Cybersecurity Threat Advisory: Two Microsoft Zero-Day Attack Vulnerabilities
Posted on August 18, 2020 by Mike Beagles
As part of our effort to inform our clients about potential and serious cybersecurity issues, MCP provides advisories about vulnerabilities and exploits that could threaten the operations of their mission-critical communications networks. Sign up to receive these advisories in your inbox as soon as they are released.
This week, there is a new critical alert that requires the mission-critical community’s immediate attention.
Advisory Summary
Microsoft has addressed two zero-day vulnerabilities in last week’s rollout of security patches. A zero-day vulnerability is a software security flaw that is known to the software vendor but no patch exists to fix the flaw, creating the potential for exploitation by cybercriminals.
One of Microsoft’s zero-day vulnerabilities, also known as CVE-2020-1464, could allow an attacker to bypass security features intended to prevent improperly signed files from being loaded. The other zero-day vulnerability, known as CVE-2020-1380, could allow an attacker to gain the same user rights as the current user of an affected machine, which then could allow the attacker to: install programs; view, change or delete data; or create new accounts with full user rights. Mission Critical Partners recommends applying the appropriate patches for Windows and Internet Explorer as soon as possible to properly address these vulnerabilities.Technical Detail and Additional Information
Why Is This Noteworthy?
CVE-2020-1464 exists in most supported and unsupported Windows systems and could enable an attacker to load improperly signed files, which could allow an attacker to trick Windows into believing a malicious file is from a trusted source. Another risk is that a successful exploit of this flaw could enable a remote code execution, enabling an attacker to gain user access rights. This scripting engine vulnerability could be triggered by a user visiting a malicious website or by using an embedded ActiveX control in an application or Microsoft Office document.
What Are the Risks?
Both CVE-2020-1464 and CVE-2020-1380 were exploited prior to updates being released earlier this month and, according to a report that Microsoft said it received from global cybersecurity company Kaspersky, CVE-2020-1380 publicly was disclosed and was being abused in real-world attacks. The zero-day vulnerabilities alone pose enough of a threat to make them a considerable risk, but with the total amount of vulnerabilities (120) addressed this month being so high, mission-critical agencies should make it a priority to make sure that the systems in their environment are patched adequately.
What Are the Recommendations?
Mission Critical Partners recommends that mission-critical organizations apply the patches released by Microsoft as soon as possible to address the discovered zero-day vulnerabilities.
- Security Update lists for Windows systems affected are included, respectively, at the Microsoft links listed below.
- Information technology (IT) managers should ensure that updates are applied to Microsoft Edge (if installed) and all Microsoft Office applications, because these are common targets for malware and phishing.
- Lastly, confirm that Microsoft’s .NET Framework updates also are applied throughout your environment.
For more in-depth information about the recommendations, please visit the following links:
- https://www.zdnet.com/google-amp/article/microsoft-august-2020-patch-tuesday-fixes-120-vulnerabilities-two-zero-days/?__twitter_impression=true&s=09
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1464
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1380
If you are looking for guidance, please reach out. MCP offers a comprehensive cybersecurity solutions suite that is designed specifically for public-safety entities and other critical-infrastructure organizations, to help them determine their network, data and application vulnerabilities. We can help you develop a complete cyberattack prevention strategy. Contact us today to learn more.