0days, a failed patch, and a backdoor threat. Update Tuesday highlights

0days, a failed patch, and a backdoor threat. Update Tuesday highlights

Enlarge

Microsoft on Tuesday patched 120 vulnerabilities, two that are notable because they’re under active attack and a third because it fixes a previous patch for a security flaw that allowed attackers to gain a backdoor that persisted even after a machine was updated.

Zero-day vulnerabilities get their name because an affected developer has zero days to release a patch before the security flaw is under attack. Zero-day exploits can be among the most effective because they usually go undetected by antivirus, intrusion prevention systems, and other security protections. These types of attacks usually indicate a threat actor of above-average means because of the work and skill required to identify the unknown vulnerability and develop a reliable exploit. Adding to the difficulty: the exploits must bypass defenses developers have spent considerable resources implementing.

A hacker's dream: Bypassing code-signing checks

The first zero-day is present in all supported versions of Windows, including Windows 10 and Server 2019, which security professionals consider two of the world’s most secure operating systems. CVE-2020-1464 is what Microsoft is calling a Windows Authenticode Signature Spoofing Vulnerability. Hackers who exploit it can sneak their malware onto targeted systems by bypassing a malware defense that uses digital signatures to certify that software is trustworthy.

Read 16 remaining paragraphs | Comments



https://ift.tt/2Cq3JUY

Comments