Today’s VERT Alert addresses Microsoft’s August 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-899 on Wednesday, August 12th.

In-The-Wild & Disclosed CVEs

CVE-2020-1464

A vulnerability exists in the way that Windows validates file signatures. An attacker could load improperly signed files by bypassing security features that validate these signatures. This attack is currently seeing active exploitation.

AWS Builder Community Hub

Microsoft has rated this as a 0 (Exploitation Detected) on the latest software release on the Exploitability Index.

CVE-2020-1380

A memory corruption vulnerability exists in Internet Explorer’s scripting engine that could allow an attacker to compromise a system in the context of the current user.

Microsoft has rated this as a 0 (Exploitation Detected) on the latest software release on the Exploitability Index.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.

TagCVE CountCVEs
Windows WalletService2CVE-2020-1533, CVE-2020-1556
Microsoft Windows50CVE-2020-1464, CVE-2020-1470, CVE-2020-1509, CVE-2020-1516, CVE-2020-1517, CVE-2020-1518, CVE-2020-1519, CVE-2020-1520, CVE-2020-1526, CVE-2020-1527, CVE-2020-1528, CVE-2020-1530, CVE-2020-1534, CVE-2020-1535, CVE-2020-1536, CVE-2020-1537, CVE-2020-1538, CVE-2020-1539, CVE-2020-1540, CVE-2020-1541, CVE-2020-1542, CVE-2020-1543, CVE-2020-1544, CVE-2020-1545, CVE-2020-1546, CVE-2020-1547, CVE-2020-1549, CVE-2020-1550, CVE-2020-1383, CVE-2020-1459, CVE-2020-1467, CVE-2020-1475, CVE-2020-1480, CVE-2020-1484, CVE-2020-1485, CVE-2020-1486, CVE-2020-1488, CVE-2020-1489, CVE-2020-1490, CVE-2020-1511, CVE-2020-1512, CVE-2020-1513, CVE-2020-1515, CVE-2020-1551, CVE-2020-1552, CVE-2020-1553, CVE-2020-1566, CVE-2020-1579, CVE-2020-1584, CVE-2020-1587
Microsoft Edge2CVE-2020-1568, CVE-2020-1569
Windows Media5CVE-2020-1525, CVE-2020-1379, CVE-2020-1339, CVE-2020-1487, CVE-2020-1554
Visual Studio1CVE-2020-0604
Microsoft Dynamics1CVE-2020-1591
Internet Explorer1CVE-2020-1567
Netlogon1CVE-2020-1472
Microsoft Scripting Engine3CVE-2020-1380, CVE-2020-1555, CVE-2020-1570
Microsoft Office SharePoint6CVE-2020-1499, CVE-2020-1500, CVE-2020-1501, CVE-2020-1505, CVE-2020-1573, CVE-2020-1580
Microsoft Windows Codecs Library3CVE-2020-1560, CVE-2020-1574, CVE-2020-1585
SQL Server1CVE-2020-1455
Microsoft Graphics Component5CVE-2020-1510, CVE-2020-1529, CVE-2020-1561, CVE-2020-1562, CVE-2020-1577
Windows AI3CVE-2020-1521, CVE-2020-1522, CVE-2020-1524
Windows Shell2CVE-2020-1531, CVE-2020-1565
Microsoft (Read more...)