Security News > 2020 > August > Two 0-Days Under Active Attack, Among 120 Bugs Patched by Microsoft
Two Microsoft vulnerabilities are under active attack, according the software giant's August Patch Tuesday Security Updates.
"[The] vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer," wrote Microsoft.
Todd Schell, senior product manager, security, Ivanti, said a typical attack vector for CVE-2020-1380 is plant malware on a specially crafted website, compromised websites where user-provided content or advertisements are allowed, and through applications or Microsoft Office documents that host the IE rendering engine.
Of the 120 bugs, Microsoft ranked 17 as "Critical" and 103 as "Important" vulnerabilities.
August's bugs bring the number of critical bugs to ten, points out Allan Liska, senior security architect at Recorded Future.
News URL
https://threatpost.com/0-days-active-attack-bugs-patched-microsoft/158280/
Related news
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Microsoft issues 117 patches – some for flaws already under attack (source)
- Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Week in review: Microsoft patches actively exploited 0-days, Amazon and HSBC employee data leaked (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-17 | CVE-2020-1380 | Out-of-bounds Write vulnerability in Microsoft Internet Explorer 11 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. | 7.8 |