Welcome back to this month’s Patch Tuesday. This month’s salvo of patches fix 120 vulnerabilities, 17 of which have been declared ‘Critical’ by Microsoft, and 2 of which have been exploited in the wild.
Windows
The first zero-day patched this month is a bug in the Windows OS. This vulnerability allows attackers to fool the OS into validating invalid file signatures, which allows them to bypass security features and load malicious files as if they came from a trusted source.
Internet Explorer Scripting Engine
Internet Explorer comes with a scripting engine to run online scripts in real time. The engine is also leveraged by Office products, such as rendering web pages in Word documents. An attacker who took advantage of this engine would be able to remotely execute code with the same security context of the current user. So if a victim were running an office product or Internet Explorer as an administrator, the attacker could gain complete control over the system.
Microsoft Office
Microsoft Office products got their usual attention this month. As mentioned above, Office products that leverage the IE scripting engine were vulnerable to maliciously crafted files. Attackers exploiting these vulnerabilities would be able to execute code within the security context of the current user. This once again reminds us to exercise the principle of least privilege.
Windows Server
Windows Server received a partial fix for CVE-2020-1472, which could allow an unauthenticated attacker to gain administrative access to a Windows domain controller and execute arbitrary commands. Since domain controllers hold the keys to the corporate network kingdom, this is a highly severe vulnerability.
Research Team, BeyondTrust
Identity security threats are escalating at an alarming rate. Driven by the rapid evolution of technology, the increasing sophistication of malicious actors, and an ever-expanding attack surface, it is more important than ever that organizations adopt robust identity security measures that are capable of keeping pace ever-evolving attacks.
The BeyondTrust research and detection engineering teams believe the best way to fully understand cybersecurity threats is to work closely with our customers and partners, conducting real world research into the attacks that matter most to them. By dissecting emerging attack methods and exploitation techniques of threat actors as well as conducting novel research the teams mission is to help organizations defend against identity threats.