Microsoft fixes 100+ flaws, including two zero-days

News
By published

August 2020 Patch Tuesday delivers important Microsoft security fixes

(Image credit: Shutterstock / tanuha2001)

Microsoft has delivered a total of 120 bug fixes as part of August 2020 Patch Tuesday, including patches for two zero-day flaws.

The vulnerabilities addressed in this latest round of patches spanned 13 distinct products, including Windows, Edge, Office, Internet Explorer and more.

17 of the vulnerabilities were handed a maximum severity rating of 10/10, as per the Common Vulnerability Scoring System (CVSS), while two were classified as zero-days, meaning hackers were able to exploit the bugs before Microsoft could administer a fix.

The high volume of vulnerabilities addressed on August 2020 Patch Tuesday makes it the third largest ever, behind only June 2020 (126 vulnerabilities) and July 2020 (123 vulnerabilities).

Microsoft August 2020 Patch Tuesday

The first of the two zero-days patched by Microsoft is a spoofing vulnerability affecting Windows OS, which could be used to “bypass security features and load improperly signed files.”

“In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded. The update addresses the vulnerability by correcting how Windows validates file signatures,” explained Microsoft.

The second zero-day was present in web browser Internet Explorer 11 and has been described by the Redmond giant as “critical”.

Disclosed by security firm Kaspersky, the bug was found in the browser’s scripting engine and could be used to perform remote code execution on a target device.

“The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user,” reads the vulnerability report. 

This could be especially problematic if an attacker were to target a user with administrative privileges, allowing them to install software, edit or delete data and create new accounts with full access privileges.

To mitigate against both zero-day vulnerabilities, as well as the 118 others addressed by August 2020 Patch Tuesday, users are advised to update to the latest versions of all Microsoft products.

The full list of vulnerabilities patched can be found here.

Joel Khalili
Joel Khalili
News and Features Editor

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.

Latest in Pro
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
US flags
US government IT contracts set to be centralized in new Trump order
Google Gemini AI
Gmail is adding a new Gemini AI tool to help smarten up your work emails
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
Closing the cybersecurity skills gap
How CISOs can meet the demands of new privacy regulations
Latest in News
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
23andMe
23andMe is bankrupt and about to sell your DNA, here's how to stop that from happening
A phone showing a ChatGPT app error message
ChatGPT was down for many – here's what happened
AirPods Max with USB-C in every color
Apple's AirPods Max with USB-C will get lossless audio in April, but you'll need to go wired
A woman sitting in a chair looking at a Windows 11 laptop
It looks like Microsoft might have thought better about banishing Copilot AI shortcut from Windows 11
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
More about pro
Lock on Laptop Screen

Medusa ransomware is able to disable anti-malware tools, so be on your guard
Closing the cybersecurity skills gap

How CISOs can meet the demands of new privacy regulations
Cassian Andor looking nervously over his shoulder in Andor season 2

New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
See more latest
Most Popular
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
23andMe
23andMe is bankrupt and about to sell your DNA, here's how to stop that from happening
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
A screenshot from Indiana Jones and the Great Circle showing Indiana Jones
Indiana Jones and the Great Circle finally gets PS5 release date and I can't wait to don the fedora and crack the whip
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Tuesday, March 25 (game #387)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Tuesday, March 25 (game #653)
Quordle on a smartphone held in a hand
Quordle hints and answers for Tuesday, March 25 (game #1156)
AirPods Max with USB-C in every color
Apple's AirPods Max with USB-C will get lossless audio in April, but you'll need to go wired
US flags
US government IT contracts set to be centralized in new Trump order