Skip to content

Microsoft patches two Windows zero-days in August’s security update

Microsoft’s latest Windows security patch, released on Tuesday, fixes scores of vulnerabilities, including two zero-days, which could allow attackers to remotely execute arbitrary code.

One of the zero-day vulnerabilities (CVE-2020-1464) allowed attackers to spoof file signatures, enabling them to bypass the OS security features and force Windows to incorrectly validate improperly signed files

The second zero=day (CVE-2020-1380), was a remote code execution bug in the scripting engine of the Internet Explorer, which although has been replaced by the Chromium-powered Edge browser, still remains an important part of the operating system as it is used by some apps such as Office.

The Internet Explorer’s library vulnerability in jscript9.dll has been around since IE9. According to researcher Boris Larin at Kaspersky, who identified the vulnerability that exploited the incorrect use of dynamic memory in Internet Explorer, DarkHotel might be behind the attack. “Currently, we are unable to establish a definitive link with any known threat actors, but due to similarities with previously discovered exploits, we believe that DarkHotel may be behind this attack, ” Larin wrote in his findings.

What is a Zero-day exploit and how to protect against it?

“An attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability,” Microsoft’s security advisory for the vulnerability states.

How to stay safe?

If you keep your Windows device updated, then you’ve nothing to worry about as the lastest August 11,2020 Windows security update will patch the existing vulnerabilities. However, if you’ve restricted or paused Windows updates, it might be a good idea to bring your PC up to speed and patch the bugs in your OS to avoid getting your data hacked.

In the News: Twitter rolls out ‘who can reply’ feature to all users globally

Hello There!

If you like what you read, please support our publication by sharing it with your friends, family and colleagues. If you're running an Adblocker, we humbly request you to whitelist us.

Share on facebook
Share on whatsapp
Share on twitter
Share on reddit
Share on linkedin
Share on pocket
Share on pinterest
Share on telegram
Share on stumbleupon
Share on digg
Share on tumblr
Share on email
Share on skype
Share on xing
Share on vk
Share on odnoklassniki
Share on mix