The August 2020 batch of security updates, patches, and vulnerability fix was released by Microsoft several days ago. Last week’s Patch Tuesday addresses the latest discovered total of 120 software vulnerabilities of Windows OS, which contained 17 critical severity and the remaining under important severity.
Basically – you can get hacked using the Windows OS if you:
- Watch a video – courtesy of the flaws from Windows Codecs and Microsoft Media Foundation
- Play audio – due to the bugs of Windows Media Audio Codecs
- Rewrite an HTML code – with the discovered MSHTML Engine vulnerability flaw
- Accept an Email – via another bug of Microsoft Outlook
- Open a PDF file – from the discovered Microsoft Edge PDF Reader loophole
- Surf the web – thanks to our old and slow friend, the Internet Explorer
Hence, we always advise you to regularly update whenever there are new patches available in Security and Update if you are using a Windows-based Operating System.
Two ongoing Microsoft Windows OS Zero-Day Vulnerabilities being exploited
The vulnerability known as CVE-2020-1380 is a remote code execution bug found in the engine library of jscript9.dll’s scripting. The DLL or Dynamic Link Library is used by all versions of Internet Explorer by default. This vulnerability has been identified as Critical because all versions of Microsoft OS has Internet Explorer installed by default. Cybersecurity researchers described the flaw as a vulnerability in JavaScript that compromises the dynamic memory of the computer that allows hackers to remotely execute code using the currently logged-on user. Hence, if the account logged in has elevated administrator-level privileges. The attackers can take over the compromised operating system. As per Microsoft, the attacker can also embed a marked ‘safe for initialization’ ActiveX control object in an app or MS Office Document that uses the Internet Explorer Rendering Engine for hijacking.
The second vulnerability known as CVE-2020-1464 is also being exploited actively is a spoofing bug that happens when Windows validate file signatures incorrectly. The spoofing bug currently affects all versions of Windows OS and enables hackers to bypass the security intended when loading compromised signed files.
Whether you are using Windows OS for Home use or Server Administration. It is critical to apply the latest security updates to prevent malware, spyware, or ransomware from exploiting your system and prevent cyber attackers from gaining remote control over your system.