VERT Threat Alert: August 2020 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s August 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-899 on Wednesday, August 12th.

In-The-Wild & Disclosed CVEs

CVE-2020-1464

A vulnerability exists in the way that Windows validates file signatures. An attacker could load improperly signed files by bypassing security features that validate these signatures. This attack is currently seeing active exploitation.

Microsoft has rated this as a 0 (Exploitation Detected) on the latest software release on the Exploitability Index.

CVE-2020-1380

A memory corruption vulnerability exists in Internet Explorer’s scripting engine that could allow an attacker to compromise a system in the context of the current user.

Microsoft has rated this as a 0 (Exploitation Detected) on the latest software release on the Exploitability Index.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.

Tag CVE Count CVEs
Windows WalletService 2 CVE-2020-1533, CVE-2020-1556
Microsoft Windows 50 CVE-2020-1464, CVE-2020-1470, CVE-2020-1509, CVE-2020-1516, CVE-2020-1517, CVE-2020-1518, CVE-2020-1519, CVE-2020-1520, CVE-2020-1526, CVE-2020-1527, CVE-2020-1528, CVE-2020-1530, CVE-2020-1534, CVE-2020-1535, CVE-2020-1536, CVE-2020-1537, CVE-2020-1538, CVE-2020-1539, CVE-2020-1540, CVE-2020-1541, CVE-2020-1542, CVE-2020-1543, CVE-2020-1544, CVE-2020-1545, CVE-2020-1546, CVE-2020-1547, CVE-2020-1549, CVE-2020-1550, CVE-2020-1383, CVE-2020-1459, CVE-2020-1467, CVE-2020-1475, CVE-2020-1480, CVE-2020-1484, CVE-2020-1485, CVE-2020-1486, CVE-2020-1488, CVE-2020-1489, CVE-2020-1490, CVE-2020-1511, CVE-2020-1512, CVE-2020-1513, CVE-2020-1515, CVE-2020-1551, CVE-2020-1552, CVE-2020-1553, CVE-2020-1566, CVE-2020-1579, CVE-2020-1584, CVE-2020-1587
Microsoft Edge 2 CVE-2020-1568, CVE-2020-1569
Windows Media 5 CVE-2020-1525, CVE-2020-1379, CVE-2020-1339, CVE-2020-1487, CVE-2020-1554
Visual Studio 1 CVE-2020-0604
Microsoft Dynamics 1 CVE-2020-1591
Internet Explorer 1 CVE-2020-1567
Netlogon 1 CVE-2020-1472
Microsoft Scripting Engine 3 CVE-2020-1380, CVE-2020-1555, CVE-2020-1570
Microsoft Office SharePoint 6 CVE-2020-1499, CVE-2020-1500, CVE-2020-1501, CVE-2020-1505, CVE-2020-1573, CVE-2020-1580
Microsoft Windows Codecs Library 3 CVE-2020-1560, CVE-2020-1574, CVE-2020-1585
SQL Server 1 CVE-2020-1455
Microsoft Graphics Component 5 CVE-2020-1510, CVE-2020-1529, CVE-2020-1561, CVE-2020-1562, CVE-2020-1577
Windows AI 3 CVE-2020-1521, CVE-2020-1522, CVE-2020-1524
Windows Shell 2 CVE-2020-1531, CVE-2020-1565
Microsoft Video Control 1 CVE-2020-1492
Windows Kernel 3 CVE-2020-1417, CVE-2020-1479, CVE-2020-1578
Microsoft Office 14 CVE-2020-1483, CVE-2020-1493, CVE-2020-1494, CVE-2020-1495, CVE-2020-1496, CVE-2020-1497, CVE-2020-1498, CVE-2020-1502, CVE-2020-1503, CVE-2020-1504, CVE-2020-1563, CVE-2020-1581, CVE-2020-1582, CVE-2020-1583
Windows Registry 2 CVE-2020-1377, CVE-2020-1378
Windows RDP 1 CVE-2020-1466
.NET Framework 2 CVE-2020-1476, CVE-2020-1046
Windows Update Stack 2 CVE-2020-1548, CVE-2020-1571
Windows Print Spooler Components 1 CVE-2020-1337
ASP.NET 1 CVE-2020-1597
Windows Media Player 2 CVE-2020-1477, CVE-2020-1478
Microsoft JET Database Engine 4 CVE-2020-1473, CVE-2020-1557, CVE-2020-1558, CVE-2020-1564
Windows COM 1 CVE-2020-1474

Other Information

No advisories were released alongside the August Security Guidance.