Trustwave's 2024 Retail Report Series Highlights Alarming E-Commerce Threats and Growing Fraud Against Retailers. Learn More

Trustwave's 2024 Retail Report Series Highlights Alarming E-Commerce Threats and Growing Fraud Against Retailers. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

August's Patch Tuesday is here with 120 CVEs patched. That includes 100 rated as "Important" and 20 rated as "Critical". The bulk of the "Critical" list is made up of various media libraries and codecs where a Remote Code Execution vulnerability can be exploited simply by opening or playing a maliciously generated image, video, or sound file. You'll also find an RCE vulnerability patched in .NET and a Privilege Escalation vulnerability patched in NetLogon.

The long list of vulnerabilities rated as "Important" is mainly a list of Privilege Escalation issues across a variety of software packages including the Office suite, Jet Database, .NET, Sharepoint, the Windows Backup engine and others.

Two of these vulnerabilities, CVE-2020-1380, and CVE-2020-1464, have been publicly exploited. CVE-2020-1464 is a Spoofing vulnerability that affects how Windows identifies digitally signed files. An attacker could potentially bypass the signature verification process in order to execute unauthorized code. CVE-2020-1380 is a Remote Code Execution vulnerability in the Windows Scripting Engine.

With two of these vulnerabilities already being exploited, make sure you patch asap.

Critical

.NET Framework Remote Code Execution Vulnerability
CVE-2020-1046
Remote Code Execution

Media Foundation Memory Corruption Vulnerability
CVE-2020-1379, CVE-2020-1477, CVE-2020-1492, CVE-2020-1525, CVE-2020-1554
Remote Code Execution

Microsoft Edge PDF Remote Code Execution Vulnerability
CVE-2020-1568
Remote Code Execution

Microsoft Outlook Memory Corruption Vulnerability
CVE-2020-1483
Remote Code Execution

Microsoft Windows Codecs Library Remote Code Execution Vulnerability
CVE-2020-1560, CVE-2020-1574, CVE-2020-1585
Remote Code Execution

MSHTML Engine Remote Code Execution Vulnerability
CVE-2020-1567
Remote Code Execution

NetLogon Elevation of Privilege Vulnerability
CVE-2020-1472
Elevation of Privilege

Scripting Engine Memory Corruption Vulnerability
CVE-2020-1380, CVE-2020-1555, CVE-2020-1570
Remote Code Execution

Windows Media Remote Code Execution Vulnerability
CVE-2020-1339
Remote Code Execution


Important

ASP.NET and .NET Elevation of Privilege Vulnerability
CVE-2020-1476
Elevation of Privilege

ASP.NET Core Denial of Service Vulnerability
CVE-2020-1597
Denial of Service

Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
CVE-2020-1511
Elevation of Privilege

DirectWrite Information Disclosure Vulnerability
CVE-2020-1577
Information Disclosure

DirectX Elevation of Privilege Vulnerability
CVE-2020-1479
Elevation of Privilege

Jet Database Engine Remote Code Execution Vulnerability
CVE-2020-1473, CVE-2020-1557, CVE-2020-1558, CVE-2020-1564
Remote Code Execution

Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
CVE-2020-1509
Elevation of Privilege

Media Foundation Information Disclosure Vulnerability
CVE-2020-1487
Information Disclosure

Media Foundation Memory Corruption Vulnerability
CVE-2020-1478
Remote Code Execution

Microsoft Access Remote Code Execution Vulnerability
CVE-2020-1582
Remote Code Execution

Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
CVE-2020-1591
Spoofing

Microsoft Edge Memory Corruption Vulnerability
CVE-2020-1569
Remote Code Execution

Microsoft Excel Information Disclosure Vulnerability
CVE-2020-1497
Information Disclosure

Microsoft Excel Remote Code Execution Vulnerability
CVE-2020-1494, CVE-2020-1495, CVE-2020-1496, CVE-2020-1498, CVE-2020-1504
Remote Code Execution

Microsoft Graphics Components Remote Code Execution Vulnerability
CVE-2020-1561, CVE-2020-1562
Remote Code Execution

Microsoft Office Click-to-Run Elevation of Privilege Vulnerability
CVE-2020-1581
Elevation of Privilege

Microsoft Office Remote Code Execution Vulnerability
CVE-2020-1563
Remote Code Execution

Microsoft Office SharePoint XSS Vulnerability
CVE-2020-1580
Spoofing

Microsoft Outlook Information Disclosure Vulnerability
CVE-2020-1493
Information Disclosure

Microsoft SharePoint Information Disclosure Vulnerability
CVE-2020-1505
Information Disclosure

Microsoft SharePoint Spoofing Vulnerability
CVE-2020-1499, CVE-2020-1500, CVE-2020-1501
Spoofing

Microsoft SQL Server Management Studio Denial of Service Vulnerability
CVE-2020-1455
Denial of Service

Microsoft Word Information Disclosure Vulnerability
CVE-2020-1502, CVE-2020-1503, CVE-2020-1583
Information Disclosure

Visual Studio Code Remote Code Execution Vulnerability
CVE-2020-0604
Remote Code Execution

Win32k Information Disclosure Vulnerability
CVE-2020-1510
Information Disclosure

Windows 10 Update Assistant Elevation of Privilege Vulnerability
CVE-2020-1571
Elevation of Privilege

Windows Accounts Control Elevation of Privilege Vulnerability
CVE-2020-1531
Elevation of Privilege

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2020-1587
Elevation of Privilege

Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
CVE-2020-1488
Elevation of Privilege

Windows ARM Information Disclosure Vulnerability
CVE-2020-1459
Information Disclosure

Windows Backup Engine Elevation of Privilege Vulnerability
CVE-2020-1535, CVE-2020-1536, CVE-2020-1539, CVE-2020-1540, CVE-2020-1541, CVE-2020-1542, CVE-2020-1543, CVE-2020-1544, CVE-2020-1545, CVE-2020-1546, CVE-2020-1547, CVE-2020-1551, CVE-2020-1534
Elevation of Privilege

Windows CDP User Components Elevation of Privilege Vulnerability
CVE-2020-1549, CVE-2020-1550
Elevation of Privilege

Windows CSC Service Elevation of Privilege Vulnerability
CVE-2020-1489, CVE-2020-1513
Elevation of Privilege

Windows Custom Protocol Engine Elevation of Privilege Vulnerability
CVE-2020-1527
Elevation of Privilege

Windows dnsrslvr.dll Elevation of Privilege Vulnerability
CVE-2020-1584
Elevation of Privilege

Windows Elevation of Privilege Vulnerability
CVE-2020-1565
Elevation of Privilege

Windows File Server Resource Management Service Elevation of Privilege Vulnerability
CVE-2020-1517, CVE-2020-1518
Elevation of Privilege

Windows Font Driver Host Remote Code Execution Vulnerability
CVE-2020-1520
Remote Code Execution

Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability
CVE-2020-1579
Elevation of Privilege

Windows GDI Elevation of Privilege Vulnerability
CVE-2020-1480, CVE-2020-1529
Elevation of Privilege

Windows Hard Link Elevation of Privilege Vulnerability
CVE-2020-1467
Elevation of Privilege

Windows Image Acquisition Service Information Disclosure Vulnerability
CVE-2020-1474, CVE-2020-1485
Information Disclosure

Windows Kernel Elevation of Privilege Vulnerability
CVE-2020-1417, CVE-2020-1486, CVE-2020-1566
Elevation of Privilege

Windows Kernel Information Disclosure Vulnerability
CVE-2020-1578
Information Disclosure

Windows Network Connection Broker Elevation of Privilege Vulnerability
CVE-2020-1526
Elevation of Privilege

Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2020-1337
Spoofing

Windows Radio Manager API Elevation of Privilege Vulnerability
CVE-2020-1528
Elevation of Privilege

Windows Registry Elevation of Privilege Vulnerability
CVE-2020-1377, CVE-2020-1378
Elevation of Privilege

Windows Remote Access Elevation of Privilege Vulnerability
CVE-2020-1530, CVE-2020-1537
Elevation of Privilege

Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
CVE-2020-1466
Denial of Service

Windows RRAS Service Information Disclosure Vulnerability
CVE-2020-1383
Information Disclosure

Windows Runtime Elevation of Privilege Vulnerability
CVE-2020-1553
Elevation of Privilege

Windows Server Resource Management Service Elevation of Privilege Vulnerability
CVE-2020-1475
Elevation of Privilege

Windows Speech Runtime Elevation of Privilege Vulnerability
CVE-2020-1521, CVE-2020-1522
Elevation of Privilege

Windows Speech Shell Components Elevation of Privilege Vulnerability
CVE-2020-1524
Elevation of Privilege

Windows Spoofing Vulnerability
CVE-2020-1464
Spoofing

Windows State Repository Service Information Disclosure Vulnerability
CVE-2020-1512
Information Disclosure

Windows Storage Service Elevation of Privilege Vulnerability
CVE-2020-1490
Elevation of Privilege

Windows Telephony Server Elevation of Privilege Vulnerability
CVE-2020-1515
Elevation of Privilege

Windows UPnP Device Host Elevation of Privilege Vulnerability
CVE-2020-1519, CVE-2020-1538
Elevation of Privilege

Windows WaasMedic Service Information Disclosure Vulnerability
CVE-2020-1548
Information Disclosure

Windows WalletService Elevation of Privilege Vulnerability
CVE-2020-1533, CVE-2020-1556
Elevation of Privilege

Windows Work Folderw Service Elevation of Privilege Vulnerability
CVE-2020-1552, CVE-2020-1470, CVE-2020-1484, CVE-2020-1516
Elevation of Privilege

Microsoft Office SharePoint XSS Vulnerability
CVE-2020-1573
Spoofing

About the Author

Karl Sigler is Security Research Manager, SpiderLabs Threat Intelligence at Trustwave. Karl is a 20- year infosec veteran responsible for research and analysis of current vulnerabilities, malware and threat trends at Trustwave. Follow Karl on LinkedIn.

ABOUT TRUSTWAVE

Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.

Latest Intelligence

Discover how our specialists can tailor a security program to fit the needs of
your organization.

Request a Demo