Microsoft fixes 120 vulnerabilities, including 2 zero-day bugs

Microsoft has fixed 120 vulnerabilities with its new security patch, including two zero-day bugs in Windows operating system and Internet Explorer that were being exploited by the hackers.

Microsoft has released an August 2020 security update that has patched 120 vulnerabilities across 13 different products, from Edge to Windows, and from SQL Server to the .NET Framework.

Among the vulnerabilities fixed this month, 17 bugs received the highest severity rating of “Critical,” and there are also two zero-days, ZDNet reported on Tuesday.

The first zero-day bug known as CVE-2020-1464 was fixed as part of the new security update.

Microsoft said that an attacker can exploit this bug and have Windows incorrectly validate file signatures.

The second zero-day, tracked as CVE-2020-1380, resided in the scripting engine that ships with Internet Explorer.

Microsoft received a report from cybersecurity firm Kaspersky that hackers found a remote code execution (RCE) bug in the internet explorer scripting engine and “were abusing it in real-world attacks”.

The bug, now fixed, can be exploited by luring users on malicious sites, or by sending them booby-trapped Office files.