D

on't miss a single vulnerability this Patch Tuesday. The latest patches and updates from Microsoft and multiple third-party applications can be found in August's Patch Tuesday Index below. Ensure you're minimizing your attack surface by joining our Automating Patch Tuesday Webinar this Wednesday. Patch Tuesday expert Richard Melick will give recommended remediation strategies for current vulnerabilities and exploits (plus a chance to win a Raspberry Pi).

Microsoft has released 120 vulnerabilities, 17 of which are deemed Critical. There is one zero-day, CVE-2020-1380, and one publicly disclosed vulnerability, CVE-2020-1464.

Adobe released updates for Lightroom, Acrobat, and Reader in August. We've also included updates from Mozilla and Adobe that were released between last month's Patch Tuesday and this one.

Updated Live. Last Update 1:13 PM EST August 11 2020.

adobeAdobe
Product
Title
Identifier
Severity
Adobe Lightroom 1 Security Vulnerability fixed in Adobe Lightroom APSB20-51 High
Adobe Acrobat and Reader 26 Security Vulnerabilities fixed in Adobe Acrobat and Reader APSB20-48 High
Adobe Reader Mobile 1 Security Vulnerability fixed in Adobe Reader Mobile APSB20-50 High
Magento 4 Security Vulnerabilities fixed in Magento APSB20-47 High
Adobe Prelude 4 Security Vulnerabilities fixed in Adobe Prelude APSB20-46 Medium
Adobe Photoshop 5 Security Vulnerabilities fixed in Adobe Photoshop APSB20-45 Medium
Adobe Bridge 3 Security Vulnerabilities fixed in Adobe Bridge APSB20-44 Medium
firefoxMozilla Firefox
Product
Title
Identifier
Severity
Firefox 10 Security Vulnerabilities fixed in Firefox 79 MFSA 2020-30 High
Firefox ESR 6 Security Vulnerabilities fixed in Firefox ESR 68.11 MFSA 2020-31 High
Firefox ESR 10 Security Vulnerabilities fixed in Firefox ESR 78.1 MFSA 2020-32 High
Thunderbird 10 Security Vulnerabilities fixed in Thunderbird 78.1 MFSA 2020-33 High
Firefox for iOS 3 Security Vulnerabilities fixed in Firefox for iOS 28 MFSA 2020-34 High
Thunderbird 4 Security Vulnerabilities fixed in Thunderbird 68.11 MFSA 2020-35 High
microsoftMicrosoft
Product
Title
Identifier
Severity
Microsoft Scripting Engine Scripting Engine Memory Corruption Vulnerability CVE-2020-1380 Critical Zero-Day
.NET Framework .NET Framework Remote Code Execution Vulnerability CVE-2020-1046 Critical
Internet Explorer MSHTML Engine Remote Code Execution Vulnerability CVE-2020-1567 Critical
Microsoft Edge Microsoft Edge PDF Remote Code Execution Vulnerability CVE-2020-1568 Critical
Microsoft Office Microsoft Outlook Memory Corruption Vulnerability CVE-2020-1483 Critical
Microsoft Scripting Engine Scripting Engine Memory Corruption Vulnerability CVE-2020-1555 Critical
Microsoft Scripting Engine Scripting Engine Memory Corruption Vulnerability CVE-2020-1570 Critical
Microsoft Video Control Media Foundation Memory Corruption Vulnerability CVE-2020-1492 Critical
Microsoft Windows Codecs Library Microsoft Windows Codecs Library Remote Code Execution Vulnerability CVE-2020-1560 Critical
Microsoft Windows Codecs Library Microsoft Windows Codecs Library Remote Code Execution Vulnerability CVE-2020-1574 Critical
Microsoft Windows Codecs Library Microsoft Windows Codecs Library Remote Code Execution Vulnerability CVE-2020-1585 Critical
Netlogon NetLogon Elevation of Privilege Vulnerability CVE-2020-1472 Critical
Windows Media Media Foundation Memory Corruption Vulnerability CVE-2020-1525 Critical
Windows Media Windows Media Remote Code Execution Vulnerability CVE-2020-1339 Critical
Windows Media Media Foundation Memory Corruption Vulnerability CVE-2020-1379 Critical
Windows Media Media Foundation Memory Corruption Vulnerability CVE-2020-1554 Critical
Windows Media Player Media Foundation Memory Corruption Vulnerability CVE-2020-1477 Critical
.NET Framework ASP.NET and .NET Elevation of Privilege Vulnerability CVE-2020-1476 High
ASP.NET ASP.NET Core Denial of Service Vulnerability CVE-2020-1597 High
Microsoft Dynamics Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability CVE-2020-1591 High
Microsoft Edge Microsoft Edge Memory Corruption Vulnerability CVE-2020-1569 High
Microsoft Graphics Component Microsoft Graphics Components Remote Code Execution Vulnerability CVE-2020-1562 High
Microsoft Graphics Component Windows GDI Elevation of Privilege Vulnerability CVE-2020-1529 High
Microsoft Graphics Component DirectWrite Information Disclosure Vulnerability CVE-2020-1577 High
Microsoft Graphics Component Microsoft Graphics Components Remote Code Execution Vulnerability CVE-2020-1561 High
Microsoft Graphics Component Win32k Information Disclosure Vulnerability CVE-2020-1510 High
Microsoft JET Database Engine Jet Database Engine Remote Code Execution Vulnerability CVE-2020-1473 High
Microsoft JET Database Engine Jet Database Engine Remote Code Execution Vulnerability CVE-2020-1557 High
Microsoft JET Database Engine Jet Database Engine Remote Code Execution Vulnerability CVE-2020-1564 High
Microsoft JET Database Engine Jet Database Engine Remote Code Execution Vulnerability CVE-2020-1558 High
Microsoft Office Microsoft Excel Remote Code Execution Vulnerability CVE-2020-1495 High
Microsoft Office Microsoft Excel Remote Code Execution Vulnerability CVE-2020-1504 High
Microsoft Office Microsoft Word Information Disclosure Vulnerability CVE-2020-1503 High
Microsoft Office Microsoft Word Information Disclosure Vulnerability CVE-2020-1502 High
Microsoft Office Microsoft Excel Remote Code Execution Vulnerability CVE-2020-1496 High
Microsoft Office Microsoft Excel Remote Code Execution Vulnerability CVE-2020-1494 High
Microsoft Office Microsoft Office Remote Code Execution Vulnerability CVE-2020-1563 High
Microsoft Office Microsoft Word Information Disclosure Vulnerability CVE-2020-1583 High
Microsoft Office Microsoft Access Remote Code Execution Vulnerability CVE-2020-1582 High
Microsoft Office Microsoft Office Click-to-Run Elevation of Privilege Vulnerability CVE-2020-1581 High
Microsoft Office Microsoft Excel Remote Code Execution Vulnerability CVE-2020-1498 High
Microsoft Office Microsoft Excel Information Disclosure Vulnerability CVE-2020-1497 High
Microsoft Office Microsoft Outlook Information Disclosure Vulnerability CVE-2020-1493 High
Microsoft Office SharePoint Microsoft SharePoint Spoofing Vulnerability CVE-2020-1499 High
Microsoft Office SharePoint Microsoft SharePoint Spoofing Vulnerability CVE-2020-1501 High
Microsoft Office SharePoint Microsoft SharePoint Spoofing Vulnerability CVE-2020-1500 High
Microsoft Office SharePoint Microsoft Office SharePoint XSS Vulnerability CVE-2020-1580 High
Microsoft Office SharePoint Microsoft Office SharePoint XSS Vulnerability CVE-2020-1573 High
Microsoft Office SharePoint Microsoft SharePoint Information Disclosure Vulnerability CVE-2020-1505 High
Microsoft Windows Windows Storage Service Elevation of Privilege Vulnerability CVE-2020-1490 High
Microsoft Windows Windows Kernel Elevation of Privilege Vulnerability CVE-2020-1486 High
Microsoft Windows Windows Image Acquisition Service Information Disclosure Vulnerability CVE-2020-1485 High
Microsoft Windows Windows AppX Deployment Extensions Elevation of Privilege Vulnerability CVE-2020-1488 High
Microsoft Windows Windows CSC Service Elevation of Privilege Vulnerability CVE-2020-1489 High
Microsoft Windows Windows Backup Engine Elevation of Privilege Vulnerability CVE-2020-1551 High
Microsoft Windows Windows State Repository Service Information Disclosure Vulnerability CVE-2020-1512 High
Microsoft Windows Windows CSC Service Elevation of Privilege Vulnerability CVE-2020-1513 High
Microsoft Windows Windows Telephony Server Elevation of Privilege Vulnerability CVE-2020-1515 High
Microsoft Windows Windows Work Folder Service Elevation of Privilege Vulnerability CVE-2020-1552 High
Microsoft Windows Windows Runtime Elevation of Privilege Vulnerability CVE-2020-1553 High
Microsoft Windows Windows Kernel Elevation of Privilege Vulnerability CVE-2020-1566 High
Microsoft Windows Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability CVE-2020-1579 High
Microsoft Windows Windows dnsrslvr.dll Elevation of Privilege Vulnerability CVE-2020-1584 High
Microsoft Windows Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2020-1587 High
Microsoft Windows Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability CVE-2020-1511 High
Microsoft Windows Windows GDI Elevation of Privilege Vulnerability CVE-2020-1480 High
Microsoft Windows Windows Work Folders Service Elevation of Privilege Vulnerability CVE-2020-1484 High
Microsoft Windows Windows UPnP Device Host Elevation of Privilege Vulnerability CVE-2020-1538 High
Microsoft Windows Windows Backup Engine Elevation of Privilege Vulnerability CVE-2020-1547 High
Microsoft Windows Windows Radio Manager API Elevation of Privilege Vulnerability CVE-2020-1528 High
Microsoft Windows Windows Backup Engine Elevation of Privilege Vulnerability CVE-2020-1545 High
Microsoft Windows Windows Backup Engine Elevation of Privilege Vulnerability CVE-2020-1544 High
Microsoft Windows Windows Backup Engine Elevation of Privilege Vulnerability CVE-2020-1543 High
Microsoft Windows Windows Backup Engine Elevation of Privilege Vulnerability CVE-2020-1542 High
Microsoft Windows Windows Backup Engine Elevation of Privilege Vulnerability CVE-2020-1541 High
Microsoft Windows Windows Backup Engine Elevation of Privilege Vulnerability CVE-2020-1540 High
Microsoft Windows Windows Backup Engine Elevation of Privilege Vulnerability CVE-2020-1539 High
Microsoft Windows Windows Remote Access Elevation of Privilege Vulnerability CVE-2020-1537 High
Microsoft Windows Windows Backup Engine Elevation of Privilege Vulnerability CVE-2020-1536 High
Microsoft Windows Windows Backup Engine Elevation of Privilege Vulnerability CVE-2020-1535 High
Microsoft Windows Windows Backup Service Elevation of Privilege Vulnerability CVE-2020-1534 High
Microsoft Windows Windows Network Connection Broker Elevation of Privilege Vulnerability CVE-2020-1526 High
Microsoft Windows Windows Remote Access Elevation of Privilege Vulnerability CVE-2020-1530 High
Microsoft Windows Windows Font Driver Host Remote Code Execution Vulnerability CVE-2020-1520 High
Microsoft Windows Windows CDP User Components Elevation of Privilege Vulnerability CVE-2020-1549 High
Microsoft Windows Windows Backup Engine Elevation of Privilege Vulnerability CVE-2020-1546 High
Microsoft Windows Windows UPnP Device Host Elevation of Privilege Vulnerability CVE-2020-1519 High
Microsoft Windows Windows Spoofing Vulnerability CVE-2020-1464 High
Microsoft Windows Windows Server Resource Management Service Elevation of Privilege Vulnerability CVE-2020-1475 High
Microsoft Windows Windows Work Folders Service Elevation of Privilege Vulnerability CVE-2020-1470 High
Microsoft Windows Windows CDP User Components Elevation of Privilege Vulnerability CVE-2020-1550 High
Microsoft Windows Windows Hard Link Elevation of Privilege Vulnerability CVE-2020-1467 High
Microsoft Windows Local Security Authority Subsystem Service Elevation of Privilege Vulnerability CVE-2020-1509 High
Microsoft Windows Windows Custom Protocol Engine Elevation of Privilege Vulnerability CVE-2020-1527 High
Microsoft Windows Windows Work Folders Service Elevation of Privilege Vulnerability CVE-2020-1516 High
Microsoft Windows Windows ARM Information Disclosure Vulnerability CVE-2020-1459 High
Microsoft Windows Windows RRAS Service Information Disclosure Vulnerability CVE-2020-1383 High
Microsoft Windows Windows File Server Resource Management Service Elevation of Privilege Vulnerability CVE-2020-1517 High
Microsoft Windows Windows File Server Resource Management Service Elevation of Privilege Vulnerability CVE-2020-1518 High
SQL Server Microsoft SQL Server Management Studio Denial of Service Vulnerability CVE-2020-1455 High
Visual Studio Visual Studio Code Remote Code Execution Vulnerability CVE-2020-0604 High
Windows AI Windows Speech Runtime Elevation of Privilege Vulnerability CVE-2020-1521 High
Windows AI Windows Speech Runtime Elevation of Privilege Vulnerability CVE-2020-1522 High
Windows AI Windows Speech Shell Components Elevation of Privilege Vulnerability CVE-2020-1524 High
Windows COM Windows Image Acquisition Service Information Disclosure Vulnerability CVE-2020-1474 High
Windows Kernel Windows Kernel Information Disclosure Vulnerability CVE-2020-1578 High
Windows Kernel Windows Kernel Elevation of Privilege Vulnerability CVE-2020-1417 High
Windows Kernel DirectX Elevation of Privilege Vulnerability CVE-2020-1479 High
Windows Media Media Foundation Information Disclosure Vulnerability CVE-2020-1487 High
Windows Media Player Media Foundation Memory Corruption Vulnerability CVE-2020-1478 High
Windows Print Spooler Components Windows Print Spooler Elevation of Privilege Vulnerability CVE-2020-1337 High
Windows RDP Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability CVE-2020-1466 High
Windows Registry Windows Registry Elevation of Privilege Vulnerability CVE-2020-1378 High
Windows Registry Windows Registry Elevation of Privilege Vulnerability CVE-2020-1377 High
Windows Shell Windows Elevation of Privilege Vulnerability CVE-2020-1565 High
Windows Shell Windows Accounts Control Elevation of Privilege Vulnerability CVE-2020-1531 High
Windows Update Stack Windows 10 Update Assistant Elevation of Privilege Vulnerability CVE-2020-1571 High
Windows Update Stack Windows WaasMedic Service Information Disclosure Vulnerability CVE-2020-1548 High
Windows WalletService Windows WalletService Elevation of Privilege Vulnerability CVE-2020-1556 High
Windows WalletService Windows WalletService Elevation of Privilege Vulnerability CVE-2020-1533 High

About Automox

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.