August 13, 2020, to Discuss Second-Quarter 2020 Financial Results


๐Ÿ“ˆ 12.93 Punkte

๐Ÿ“Œ Adobe Acrobat und Reader DC Version 2020.012.20041 ist da โ€บ Das August 2020 Release bringt viele neue Funktionen


๐Ÿ“ˆ 12.93 Punkte

๐Ÿ“Œ Adobe Acrobat und Reader DC Version 2020.012.20041 ist da โ€บ Das August 2020 Release bringt ...


๐Ÿ“ˆ 12.93 Punkte

๐Ÿ“Œ Serious Sam 4: Release im August 2020 [Update]


๐Ÿ“ˆ 12.89 Punkte

๐Ÿ“Œ Sky Q Update: Neue Bedienung und Funktionen im Juli und August 2020


๐Ÿ“ˆ 12.89 Punkte

๐Ÿ“Œ heise+ | heise+ Update: Der Newsletter vom 7. August 2020


๐Ÿ“ˆ 12.89 Punkte

๐Ÿ“Œ heise+ | heise+ Update: Der Newsletter vom 14. August 2020


๐Ÿ“ˆ 12.89 Punkte

๐Ÿ“Œ Sky Q Update: Neue Bedienung und Funktionen im Juli und August 2020


๐Ÿ“ˆ 12.89 Punkte

๐Ÿ“Œ August 2020 Update for Netsparker Enterprise On-Premises


๐Ÿ“ˆ 12.89 Punkte

๐Ÿ“Œ heise+ | heise+ Update: Der Newsletter vom 21. August 2020


๐Ÿ“ˆ 12.89 Punkte

๐Ÿ“Œ The August 2020 Xbox One update improves the Guide, rolling out now


๐Ÿ“ˆ 12.89 Punkte











matomo