Security News > 2020 > August > Two 0-Days Under Active Attack, Among 120 Bugs Patched by Microsoft
Two Microsoft vulnerabilities are under active attack, according the software giant's August Patch Tuesday Security Updates.
"[The] vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer," wrote Microsoft.
Todd Schell, senior product manager, security, Ivanti, said a typical attack vector for CVE-2020-1380 is plant malware on a specially crafted website, compromised websites where user-provided content or advertisements are allowed, and through applications or Microsoft Office documents that host the IE rendering engine.
Of the 120 bugs, Microsoft ranked 17 as "Critical" and 103 as "Important" vulnerabilities.
August's bugs bring the number of critical bugs to ten, points out Allan Liska, senior security architect at Recorded Future.
News URL
https://threatpost.com/0-days-active-attack-bugs-patched-microsoft/158280/
Related news
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)
- Week in review: Chrome sandbox escape 0-day fixed, Microsoft adds new AI agents to Security Copilot (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- Microsoft Defender will isolate undiscovered endpoints to block attacks (source)
- Week in review: Microsoft patches exploited Windows CLFS 0-day, WinRAR MotW bypass flaw fixed (source)
- US indicts Black Kingdom ransomware admin for Microsoft Exchange attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-17 | CVE-2020-1380 | Out-of-bounds Write vulnerability in Microsoft Internet Explorer 11 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. | 0.0 |