/i/2002778098.png?fit=%2C&ssl=1)
Microsoft has fixed two zero-day vulnerabilities in Windows. A total of 120 bugs were fixed during Patch Tuesday, including a bug in Internet Explorer and a spoofing vulnerability that were actively exploited.
Of the 120 bugs, 17 have been marked as ‘critical’, it appears de releasenotes van cumulative updates KB4566783 en KB4565351. Furthermore, 103 updates are ‘important’. It’s Microsoft’s third largest Patch Tuesday; only those in June and July of this year were larger.
There were two zero-days between the vulnerabilities. Those bugs were actively exploited, MIcrosoft says. It’s about a memory corruptionvulnerability in Internet Explorer with code CVE-2020-1380. With this vulnerability, an attacker could infect a victim via a phishing website and install programs or create new admin users. The other leak is CVE-2020-1464, a spoofing vulnerability that allowed attackers to forge a file’s signature, making it easier to install infected files themselves.
One of the ‘critical’ bugs relates to privilege escalation. They usually do not receive such a classification. It’s about CVE-2020-1472, where an attacker could establish a Netlogon connection with a domain controller via the Netlogon Remote Protocol.
–
