Security News > 2020 > August > Microsoft Patch Tuesday, August 2020 Edition
Microsoft today released updates to plug at least 120 security holes in its Windows operating systems and supported software, including two newly discovered vulnerabilities that are actively being exploited.
Yes, good people of the Windows world, it's time once again to backup and patch up!
At least 17 of the bugs squashed in August's patch batch address vulnerabilities Microsoft rates as "Critical," meaning they can be exploited by miscreants or malware to gain complete, remote control over an affected system with little or no help from users.
Satnam Narang at Tenable notes that CVE-2020-1337 is a patch bypass for CVE-2020-1048, another Windows Print Spooler vulnerability that was patched in May 2020.
Narang said researchers found that the patch for CVE-2020-1048 was incomplete and presented their findings for CVE-2020-1337 at the Black Hat security conference earlier this month.
News URL
https://krebsonsecurity.com/2020/08/microsoft-patch-tuesday-august-2020-edition/
Related news
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- Microsoft holds last Patch Tuesday of the year with 72 gifts for admins (source)
- Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others (source)
- What Is Patch Tuesday? Microsoft’s Monthly Update Explained (source)
- Microsoft says premature patch could make Windows Recall forget how to work (source)
- December 2024 Patch Tuesday forecast: The secure future initiative impact (source)
- Week in review: Veeam Service Provider Console flaws fixed, Patch Tuesday forecast (source)
- Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability (source)
- January 2025 Patch Tuesday forecast: Changes coming in cybersecurity guidance (source)
- Week in review: Exploited Ivanti Connect Secure zero-day, Patch Tuesday forecast (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-17 | CVE-2020-1337 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. | 0.0 |
| 2020-05-21 | CVE-2020-1048 | Incorrect Resource Transfer Between Spheres vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'. | 7.8 |