Microsoft Addresses RCE and Spoofing Vulnerabilities Under Active Exploitation
Original release date: August 11, 2020<br/><p>Microsoft has released security updates to address two vulnerabilities—CVE-2020-1380 and CVE-2020-1464—that are being actively exploited. CVE-2020-1380 is a remote code execution vulnerability affecting Internet Explorer 11, and CVE-2020-1464 is a spoofing vulnerability that affects multiple Windows products. An attacker could exploit these vulnerabilities to take control of an affected system.</p>
<p>The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s Security Advisories for <a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1380 ">CVE-2020-1380</a> and <a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1464 ">CVE-2020-1464</a> and apply the necessary updates.</p>
<div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://us-cert.cisa.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy & Use</a> policy.</p>
</div>