Microsoft’s August 2020 Patch Tuesday Addresses 120 CVEs

Microsoft, for the sixth month in a row, patched over 100 CVEs in the August 2020 Patch Tuesday release, including 17 CVEs rated critical. For the first time in three months, this update includes patches for two vulnerabilities that were observed being actively exploited in the wild, CVE-2020-1380 and CVE-2020-1464. This month’s update includes patches for Microsoft Windows, Microsoft Edge, Microsoft ChakraCore, Internet Explorer, Microsoft Scripting Engine, SQL Server, Microsoft Jet Database Engine, .NET Framework, ASP.NET Core, Microsoft Office and Microsoft Office Services and Web Apps, Microsoft Windows Codecs Library and Microsoft Dynamics.

Another notable issue Microsoft patched this month is an elevation of privilege vulnerability in the Windows Print Spooler service, CVE-2020-1337. This vulnerability was found as a bypass of the patch for CVE-2020-1048 (also known as PrintDemon), a previous Windows Print Spooler Elevation of Privilege Vulnerability, both of which were identified by researchers Peleg Hadar and Tomer Bar of SafeBreach Labs. The pair recently presented at both the Black Hat USA and DEF CON conferences, where they discussed this new zero-day vulnerability as part of their talk, A Decade After Stuxnet's Printer Vulnerability: Printing is Still the Stairway to Heaven. A proof-of-concept (PoC) is expected to be released soon on their GitHub page. 

You can read more about these CVEs and our analysis of other important vulnerabilities patched by Microsoft this month in our blog here.