Security News > 2020 > August > Microsoft Patch Tuesday, August 2020 Edition
Microsoft today released updates to plug at least 120 security holes in its Windows operating systems and supported software, including two newly discovered vulnerabilities that are actively being exploited.
Yes, good people of the Windows world, it's time once again to backup and patch up!
At least 17 of the bugs squashed in August's patch batch address vulnerabilities Microsoft rates as "Critical," meaning they can be exploited by miscreants or malware to gain complete, remote control over an affected system with little or no help from users.
Satnam Narang at Tenable notes that CVE-2020-1337 is a patch bypass for CVE-2020-1048, another Windows Print Spooler vulnerability that was patched in May 2020.
Narang said researchers found that the patch for CVE-2020-1048 was incomplete and presented their findings for CVE-2020-1337 at the Black Hat security conference earlier this month.
News URL
https://krebsonsecurity.com/2020/08/microsoft-patch-tuesday-august-2020-edition/
Related news
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- February's Patch Tuesday sees Microsoft offer just 63 fixes (source)
- Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- January 2025 Patch Tuesday forecast: Changes coming in cybersecurity guidance (source)
- Week in review: Exploited Ivanti Connect Secure zero-day, Patch Tuesday forecast (source)
- Patch Tuesday: January 2025 Security Update Patches Exploited Elevation of Privilege Attacks (source)
- Windows Patch Tuesday hits snag with Citrix software, workarounds published (source)
- February 2025 Patch Tuesday forecast: New directions for AI development (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-17 | CVE-2020-1337 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. | 0.0 |
| 2020-05-21 | CVE-2020-1048 | Incorrect Resource Transfer Between Spheres vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'. | 7.8 |