Tenable advises organsations to patch Windows OS to protect from “zero-day” exploit

Microsoft, for the sixth month in a row, patched over 100 CVEs in the August 2020 Patch Tuesday release, including 17 CVEs rated critical. For the first time in three months, this update includes patches for two vulnerabilities that were observed being actively exploited in the wild. Please find below a comment from Satnam Narang, Staff Research Engineer at Tenable about this month’s patch update.

“Microsoft has patched over 100 CVEs again, addressing 120 CVEs, including 17 critical vulnerabilities. For the first time in three months, a pair of vulnerabilities have been reported as being exploited in the wild. CVE-2020-1380 is a remote code execution vulnerability in Microsoft’s Scripting Engine due to how objects in memory are handled by Internet Explorer. In order to exploit this vulnerability, an attacker would need to convince their victim to either visit a website containing exploit code or open a malicious document that contains an embedded ActiveX control. Successful exploitation would grant the attacker the ability to execute arbitrary code as the current user.

If said user happens to have administrative privileges, the attacker would be able to perform a variety of actions including creating accounts with full privileges, accessing and deleting data and installing programs. This vulnerability has reportedly been exploited in the wild as a zero-day, likely as part of a targeted attack.CVE-2020-1464 is a spoofing vulnerability in Windows due to an issue with validating file signatures. Successful exploitation of this flaw would allow an attacker to bypass file signature verification to load improperly signed files.

Microsoft says this vulnerability has been exploited in the wild and is publicly known, though they do not provide any further details. Because it affects all currently supported versions of Windows, organizations should apply these patches as soon as possible. This month’s release also contains a fix for CVE-2020-1337, an elevation of privilege vulnerability in the Windows Print Spooler service. Exploitation of this vulnerability would give the attacker elevated privileges on the vulnerable system. This would allow an attacker to execute arbitrary code, create new accounts with full privileges, access and/or delete data and install programs.

The Windows Print Spooler service may sound familiar as it was weaponized by a separate vulnerability in the infamous Stuxnet worm a decade ago. CVE-2020-1337 is a patch bypass for CVE-2020-1048, another Windows Print Spooler vulnerability that was patched in May 2020. Researchers found that the patch for CVE-2020-1048 was incomplete and presented their findings for CVE-2020-1337 at the Black Hat conference earlier this month.” – Satnam Narang, Staff Research Engineer at Tenable.