The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801.

Detailed information on the processing of personal data can be found in the privacy policy.

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801.

Two Microsoft vulnerabilities are under active attack, according the software giant’s August Patch Tuesday Security Updates.

One of the flaws being exploited in the wild is (CVE-2020-1464), a Windows-spoofing bug tied to the validation of file signatures on Windows 10, 7 8.1 and versions of Windows Server.

He added, the exploit appears to be affecting newer versions of the Windows operating systems.

Successful exploitation would allow an attacker to install malicious software, manipulate data or create new accounts,” Liska said.

To exploit this vulnerability, an attacker needs to upload a specially crafted file to a web application,” wrote Liska in a Patch Tuesday research note.

Richard Tsang, senior software engineer at Rapid7, commented in his Patch Tuesday note that the most interesting bug patched this month is a Netlogon elevation of privilege bug (CVE-2020-1472), present in several versions of Windows Server.

“The uniqueness behind the patch of this vulnerability is that it gets completed in two phases, and forces the answer of, ‘am I remediated from CVE-2020-1472’ from a binary ‘yes/no,’ to an ‘it depends,'” Tsang wrote?

He added, “By default, applying the applicable Windows Server patch will resolve the vulnerability for Windows devices without further action, but this implies that non-Windows devices could potentially trigger an exploit.

This webinar “Cloud Security Audit: A Confidential Computing Roundtable” brings top cloud-security experts from Microsoft and Fortanix together to explore how Confidential Computing is a game changer for securing dynamic cloud data and preventing IP exposure.

David Thaler, software architect, Microsoft and Dr Richard Searle, security architect, Fortanix – both with the Confidential Computing Consortium. Register Now.