Security News > 2020 > August > Microsoft Patch Tuesday, August 2020 Edition

Microsoft Patch Tuesday, August 2020 Edition
2020-08-11 20:55

Microsoft today released updates to plug at least 120 security holes in its Windows operating systems and supported software, including two newly discovered vulnerabilities that are actively being exploited.

Yes, good people of the Windows world, it's time once again to backup and patch up!

At least 17 of the bugs squashed in August's patch batch address vulnerabilities Microsoft rates as "Critical," meaning they can be exploited by miscreants or malware to gain complete, remote control over an affected system with little or no help from users.

Satnam Narang at Tenable notes that CVE-2020-1337 is a patch bypass for CVE-2020-1048, another Windows Print Spooler vulnerability that was patched in May 2020.

Narang said researchers found that the patch for CVE-2020-1048 was incomplete and presented their findings for CVE-2020-1337 at the Black Hat security conference earlier this month.


News URL

https://krebsonsecurity.com/2020/08/microsoft-patch-tuesday-august-2020-edition/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-08-17 CVE-2020-1337 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Microsoft products
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system.
local
low complexity
microsoft CWE-367
7.8
7.8
2020-05-21 CVE-2020-1048 Incorrect Resource Transfer Between Spheres vulnerability in Microsoft products
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'.
local
low complexity
microsoft CWE-669
7.8
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 473 68 2214 4928 253 7463