This Tuesday, Microsoft released a patch for 120 vulnerabilities. Some of these vulnerabilities are currently under attack, so it is advisable to install the patch quickly. These include multiple zero-day vulnerabilities. In total, Microsoft released a few dozen updates this Update Tuesday for vulnerabilities labeled “critical.”
The first zero-day, CVE-2020-1464 is present in all supported versions of Windows. Microsoft calls CVE-2020-1464 a Windows Authenticode Signature Spoofing Vulnerability. Hackers can use the vulnerability to install malware on systems that use malware protection based on digital signatures.
The CVE-2020-1464 vulnerability is currently being used by hackers. Microsoft did not disclose further details about how, which hacker group is active and who the targets are.
Another zero-day currently under attack is CVE-2020-1380. This vulnerability makes it possible for attackers to install arbitrary malware when a victim views certain content through Internet Explorer. The vulnerability allows attackers to add malicious code to the victim’s memory.
Because Internet Explorer is very outdated, it is vulnerable to various forms of abuse. In general, we shouldn’t see CVE-2020-1380 as too much of a threat, as almost no one uses Internet Explorer anymore.
A third fix Microsoft released this Tuesday is CVE-2020-1337. This patch resolves a vulnerability in CVE-2020-1048, an update Microsoft released last May. The patch released by Microsoft in May was intended to fix a privilege escalation vulnerability in Windows Print Spooler. This service manages the printing process, including finding printer drivers and scheduling print jobs.
Two weeks after Microsoft released the patch, it was announced that the update failed to resolve the vulnerability. Therefore, Microsoft had to develop a new patch, which was released this Tuesday.