Virtual Administrator’s August 2020 Patch Recommendations
This month Microsoft released patches for 120 vulnerabilities with 17 rated “Critical” and 103 “Important” in severity.
All patches have been approved in our patch policy.
August patches 120 vulnerabilities. Two zero-day patches CVE-2020-1380 and CVE-2020-1464 reported as being exploited in the wild. Fixes for both are included in the Cumulative Update/Monthly Rollup. CVE-2020-1380 is a remote code execution (RCE) bug in the Internet Explorer scripting engine reported by Kaspersky Labs. CVE-2020-1464 is a spoofing bug in all supported version of Windows. One new Security Advisory (ADV200011) affecting Linux. Two updated Security Advisories (ADV990001 and ADV200002) addressing Servicing Stack Updates and Chromium.
Virtual Apps and Desktop: Microsoft Windows Defender Is Detecting Citrix Broker Service And Citrix High Availability Service As Trojan
Exploited: CVE-2020-1380 and CVE-2020-1464
Security Update Guide
Morphus Labs patch dashboard here: https://patchtuesdaydashboard.com
Affected software include:
- Microsoft Windows
- Microsoft Edge (EdgeHTML-based)
- Microsoft Edge (Chromium-based)
- Microsoft ChakraCore
- Internet Explorer
- Microsoft Scripting Engine
- SQL Server
- Microsoft JET Database Engine
- .NET Framework
- ASP.NET Core
- Microsoft Office and Microsoft Office Services and Web Apps
- Microsoft Windows Codecs Library
- Microsoft Dynamics
Microsoft Security Advisories
ADV990001 | Latest Servicing Stack Updates (Published:11/13/2018 | Last Updated:08/11/2020)
Reason for Revision: A Servicing Stack Update has been released for some versions of Windows.
ADV200002 | Chromium Security Updates for Microsoft Edge (Chromium-Based) (Published:01/28/2020 | Last Updated:08/11/2020)
This advisory will be updated whenever Microsoft releases a version of Microsoft Edge (Chromium-based) which incorporates publicly disclosed security updates from the Chromium project. Microsoft will document separately any vulnerabilities in Microsoft Edge (Chromium-based), that are not in Chromium, under a Microsoft-assigned CVE number.
ADV200011 | Microsoft Guidance for Addressing Security Feature Bypass in GRUB (Published: 07/29/2020)
Microsoft is aware of a vulnerability in the GRand Unified Boot Loader (GRUB), commonly used by Linux. This vulnerability, known as “There’s a Hole in the Boot”, could allow for Secure Boot bypass.
To exploit this vulnerability, an attacker would need to have administrative privileges or physical access on a system where Secure Boot is configured to trust the Microsoft Unified Extensible Firmware Interface (UEFI) Certificate Authority (CA). The attacker could install an affected GRUB and run arbitrary boot code on the target device. After successfully exploiting this vulnerability, the attacker could disable further code integrity checks thereby allowing arbitrary executables and drivers to be loaded onto the target device.
Microsoft is working to complete validation and compatibility testing of a required Windows Update that addresses this vulnerability.
Microsoft reports one issue using the IME for Chinese and Japanese with Excel (4566782).
Microsoft continues to list unresolved older problems under the Known Issues for new patches. So if you have not yet experienced one of these issues it is unlikely it will occur now.
Microsoft Excel with Microsoft Input Method Editor (IME) for Chinese and Japanese
Applies to: Windows 10 2004,Windows Server 2004
Symptoms: When using some apps, such as Microsoft Excel, users of the Microsoft Input Method Editor (IME) for Chinese and Japanese might receive an error, or the app might stop responding or close when attempting to drag using the mouse.
Workaround: For more information and workaround steps, please see KB4564002.
You might have issues on Windows 10, version 2004 when using some Microsoft IMEs
Good resource for known issues with Windows 10 patches. Click on the version in the left column for the status of known issues.
Windows 10 release information
Monthly Rollup/Security Only/Windows 10/Server 2016,2019 KBs
Links are https://support.microsoft.com/en-us/help/####### with the KB number only.
Security and Quality Rollup
- KB4571729 – Windows 7, Windows Server 2008 R2 (ESU)
- KB4571703 – Windows 8.1, Windows Server 2012 R2
- KB4571736 – Windows Server 2012
- KB4571730 – Windows Server 2008 (ESU)
Security Only Update
- KB4571719 – Windows 7, Windows Server 2008 R2 (ESU)
- KB4571723 – Windows 8.1, Windows Server 2012 R2
- KB4571702 – Windows Server 2012
- KB4571746 – Windows Server 2008 (ESU)
Cumulative Update for Windows 10
- KB4571692 – Original release version 1507 (OS Build 10240)
- None – Version 1511 (OS Build 10586)
- KB4571694 – Version 1607 “Anniversary Update” (OS Build 14393)
- KB4571689 – Version 1703 “Creators Update” (OS Build 15063)
- KB4571741 – Version 1709 “Fall Creators Update” (OS Build 16299)
- KB4571709 – Version 1803 “Spring Creators Update” (OS Build 17134)
- KB4565349 – Version 1809 “October 2018 Update” (OS Build 17763)
- KB4565351 – Version 1903 “May 2019 Update” (OS Build 18362)
- KB4565351 – Version 1909 “November 2019 Update” (OS Build 18363)
- KB4566782 – Version 2004 “May 2020 Update” (OS Build 19041)
Note: Server 2016 uses the same KB as Windows 10 Version 1607. Server 2019 uses the same KB as Windows 10 Version 1809.
KB4571687 – Cumulative Security Update for Internet Explorer 9/10/11
This cumulative update is included in the monthly updates listed above. It can be installed instead of the monthly to secure Internet Explorer otherwise it is “superseded” by the monthly update.
None – Security Update for Adobe Flash Player
August 2020 updates for Microsoft Office
CVE-2020-1380 | Scripting Engine Memory Corruption Vulnerability (Cumulative Update/Monthly Rollup)
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked “safe for initialization” in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.
The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.
CVE-2020-1464 | Windows Spoofing Vulnerability (Cumulative Update/Monthly Rollup)
A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files.
In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded.
The update addresses the vulnerability by correcting how Windows validates file signatures.
CVE-2020-1472 | Netlogon Elevation of Privilege Vulnerability (Cumulative Update/Monthly Rollup)
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network.
To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access.
Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels.
For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472.
When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.