Two 0-Days Under Active Attack, Among 120 Bugs Patched by Microsoft

Two Microsoft vulnerabilities are under active attack, according the software giant’s August Patch Tuesday Security Updates. Patches for the flaws are available for the bugs, bringing this month’s total number of vulnerabilities to 120.

One of the flaws being exploited in the wild is (CVE-2020-1464), a Windows-spoofing bug tied to the validation of file signatures on Windows 10, 7 8.1 and versions of Windows Server. Rated “important,” the flaw allows an adversary to “bypass security features intended to prevent improperly signed files from being loaded,” Microsoft said.

A second zero-day is a remote code-execution (RCE) bug rated “critical,” which is tied to the Internet Explorer web browser. Tracked as CVE-2020-1380, this is a scripting engine memory-corruption problem. A successful hack gives the attacker same user rights as the current user, the company wrote.

“[The] vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer,” wrote Microsoft. “The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.”

To read the entire article please click on the Source link above.  Please remember to keep your OS updated as much as possible.