Microsoft Addresses RCE and Spoofing Vulnerabilities Under Active Exploitation

Original release date: August 11, 2020<br/><p>Microsoft has released security updates to address two vulnerabilities—CVE-2020-1380 and CVE-2020-1464—that are being actively exploited. CVE-2020-1380 is a remote code execution vulnerability affecting Internet Explorer 11, and CVE-2020-1464 is a spoofing vulnerability that affects multiple Windows products. An attacker could exploit these vulnerabilities to take control of an affected system.</p>

<p>The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s Security Advisories for <a href=”https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1380 “>CVE-2020-1380</a> and <a href=”https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1464 “>CVE-2020-1464</a> and apply the necessary updates.</p>

<div class=”field field–name-body field–type-text-with-summary field–label-hidden field–item”><p class=”privacy-and-terms”>This product is provided subject to this <a href=”https://us-cert.cisa.gov/privacy/notification”>Notification</a> and this <a href=”https://www.dhs.gov/privacy-policy”>Privacy &amp; Use</a> policy.</p>

</div>