Microsoft patched two 0-day vulnerabilities that were under attacks

August Patch Tuesday includes fixes for 120 Microsoft products, from the Edge browser to Windows, from SQL Server to the .NET Framework. At the same time, 17 vulnerabilities received the status of “critical” (mainly, these are bugs in Windows, Edge, Internet Explorer, Outlook, and .NET framework). Microsoft also patched two 0-day vulnerabilities that were already under attack.

The first 0-day bug was identified as CVE-2020-1464 and was found in Windows itself.

“An attacker could have exploited this issue to incorrectly validate file signatures. Essentially, this allowed an attacker to bypass security mechanisms and download incorrectly signed files”, – say the experts.

As usuallyl with vulnerabilities under attack, the technical details of the error and the recorded attacks already were not disclosed. Microsoft uses this approach to make it harder for other hackers to exploit the problem and delay the emergence of new exploits.

Many versions of Windows were be affected, including Windows 7 and Windows Server 2008, support of which have already been discontinued. However, this does not matter; let me remind you that recently Microsoft fixed 17-year-old critical vulnerability in Windows DNS Server.

The second 0-day issue has ID CVE-2020-1380 and was found in the scripting engine of the Internet Explorer browser.

Experts write that during the prevention of an attack on an unnamed South Korean company, they discovered two zero-day vulnerabilities at once.

The first was found in the JavaScript engine of Internet Explorer 11 and was associated with incorrect use of dynamic memory. It gave attackers an ability to remotely execute arbitrary code. The second was found in the system service of the operating system. It allowed attackers to escalate privileges and gain an ability to perform unauthorized actions.

“Exploits for these problems worked in tandem, that is, first, the victim was shod with a malicious script that was executed thanks to a bug in Internet Explorer 11, and then he elevated the privileges of the malicious process through a flaw in the system service. As a result, attackers could take control of the system. Their goal was to compromise the computers of several employees and enter the organization’s internal network”, – said Microsoft experts.

Experts have named this malicious campaign Operation PowerFall. At the moment, a clear connection between it and the well-known groups has not been identified, however, judging by the similarity of the exploits, experts do not exclude involvement in the attacks of the well-known hack group DarkHotel.

As it turned out, Microsoft already knew about the second vulnerability (in the system service) and prepared a patch for it, but the company did not consider the exploitation of the problem in IE11 very likely.

“In the case of CVE-2020-1380, the jscript9.dll library, which is used by default by all versions of Internet Explorer starting from the ninth, turned out to be vulnerable. In other words, the exploit is dangerous for all modern versions of the browser”, – commented the experts.

The researchers note that even those users who have not used the outdated IE for a long time may be at risk. The fact is that some applications periodically use it in their work. For example, Microsoft Office uses IE to display embedded videos in documents.

For a complete list of Microsoft’s August updates, visit the official Security Update Guide.

Let me remind you that in April Microsoft also fixed three vulnerabilities that were actively exploited by hackers.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Check Also

cyberattacks on the Tokyo Olympics

UK says Russian hackers were preparing cyberattacks on Tokyo Olympics

The British government released a statement, according to which the Russian hack group Sandworm was …

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.