Microsoft provided a total of 120 bug fixes as part of the August 2020 Patch Tuesday, including fixes for two zero-day flaws. The vulnerabilities addressed in this latest set of patches affected 13 separate products, including Windows, Edge, Office, Internet Explorer, and more. 17 of the vulnerabilities received a maximum severity rating of 10/10, according to the Common Vulnerability Scoring System (CVSS), while two were classified as zero days, meaning hackers were able to exploit the bugs before Microsoft. can manage a patch. The high volume of vulnerabilities patched during August 2020 Patch Tuesday makes it the third-largest on record, behind only June 2020 (126 vulnerabilities) and July 2020 (123 vulnerabilities).
Microsoft August 2020 Patch Tuesday
The first of two zero-days fixed by Microsoft is an identity theft vulnerability affecting the Windows operating system, which could be used to "bypass security features and upload unsigned files." “In an attack scenario, an attacker could bypass security features designed to prevent the upload of poorly signed files. The update addresses the vulnerability by correcting the way that Windows validates file signatures,” Microsoft explained. The second day zero was present in the Internet Explorer 11 web browser and was described by the Redmond giant as "critical". Revealed by security company Kaspersky, the bug was found in the browser's scripting engine and could be used to remotely execute code on a target device. “The vulnerability could corrupt memory so that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user,” the vulnerability report stated. This could be particularly problematic if an attacker attacks a user with administrative privileges, allowing them to install software, modify or delete data, and create new accounts with full access privileges. To mitigate the Zero Day vulnerabilities, as well as the 118 other vulnerabilities fixed by the August 2020 Patch Tuesday, users are encouraged to update to the latest versions of all Microsoft products. The full list of fixed vulnerabilities is available here.