Security News > 2020 > August > Two 0-Days Under Active Attack, Among 120 Bugs Patched by Microsoft
Two Microsoft vulnerabilities are under active attack, according the software giant's August Patch Tuesday Security Updates.
"[The] vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer," wrote Microsoft.
Todd Schell, senior product manager, security, Ivanti, said a typical attack vector for CVE-2020-1380 is plant malware on a specially crafted website, compromised websites where user-provided content or advertisements are allowed, and through applications or Microsoft Office documents that host the IE rendering engine.
Of the 120 bugs, Microsoft ranked 17 as "Critical" and 103 as "Important" vulnerabilities.
August's bugs bring the number of critical bugs to ten, points out Allan Liska, senior security architect at Recorded Future.
News URL
https://threatpost.com/0-days-active-attack-bugs-patched-microsoft/158280/
Related news
- Microsoft enforces defenses preventing NTLM relay attacks (source)
- Week in review: Microsoft fixes exploited 0-day, top cybersecurity books for your holiday gift list (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Microsoft fixes under-attack privilege-escalation holes in Hyper-V (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Week in review: 48k Fortinet firewalls open to attack, attackers “vishing” orgs via Microsoft Teams (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-17 | CVE-2020-1380 | Out-of-bounds Write vulnerability in Microsoft Internet Explorer 11 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. | 0.0 |