Microsoft today released fixes for 120 vulnerabilities, including two zero-days, in 13 products and services as part of its monthly Patch Tuesday rollout.
The August release marks its third-largest Patch Tuesday update, closely following the second-largest in July 2020 (123 patches) and largest-ever in June 2020 (129 patches). This also brings the total number of security fixes for 2020 to 862 – 11 more than Microsoft released in 2019.
"If they maintain this pace, it's quite possible for them to ship more than 1,300 patches this year," says Dustin Childs of Trend Micro's Zero-Day Initiative (ZDI). "This volume – along with difficult servicing scenarios – puts extra pressure on patch management teams."
CVEs patched this month cover Microsoft Windows, Edge (EdgeHTML-based and Chromium-based), ChakraCore, Internet Explorer, Microsoft Scripting Engine, SQL Server, .NET Framework, ASP.NET Core, Office and Office Services and Web Apps, Windows Codecs Library, and Microsoft Dynamics. Of the vulnerabilities, 17 are rated Critical and 103 are Important. Two were under active attack, one of which was publicly known, at the time these fixes were released.
One of the zero-days is a scripting engine memory corruption vulnerability in Internet Explorer. CVE-2020-1380 is a critical remote code execution flaw that exists in the way the scripting engine handles objects in memory in IE. If exploited, it could let an attacker gain the same rights as the current user: If the user is logged in as an administrator, the attacker could take over an affected system; ..
Support the originator by clicking the read the rest link below.
