Article 56TK8 0days, a failed patch, and a backdoor threat. Update Tuesday highlights

0days, a failed patch, and a backdoor threat. Update Tuesday highlights

by
Dan Goodin
from Ars Technica - All content on (#56TK8)
windows-update1-800x552.jpg

Enlarge

Microsoft on Tuesday patched 120 vulnerabilities, two that are notable because they're under active attack and a third because it fixes a previous patch for a security flaw that allowed attackers to gain a backdoor that persisted even after a machine was updated.

Zero-day vulnerabilities get their name because an affected developer has zero days to release a patch before the security flaw is under attack. Zero-day exploits can be among the most effective because they usually go undetected by antivirus, intrusion prevention systems, and other security protections. These types of attacks usually indicate a threat actor of above-average means because of the work and skill required to identify the unknown vulnerability and develop a reliable exploit. Adding to the difficulty: the exploits must bypass defenses developers have spent considerable resources implementing.

A hacker's dream: Bypassing code-signing checks

The first zero-day is present in all supported versions of Windows, including Windows 10 and Server 2019, which security professionals consider two of the world's most secure operating systems. CVE-2020-1464 is what Microsoft is calling a Windows Authenticode Signature Spoofing Vulnerability. Hackers who exploit it can sneak their malware onto targeted systems by bypassing a malware defense that uses digital signatures to certify that software is trustworthy.

Read 16 remaining paragraphs | Comments

index?i=lXhRmj3e2IU:GJ58A-IZn0w:V_sGLiPB index?i=lXhRmj3e2IU:GJ58A-IZn0w:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments