Webinar Library
Welcome to this August Patch Tuesday Bulletin. We came close to the huge CVE count from July with 120 unique CVE’s, 6 technologies with critical updates, 2 zero-day vulnerabilities, and 1 of those zero days is publicly disclosed. It is an important month to be diligent with updates so we’ll get straight to the zero days. CVE-2020-1464, a spoofing vulnerability, and CVE-2020-1380, a remote code execution vulnerability, were both exploited prior to updates being released this month. CVE-2020-1464 is a spoofing vulnerability that could allow an attacker to bypass security features and load malicious files. This vulnerability was also publicly disclosed. CVE-2020-1380 is a scripting engine memory corruption vulnerability in Internet Explorer that could allow remote code execution. Make sure you scan for these vulnerabilities and apply appropriate patches for Windows and Internet Explorer as soon as you can. Follow up and confirm updates were deployed to Edge and all Office Apps since these are also popular targets for malware and phishing. .NET also has critical updates so review and ensure those were applied throughout the environment.
Over the years we've had millions of visitors to UltimateWindowsSecurity.com. Every month we have thousands and thousands of visitors to our Security Log Encyclopedia which documents all of the Security Log event ID’s for Windows Server OS’s. Back in 2007 when SharePoint added auditing capability, I realized that my audience not only needed the event information from SharePoint but I also found a similar need in SQL Server and Exchange. So not only did I document the data but I also started to develop the means to extract that event data from these applications so that it’s accessible and useable to the end user. Some 8 years later and LOGbinder is continuing to grow as companies realize LOGbinder bridges the gap between these applications and their infosec team. Visit LOGbinder.com to download a free 30-day fully functional trial and see the security event data that you have literally been missing.
So, without further ado, here’s the chart of MS patches this month.
Patch data provided by:
Technology
Products Affected
Severity
Reference
Workaround/ Exploited
Vulnerability Info
Windows
Windows 8.1, RT 8.1, 10
Server 2012, 2016, 2019
Critical
CVE-2020-1337
CVE-2020-1339
CVE-2020-1377
CVE-2020-1378
CVE-2020-1379
CVE-2020-1383
CVE-2020-1417
CVE-2020-1459
CVE-2020-1464**
CVE-2020-1466
CVE-2020-1467
CVE-2020-1470
CVE-2020-1472
CVE-2020-1473
CVE-2020-1474
CVE-2020-1475
CVE-2020-1477
CVE-2020-1478
CVE-2020-1479
CVE-2020-1480
CVE-2020-1484
CVE-2020-1485
CVE-2020-1486
CVE-2020-1487
CVE-2020-1488
CVE-2020-1489
CVE-2020-1490
CVE-2020-1492
CVE-2020-1509
CVE-2020-1510
CVE-2020-1511
CVE-2020-1512
CVE-2020-1513
CVE-2020-1515
CVE-2020-1516
CVE-2020-1517
CVE-2020-1518
CVE-2020-1519
CVE-2020-1520
CVE-2020-1521
CVE-2020-1522
CVE-2020-1524
CVE-2020-1525
CVE-2020-1526
CVE-2020-1527
CVE-2020-1528
CVE-2020-1529
CVE-2020-1530
CVE-2020-1531
CVE-2020-1533
CVE-2020-1534
CVE-2020-1535
CVE-2020-1536
CVE-2020-1537
CVE-2020-1538
CVE-2020-1539
CVE-2020-1540
CVE-2020-1541
CVE-2020-1542
CVE-2020-1543
CVE-2020-1544
CVE-2020-1545
CVE-2020-1546
CVE-2020-1547
CVE-2020-1548
CVE-2020-1549
CVE-2020-1550
CVE-2020-1551
CVE-2020-1552
CVE-2020-1553
CVE-2020-1554
CVE-2020-1556
CVE-2020-1557
CVE-2020-1558
CVE-2020-1560
CVE-2020-1561
CVE-2020-1562
CVE-2020-1564
CVE-2020-1565
CVE-2020-1566
CVE-2020-1571
CVE-2020-1574
CVE-2020-1577
CVE-2020-1578
CVE-2020-1579
CVE-2020-1584
CVE-2020-1585
CVE-2020-1587
*Workaround: No
**Public: Yes
Exploited: Yes
Security Feature Bypass
Elevation of Privilege
Remote Code Execution
Information Disclosure
Spoofing
Denial of Service
Edge
Edge Chromium-Based
Moderate
CVE-2020-1341
**Public: No
Exploited: No
Edge HTML-based (Legacy)
CVE-2020-1555
CVE-2020-1568
CVE-2020-1569
ChakraCore
All
Internet Explorer
IE 11
CVE-2020-1380
CVE-2020-1567
CVE-2020-1570
Exploited: YES
SQL Server
SQL Server Management Studio 18.6
Important
CVE-2020-1455
.NET Framework
.NET 2.0, 3.5, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8
CVE-2020-1046
CVE-2020-1476
ASP.NET Core
ASP.NET 2.1, 3.1
CVE-2020-1597
Office, Office Services and Web Apps
Access 2010, 2013, 2016
Excel 2010, 2013, 2016
Office 2010, 2013, 2016, 2016 for Mac, 2019, 2019 for Mac, Online Server
Office Web Apps 2010, 2013
Outlook 2010, 2013, 2016
SharePoint Enterprise Server 2013, 2016
SharePoint Foundation 2010, 2013
SharePoint Server 2010, 2019
Word 2010, 2013, 2016
CVE-2020-1483
CVE-2020-1493
CVE-2020-1494
CVE-2020-1495
CVE-2020-1496
CVE-2020-1497
CVE-2020-1498
CVE-2020-1499
CVE-2020-1500
CVE-2020-1501
CVE-2020-1502
CVE-2020-1503
CVE-2020-1504
CVE-2020-1505
CVE-2020-1563
CVE-2020-1573
CVE-2020-1580
CVE-2020-1581
CVE-2020-1582
CVE-2020-1583
Dynamics
Dynamics 365 On Prem 9.0
CVE-2020-1591