Microsoft’s latest Windows security patch, released on Tuesday, fixes scores of vulnerabilities, including two zero-days, which could allow attackers to remotely execute arbitrary code.
One of the zero-day vulnerabilities (CVE-2020-1464) allowed attackers to spoof file signatures, enabling them to bypass the OS security features and force Windows to incorrectly validate improperly signed files
The second zero=day (CVE-2020-1380), was a remote code execution bug in the scripting engine of the Internet Explorer, which although has been replaced by the Chromium-powered Edge browser, still remains an important part of the operating system as it is used by some apps such as Office.
The Internet Explorer’s library vulnerability in jscript9.dll has been around since IE9. According to researcher Boris Larin at Kaspersky, who identified the vulnerability that exploited the incorrect use of dynamic memory in Internet Explorer, DarkHotel might be behind the attack. “Currently, we are unable to establish a definitive link with any known threat actors, but due to similarities with previously discovered exploits, we believe that DarkHotel may be behind this attack, ” Larin wrote in his findings.
“An attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability,” Microsoft’s security advisory for the vulnerability states.
How to stay safe?
If you keep your Windows device updated, then you’ve nothing to worry about as the lastest August 11,2020 Windows security update will patch the existing vulnerabilities. However, if you’ve restricted or paused Windows updates, it might be a good idea to bring your PC up to speed and patch the bugs in your OS to avoid getting your data hacked.
In the News: Twitter rolls out ‘who can reply’ feature to all users globally