120 Vulnerabilities Patched in Microsoft's August 2020 Update Tuesday (2020-Aug Patch Tuesday)
August 2020 brings along patches for 120 vulnerabilities within the standard set of Microsoft products (Windows, Office, Browsers, and Developer Tools such as .NET Framework, ASP.NET, and Visual Studio). Among the crowd are two vulnerabilities: CVE-2020-1464, and CVE-2020-1380 that are noted as being exploited in the wild. The good news is that the remediation process behind those two vulnerabilities are fairly straight forward, which allows us to place a bit of focus on some additional vulnerabilities that stray from normal practice.
Microsoft CVE-2020-1472: Netlogon Elevation of Privilege Vulnerability (AttackerKB Analysis)
CVE-2020-1472 is an elevation of privilege vulnerability where a connection to a vulnerable domain controller using the Netlogon Remote Protocol could be used to obtain domain administrator access. The uniqueness behind this particular patch is that full remediation gets completed in two-phases. As a result, it forces the answer of "Am I remediated from CVE-2020-1472" from a binary "Yes/No" to a "It depends".
By default, applying the applicable Windows Server patch will resolve the vulnerability for Windows devices without further action, but this implies that non-Windows devices could potentially trigger an exploit. It is by enforcing (something planned to become default in Q1 2021 according to M ..
Support the originator by clicking the read the rest link below.
