fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft July 2020 Patch Tuesday: 123 vulnerabilities, 18 Critical!

Microsoft July 2020 Patch Tuesday: 123 vulnerabilities, 18 Critical!

Microsoft July 2020 Patch Tuesday: 123 vulnerabilities, 18 Critical!
Microsoft July 2020 Patch Tuesday: 123 vulnerabilities, 18 Critical!

Today is Microsoft’s July 2020 Patch Tuesday, and if you see Windows administrators cursing for no reason, now you know why!

With the July 2020 Patch Tuesday security updates release, Microsoft has released one advisory for a tampering vulnerability in IIS and fixes for 123 vulnerabilities in Microsoft products.

Of these vulnerabilities, 18 are classified as Critical, and 105 are classified as Important.

This Patch Tuesday is the second-largest update ever, with the largest one being issued in June 2020 with 129 fixes.

This month patches two previously disclosed vulnerability and a critical 10.0 rated wormable DNS vulnerability.

Users should install these security updates as soon as possible to protect Windows from known security risks.

For information about the non-security Windows updates, you can read about today’s Windows 10 KB4565503 & KB4565483 cumulative updates.

Fix for wormable DNS vulnerability

Today’s most newsworthy fix is for a Critical 10.0 rated vulnerability in Windows DNS Server that allows attackers to perform remote code execution.

Discovered by researchers at Check Point, which makes this vulnerability so dangerous is that it could allow attackers to create a wormable malware that can spread on its own in a network.

This vulnerability has been named SigRed by Check Point and is being tracked as CVE-2020-1350.

Microsoft has offered mitigations for this vulnerability, which can be found in our dedicated ‘Microsoft patches critical wormable SigRed bug in Windows DNS Server‘ article.

Critical vulnerabilities of interest

Three ‘Critical’ vulnerabilities exist in Microsoft Edge and VBScript engine that could allow an attacker to perform remote code execution by tricking a user into visiting a maliciously crafted web site.

If exploited, these vulnerabilities could allow the attacker to execute commands on the computer with the same privileges as the user.

Four ‘Critical’ vulnerabilities require an attacker to trick a user into downloading specially crafted malicious files. These vulnerabilities could be used in phishing or web attacks.

Other critical vulnerabilities are six Hyper-V vulnerabilities that could allow an attacker on a guest operating to execute commands on the host. The other is the previously discussed Windows DNS server vulnerability.

Included in this Patch Tuesday are also fixes for two ‘previously disclosed ‘Important’ vulnerabilities.

Also read: 7 Phases Of Data Life Cycle Every Business Must Be Informed

Recent security updates from other companies

Other vendors who released security updates in July include:

The July 2020 Patch Tuesday Security Updates

Below is the full list of resolved vulnerabilities and released advisories in the July 2020 Patch Tuesday updates.  To access the full description of each vulnerability and the systems that it affects, you can view the full report here.

TagCVE IDCVE TitleSeverity
.NET FrameworkCVE-2020-1147.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution VulnerabilityCritical
Azure DevOpsCVE-2020-1326Azure DevOps Server Cross-site Scripting VulnerabilityImportant
Internet ExplorerCVE-2020-1432Skype for Business via Internet Explorer Information Disclosure VulnerabilityImportant
Microsoft EdgeCVE-2020-1433Microsoft Edge PDF Information Disclosure VulnerabilityImportant
Microsoft EdgeCVE-2020-1462Skype for Business via Microsoft Edge (EdgeHTML-based) Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-1355Windows Font Driver Host Remote Code Execution VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-1468Windows GDI Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-1351Microsoft Graphics Component Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-1436Windows Font Library Remote Code Execution VulnerabilityCritical
Microsoft Graphics ComponentCVE-2020-1435GDI+ Remote Code Execution VulnerabilityCritical
Microsoft Graphics ComponentCVE-2020-1412Microsoft Graphics Components Remote Code Execution VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-1409DirectWrite Remote Code Execution VulnerabilityCritical
Microsoft Graphics ComponentCVE-2020-1408Microsoft Graphics Remote Code Execution VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-1397Windows Imaging Component Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-1381Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-1382Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft JET Database EngineCVE-2020-1407Jet Database Engine Remote Code Execution VulnerabilityImportant
Microsoft JET Database EngineCVE-2020-1400Jet Database Engine Remote Code Execution VulnerabilityImportant
Microsoft JET Database EngineCVE-2020-1401Jet Database Engine Remote Code Execution VulnerabilityImportant
Microsoft Malware Protection EngineCVE-2020-1461Microsoft Defender Elevation of Privilege VulnerabilityImportant
Microsoft OfficeCVE-2020-1445Microsoft Office Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2020-1446Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-1349Microsoft Outlook Remote Code Execution VulnerabilityCritical
Microsoft OfficeCVE-2020-1439PerformancePoint Services Remote Code Execution VulnerabilityCritical
Microsoft OfficeCVE-2020-1240Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-1458Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-1442Office Web Apps XSS VulnerabilityImportant
Microsoft OfficeCVE-2020-1449Microsoft Project Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-1447Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-1448Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2020-1456Microsoft Office SharePoint XSS VulnerabilityImportant
Microsoft Office SharePointCVE-2020-1454Microsoft SharePoint Reflective XSS VulnerabilityImportant
Microsoft Office SharePointCVE-2020-1342Microsoft Office Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2020-1443Microsoft SharePoint Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2020-1450Microsoft Office SharePoint XSS VulnerabilityImportant
Microsoft Office SharePointCVE-2020-1444Microsoft SharePoint Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2020-1451Microsoft Office SharePoint XSS VulnerabilityImportant
Microsoft OneDriveCVE-2020-1465Microsoft OneDrive Elevation of Privilege VulnerabilityImportant
Microsoft Scripting EngineCVE-2020-1403VBScript Remote Code Execution VulnerabilityCritical
Microsoft WindowsCVE-2020-1406Windows Network List Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1410Windows Address Book Remote Code Execution VulnerabilityCritical
Microsoft WindowsCVE-2020-1085Windows Function Discovery Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1402Windows ActiveX Installer Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1330Windows Mobile Device Management Diagnostics Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-1431Windows AppX Deployment Extensions Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1405Windows Mobile Device Management Diagnostics Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1404Windows Runtime Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1438Windows Network Connections Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1430Windows UPnP Device Host Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1429Windows Error Reporting Manager Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1463Windows SharedStream Library Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1437Windows Network Location Awareness Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1434Windows Sync Host Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1427Windows Network Connections Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1413Windows Runtime Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1333Group Policy Services Policy Processing Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1428Windows Network Connections Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1249Windows Runtime Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1267Local Security Authority Subsystem Service Denial of Service VulnerabilityImportant
Microsoft WindowsCVE-2020-1399Windows Runtime Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1365Windows Event Logging Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1366Windows Print Workflow Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1359Windows CNG Key Isolation Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1363Windows Picker Platform Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1370Windows Runtime Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1373Windows Network Connections Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1374Remote Desktop Client Remote Code Execution VulnerabilityCritical
Microsoft WindowsCVE-2020-1371Windows Event Logging Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1372Windows Mobile Device Management Diagnostics Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1356Windows iSCSI Target Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1420Windows Error Reporting Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-1421LNK Remote Code Execution VulnerabilityCritical
Microsoft WindowsCVE-2020-1350Windows DNS Server Remote Code Execution VulnerabilityCritical
Microsoft WindowsCVE-2020-1418Windows Diagnostics Hub Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1422Windows Runtime Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1353Windows Runtime Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1354Windows UPnP Device Host Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1347Windows Storage Services Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1352Windows USO Core Worker Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1375Windows COM Server Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1390Windows Network Connections Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1391Windows Agent Activation Runtime Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-1386Connected User Experiences and Telemetry Service Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-1387Windows Push Notification Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1395Windows Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1398Windows Lockscreen Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1393Windows Diagnostics Hub Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1394Windows Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1385Windows Credential Picker Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1384Windows CNG Key Isolation Service Elevation of Privilege VulnerabilityImportant
Open Source SoftwareCVE-2020-1469Bond Denial of Service VulnerabilityImportant
Skype for BusinessCVE-2020-1025Microsoft Office Elevation of Privilege VulnerabilityCritical
Visual StudioCVE-2020-1416Visual Studio and Visual Studio Code Elevation of Privilege VulnerabilityImportant
Visual StudioCVE-2020-1481Visual Studio Code ESLint Extention Remote Code Execution VulnerabilityImportant
Windows Hyper-VCVE-2020-1041Hyper-V RemoteFX vGPU Remote Code Execution VulnerabilityCritical
Windows Hyper-VCVE-2020-1040Hyper-V RemoteFX vGPU Remote Code Execution VulnerabilityCritical
Windows Hyper-VCVE-2020-1032Hyper-V RemoteFX vGPU Remote Code Execution VulnerabilityCritical
Windows Hyper-VCVE-2020-1036Hyper-V RemoteFX vGPU Remote Code Execution VulnerabilityCritical
Windows Hyper-VCVE-2020-1042Hyper-V RemoteFX vGPU Remote Code Execution VulnerabilityCritical
Windows Hyper-VCVE-2020-1043Hyper-V RemoteFX vGPU Remote Code Execution VulnerabilityCritical
Windows IISADV200008Microsoft Guidance for Enabling Request Smuggling Filter on IIS ServersImportant
Windows KernelCVE-2020-1367Windows Kernel Information Disclosure VulnerabilityImportant
Windows KernelCVE-2020-1396Windows ALPC Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2020-1336Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2020-1419Windows Kernel Information Disclosure VulnerabilityImportant
Windows KernelCVE-2020-1426Windows Kernel Information Disclosure VulnerabilityImportant
Windows KernelCVE-2020-1358Windows Resource Policy Information Disclosure VulnerabilityImportant
Windows KernelCVE-2020-1388Windows Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2020-1389Windows Kernel Information Disclosure VulnerabilityImportant
Windows KernelCVE-2020-1357Windows System Events Broker Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2020-1411Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows ShellCVE-2020-1415Windows Runtime Elevation of Privilege VulnerabilityImportant
Windows ShellCVE-2020-1360Windows Profile Service Elevation of Privilege VulnerabilityImportant
Windows ShellCVE-2020-1414Windows Runtime Elevation of Privilege VulnerabilityImportant
Windows ShellCVE-2020-1368Windows Credential Enrollment Manager Service Elevation of Privilege VulnerabilityImportant
Windows Subsystem for LinuxCVE-2020-1423Windows Subsystem for Linux Elevation of Privilege VulnerabilityImportant
Windows Update StackCVE-2020-1392Windows Elevation of Privilege VulnerabilityImportant
Windows Update StackCVE-2020-1346Windows Modules Installer Elevation of Privilege VulnerabilityImportant
Windows Update StackCVE-2020-1424Windows Update Stack Elevation of Privilege VulnerabilityImportant
Windows WalletServiceCVE-2020-1344Windows WalletService Elevation of Privilege VulnerabilityImportant
Windows WalletServiceCVE-2020-1364Windows WalletService Denial of Service VulnerabilityImportant
Windows WalletServiceCVE-2020-1369Windows WalletService Elevation of Privilege VulnerabilityImportant
Windows WalletServiceCVE-2020-1361Windows WalletService Information Disclosure VulnerabilityImportant
Windows WalletServiceCVE-2020-1362Windows WalletService Elevation of Privilege VulnerabilityImportant

Also read: Top 10 Reliable IT Companies in Singapore

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us