August 2020 Monthly Patch Release

Published on 12 Aug 2020

Updated on 12 Aug 2020

Microsoft has released security patches to address multiple vulnerabilities in their software and products.

The vulnerabilities that have been classified as Critical in severity are listed in the table below.

For the full list of security patches released by Microsoft, please refer to https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Aug

CRITICAL VULNERABILITIES
CVE NumberDescriptionBase ScoreReference
CVE-2020-1472

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network.

To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access.

Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels.

For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472.

When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.

10.0https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472
CVE-2020-1585

A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Exploitation of the vulnerability requires that a program process a specially crafted image file.

The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory.

8.8https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1585
CVE-2020-1554

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.

There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.

The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.

8.0https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1554
CVE-2020-1525

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.

There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.

The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.

7.8https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1525
CVE-2020-1492

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.

There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.

The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.

7.8https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1492
CVE-2020-1477

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.

There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.

The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.

7.8https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1477
CVE-2020-1379

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.

There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.

The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.

7.8https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1379
CVE-2020-1570

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.

7.5https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1570
CVE-2020-1380

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.

7.5https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1380
CVE-2020-1567

A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input.

An attacker could execute arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

In a HTML editing attack scenario, an attacker could trick a user into editing a specially crafted file that is designed to exploit the vulnerability.

The security update addresses the vulnerability by modifying how MSHTML engine validates input.

7.5https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1567
CVE-2020-1339

A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system.

There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.

The security update addresses the vulnerability by correcting how Windows Media Audio Codec handles objects.

7.3https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1339
CVE-2020-1560

A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.

Exploitation of the vulnerability requires that a program process a specially crafted image file.

The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory.

7.3https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1560
CVE-2020-1574

A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code.

Exploitation of the vulnerability requires that a program process a specially crafted image file.

The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory.

7.3https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1574
CVE-2020-1568

A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website that contains malicious PDF content. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted PDF content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site.

The security update addresses the vulnerability by modifying how Microsoft Edge PDF Reader handles objects in memory.

4.2https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1568
CVE-2020-1555

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.

TBDhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1555
CVE-2020-1483

A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Outlook software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.

Note that where severity is indicated as Critical in the Affected Products table, the Preview Pane is an attack vector.

The security update addresses the vulnerability by correcting how Outlook handles objects in memory.

TBDhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1483
CVE-2020-1046

A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system.

To exploit the vulnerability, an attacker would need to be able to upload a specially crafted file to a web application.

The security update addresses the vulnerability by correcting how .NET Framework processes input.

TBDhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1046