Microsoft has patched over one-hundred twenty (120) vulnerabilities across thirteen (13) of its products as part of its monthly security and non-security update. Two of the addressed flaws have reportedly been exploited in the wild as a zero-day, likely as part of a targeted attack.
A spoofing vulnerability tracked as CVE-2020-1464 affecting Windows Operating System that occurs when Windows incorrectly validates files’ digital signatures. Successful exploitation would enable attackers to bypass security features and allow improperly signed files, such as malicious PDF or Office file documents, to be loaded onto the system.
The other flaw is tracked as CVE-2020-1380, a remote code execution vulnerability in Microsoft’s Scripting Engine related to how objects in memory are handled by Internet Explorer. To exploit the bug, an attacker must lure users to visit a specially crafted website or by sending them booby-trapped Office files to view through the use of Internet Explorer. Successful exploitation would enable attackers to execute arbitrary code in the context of the current user. Moreover, a compromised user with administrative privileges could allow attackers to perform a variety of actions including creating accounts with full privileges, accessing and deleting data and installing malicious programs.
A. Nature of Attack
What are the affected systems of this vulnerability:
- Windows 7
- Windows 8
- Windows 8.1
- Windows 10
- Windows Server 2019
- Windows Server 2016
- Windows Server 2012 R2
- Windows Server 2012
- Windows Server 2008 R2
- Windows Server 2008
B. Actions to be Taken
CERT-PH recommends the following actions be taken:
Immediately test and apply the corresponding patched versions of the affected system from the latest monthly update published by Microsoft. (https://support.microsoft.com/en-ph/help/4563408/august-2020-updates-for-microsoft-office)