Such as we mentioned in the morning Microsoft has just released security updates for the Patch Tuesday, August 2020.
This month, the company κατάφερε να διορθώσει 120 ευπάθειες σε 13 διαφορετικά προϊόντα, από τον Edge, τα Windows, μέχρι τον SQL Server and the .NET Framework.
Among the 120 vulnerabilities fixed this month, 17 bugs were identified as "Critical" but there are also two zero day vulnerabilities that hackers exploited before Microsoft released today's updates.
1st zero day
The first zero day fixed this month is an operating system bug system of Windows. It has been recorded as CVE-2020-1464, and Microsoft states that if an attacker could exploit it, it could incorrectly validate file signatures.
Intruders can use this error to "bypass security features and upload unsigned files."
As with all Microsoft security advisories, the technical details of the error have not been made public for obvious reasons.
2st zero day
As for the second zero day, it has been recorded as CVE-2020-1380 and exists in the Internet Explorer scripting engine.
Microsoft said it received a report from Kaspersky that hackers discovered a remote code execution (RCE) flaw in the IE scripting engine and where they used it in real attacks.
While the error is in the IE scripting engine, and that other native Microsoft applications are affected, such as the Office suite.
This is because Office applications use the IE scripting engine to integrate and render web pages within Office documents, a feature where the scripting engine plays an important role.
This means that the error can be exploited by attracting users to malicious websites or by sending them trapped Office files.
Below are some useful ones information about today's Microsoft Patch Tuesday, but also about security updates released by other companies this month that sysadmins may have to deal with in addition to the Microsoft batch.