Coin Ney Forum

Coin Ney Forum

You are not logged in.

#1 2020-09-13 09:41:18

From: Austria, Audorf
Registered: 2020-09-11
Posts: 20

Microsoft Office Click-to-Run ()


Microsoft Patch Tuesday August 2020: vulnerabilities with Detected Exploitation

useful for phishing and others.
But let’s start with the  vulnerabilities  that were presented on MS Patch Tuesday on August 11th.
There were 120  vulnerabilities : 17 of them are Critical and 103 Important.
My  could not find public exploits for these  vulnerabilities  on
Internet Explorer ().
Windows ().
Windows spoofing () is good for phishing.
“In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded.”    RCE in  Internet Explorer  () might be interesting in the context of “An attacker could also embed an ActiveX control marked “safe for initialization” in an application or Microsoft Office document that hosts the IE rendering engine”.
Internet Explorer ().
MSHTML Engine ().
Windows Ancillary Function Driver for WinSock ().
Windows GDI (, ).
Windows Kernel ().
Windows dnsrslvr.dll ().
Windows Kernel ().
For some reason, all VM vendors ignored Exploitation  more likely  vulnerabilities this time.

Although RCE in Internet Explorer () and MSHTML Engine () may be interesting

Memory  Corruption  (, , , , , ).
Information Disclosure ().
Remote Code Execution (, , , , ).
Information Disclosure ().
Information Disclosure ().
Cross Site Scripting (, ).
Spoofing (, , ).
Elevation of Privilege (, , , , , , , , , , , ).
NET Framework ().
Jet Database Engine (, , , ).
Microsoft Access ().
Microsoft Edge ().
Microsoft Edge PDF ().

Microsoft Graphics Components (

Microsoft Office ().
Microsoft Outlook ().

Microsoft Windows Codecs Library (

, ).
Scripting Engine ().
Visual Studio Code ().
Windows Font Driver Host ().
Windows  Media  ().
NET Core ().

Microsoft SQL Server Management Studio ()

Windows Remote Desktop Gateway (RD Gateway) ().
NET and.
NET ().
Connected  User Experience s and Telemetry Service ().
DirectX ().
Local Security Authority Subsystem Service ().
Microsoft Office Click-to-Run ().
Netlogon ().
Windows ().
Windows Accounts Control ().
Windows AppX Deployment Extensions ().
Windows Backup Service ().
Windows CDP User Components (, ).
Windows CSC Service (, ).

Windows Custom Protocol Engine ()

Windows File Server  Resource Management  Service (, ).
Windows Function Discovery SSDP Provider ().
Windows Hard Link ().
Windows Kernel (, ).
Windows Network Connection Broker ().
Windows Print Spooler ().
Windows Radio Manager API ().
Windows Registry (, ).
Windows  Remote Access  (, ).
Windows Runtime ().
Windows Server Resource Management Service ().
Windows Setup ().
Windows Speech Runtime (, ).
Windows Speech Shell Components ().
Windows Storage Service ().
Windows Telephony Server ().
Windows UPnP Device Host (, ).
Windows WalletService (, ).
Windows Work Folder Service ().
Windows Work Folders Service (, , ).
DirectWrite ().
Microsoft Outlook ().
Microsoft Word (, , ).
Windows ARM ().
Windows Image Acquisition Service (, ).
Windows Kernel ().
Windows RRAS Service ().
Windows State Repository Service ().
Windows WaasMedic Service ().

Microsoft Dynamics 365 (On-Premise) ()

If we look at the rest of the vulnerabilities.

The most interesting are RCEs in Jet Database Engine (, , , )

Microsoft Edge PDF (), Microsoft Windows Codecs Library (, , ) and Windows Media ().
The second block is Elevation of Privilege in Local Security Authority Subsystem Service (LSASS) (), Windows Print Spooler () and Netlogon ().
For the last one “an unauthenticated attacker could use MS-NRPC to connect to a domain controller as a domain administrator”.

Microsoft Dynamics 365 for Finance and Operations (on-premises) ()
Microsoft Edge (Chromium-based) ()

You may have heard about Microsoft unscheduled update to Windows Remote Access Elevation of Privilege released August 20.
But it was about the same vulnerabilities (, ) that were presented in August Patch Tuesday, but fixes this vulnerability for older OS versions: Windows 8.1, RT 8.1, and Server 2012 R2.
My name is Alexander and I am an Information Security Automation specialist.
You can read more about me.
Currently, the best way to follow me is my Telegram channel.
I update it much more often than this site.
If you haven’t used Telegram yet, give it a try.
It’s great.
You can also discuss my posts or ask a question at.
This entry was posted in ,  and tagged , , , , , , , , , , ,  on  by.
Microsoft Patch Tuesday July 2020: my new open source project Vulristics, DNS SIGRed, RDP Client and SharePoint                       Leave a Reply Cancel reply.
Required fields are marked Name   Email           This site uses Akismet to reduce spam.
Search for:                 Follow me in social networks:   My Telegram Channel:  My Youtube Channel:  My Podcast RSS feed:.
Microsoft Patch Tuesday August 2020: vulnerabilities with Detected Exploitation, useful for phishing and others.
This is my personal blog.
The opinions expressed here are my own and not of my employer.
All product names, logos, and brands are property of their respective owners.
All company, product and service names used here for identification purposes only.
Use of these names, logos, and brands does not imply endorsement.
You can freely use materials of this site, but it would be nice if you place a link on  and send message about it at  or contact me.


Board footer

Powered by FluxBB