VERT Threat Alert: August 2020 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s August 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-899 on Wednesday, August 12th.
In-The-Wild & Disclosed CVEs
CVE-2020-1464
A vulnerability exists in the way that Windows validates file signatures. An attacker could load improperly signed files by bypassing security features that validate these signatures. This attack is currently seeing active exploitation.
Microsoft has rated this as a 0 (Exploitation Detected) on the latest software release on the Exploitability Index.
CVE-2020-1380
A memory corruption vulnerability exists in Internet Explorer’s scripting engine that could allow an attacker to compromise a system in the context of the current user.
Microsoft has rated this as a 0 (Exploitation Detected) on the latest software release on the Exploitability Index.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.
| Tag | CVE Count | CVEs |
| Windows WalletService | 2 | CVE-2020-1533, CVE-2020-1556 |
| Microsoft Windows | 50 | CVE-2020-1464, CVE-2020-1470, CVE-2020-1509, CVE-2020-1516, CVE-2020-1517, CVE-2020-1518, CVE-2020-1519, CVE-2020-1520, CVE-2020-1526, CVE-2020-1527, CVE-2020-1528, CVE-2020-1530, CVE-2020-1534, CVE-2020-1535, CVE-2020-1536, CVE-2020-1537, CVE-2020-1538, CVE-2020-1539, CVE-2020-1540, CVE-2020-1541, CVE-2020-1542, CVE-2020-1543, CVE-2020-1544, CVE-2020-1545, CVE-2020-1546, CVE-2020-1547, CVE-2020-1549, CVE-2020-1550, CVE-2020-1383, CVE-2020-1459, CVE-2020-1467, CVE-2020-1475, CVE-2020-1480, CVE-2020-1484, CVE-2020-1485, CVE-2020-1486, CVE-2020-1488, CVE-2020-1489, CVE-2020-1490, CVE-2020-1511, CVE-2020-1512, CVE-2020-1513, CVE-2020-1515, CVE-2020-1551, CVE-2020-1552, CVE-2020-1553, CVE-2020-1566, CVE-2020-1579, CVE-2020-1584, CVE-2020-1587 |
| Microsoft Edge | 2 | CVE-2020-1568, CVE-2020-1569 |
| Windows Media | 5 | CVE-2020-1525, CVE-2020-1379, CVE-2020-1339, CVE-2020-1487, CVE-2020-1554 |
| Visual Studio | 1 | CVE-2020-0604 |
| Microsoft Dynamics | 1 | CVE-2020-1591 |
| Internet Explorer | 1 | CVE-2020-1567 |
| Netlogon | 1 | CVE-2020-1472 |
| Microsoft Scripting Engine | 3 | CVE-2020-1380, CVE-2020-1555, CVE-2020-1570 |
| Microsoft Office SharePoint | 6 | CVE-2020-1499, CVE-2020-1500, CVE-2020-1501, CVE-2020-1505, CVE-2020-1573, CVE-2020-1580 |
| Microsoft Windows Codecs Library | 3 | CVE-2020-1560, CVE-2020-1574, CVE-2020-1585 |
| SQL Server | 1 | CVE-2020-1455 |
| Microsoft Graphics Component | 5 | CVE-2020-1510, CVE-2020-1529, CVE-2020-1561, CVE-2020-1562, CVE-2020-1577 |
| Windows AI | 3 | CVE-2020-1521, CVE-2020-1522, CVE-2020-1524 |
| Windows Shell | 2 | CVE-2020-1531, CVE-2020-1565 |
| Microsoft Video Control | 1 | CVE-2020-1492 |
| Windows Kernel | 3 | CVE-2020-1417, CVE-2020-1479, CVE-2020-1578 |
| Microsoft Office | 14 | CVE-2020-1483, CVE-2020-1493, CVE-2020-1494, CVE-2020-1495, CVE-2020-1496, CVE-2020-1497, CVE-2020-1498, CVE-2020-1502, CVE-2020-1503, CVE-2020-1504, CVE-2020-1563, CVE-2020-1581, CVE-2020-1582, CVE-2020-1583 |
| Windows Registry | 2 | CVE-2020-1377, CVE-2020-1378 |
| Windows RDP | 1 | CVE-2020-1466 |
| .NET Framework | 2 | CVE-2020-1476, CVE-2020-1046 |
| Windows Update Stack | 2 | CVE-2020-1548, CVE-2020-1571 |
| Windows Print Spooler Components | 1 | CVE-2020-1337 |
| ASP.NET | 1 | CVE-2020-1597 |
| Windows Media Player | 2 | CVE-2020-1477, CVE-2020-1478 |
| Microsoft JET Database Engine | 4 | CVE-2020-1473, CVE-2020-1557, CVE-2020-1558, CVE-2020-1564 |
| Windows COM | 1 | CVE-2020-1474 |
Other Information
No advisories were released alongside the August Security Guidance.
The post ” VERT Threat Alert: August 2020 Patch Tuesday Analysis” appeared first on TripWire
Source:TripWire – Tyler Reguly