Patch Tuesday October 2020

Microsoft has pushed out fixes for 87 security vulnerabilities in October – 11 of them critical – and one of those is potentially wormable.

This month’s Patch Tuesday overall includes fixes for bugs in Microsoft Windows, Office and Office Services and Web Apps, Azure Functions, Open Source Software, Exchange Server, Visual Studio, .NET Framework, Microsoft Dynamics, and the Windows Codecs Library.

A full 75 are listed as important, and just one is listed as moderate in severity. None are listed as being under active attack, but the group does include six issues that were known but unpatched before this month’s regularly scheduled updates.

Microsoft CVE-2020-16898: Microsoft TCP/IP Remote Code Execution Vulnerability

With a CVSS score of 9.8 and marked as “Exploitation More Likely”, this vulnerability grants the ability to execute code on target Windows 10 (version 1709+), Windows Server 2019, and Windows Server version 1903+ systems due to improper handling of ICMPv6 Router Advertisement packets. The PowerShell command netsh int ipv6 set int *INTERFACENUMBER* rabaseddnsconfig=disable does not require a reboot to take effect.

Microsoft CVE-2020-16896: Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

RDP has been a focal point for some of recent attacks (e.g. BlueKeep), so whenever Microsoft provides another fix within that realm, it’s prudent to make note of some specifics. CVE-2020-16896 is an information disclosure vulnerability where, when successfully exploited, allows unauthorized read access to the Windows RDP server process.

Microsoft CVE-2020-16911: GDI+ Remote Code Execution Vulnerability

Critical remote code execution vulnerability CVE-2020-16911 leverages how the Windows Graphics Device Interface (GDI) handles objects in memory. A successful exploitation allows the attacker to install programs and/or create new accounts under the same user rights as the user who triggered this vulnerability.

Unlike CVE-2020-16898, however, this vulnerability affects all supported versions of Windows OS, which may suggest affecting unsupported/earlier versions of Windows as well.

Microsoft SharePoint Remote Code Execution Vulnerabilities (CVE-2020-16951CVE-2020-16952)

CVE-2020-16951 and CVE-2020-16952 are remote code execution vulnerabilities that exploit a gap in checking the source markup of an application package. Upon successful exploitation, the attacker could run arbitrary code in the context of the SharePoint application pool or server farm account.

Microsoft SharePoint Reflective XSS Vulnerabilities (CVE-2020-16944CVE-2020-16945CVE-2020-16946)

The last set of notable SharePoint vulnerabilities this month are three CVSS 8.7 spoofing vulnerabilities. Requiring a user to click a specially-crafted URL within targeted SharePoint Web App site, a successful exploitation from those means allows the attacker to perform cross-site scripting attacks and/or run scripts in the security context of the user.

Microsoft CVE-2020-16947: Outlook Remote Code Execution Vulnerability

A critical remote code execution vulnerability for Outlook 2016, Office 2019 and Microsoft 365 apps only, CVE-2020-16947 has the potential to allow an attacker to run arbitrary code in the context of the user. The attacker could then install programs or create new accounts with full user rights.

Microsoft CVE-2020-16949: Outlook Denial of Service Vulnerability

CVE-2020-16949 is an Outlook vulnerability that affects more versions than the list around CVE-2020-14947 including Outlook 2010 and Outlook 2013. This vulnerability, however, reads differently in that this denial of service vulnerability only requires that a specially-crafted email be sent. When paired with the fact that this vulnerability is marked with the Preview Pane as an attack vector, just like CVE-2020-16947, suggests giving Outlook its fair share of attention this month.

Patch it .Be hygiene. Be Secure. No critical and Zero Day are released which might give a space for leisure

Patch Tuesday September 2020

As part of this month’s Patch Tuesday, Microsoft today released a fresh batch of security updates to fix a total of 129 newly discovered security vulnerabilities affecting various versions of its Windows operating systems and related software.

23 are listed as critical, 105 are important, and one is moderate in severity

None of the security vulnerabilities the tech giant patched in September are listed as being publicly known or under active attack at the time of release or at least not in knowledge of Microsoft.

A memory corruption vulnerability (CVE-2020-16875) in Microsoft Exchange software is worth highlighting all the critical flaws. The exploitation of this flaw could allow an attacker to run arbitrary code at the SYSTEM level by sending a specially crafted email to a vulnerable Exchange Server.

“A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory,” Microsoft explains. “An attacker could then install programs; view, change, or delete data; or create new accounts.”

Microsoft also patched two critical remote code execution flaws in Windows Codecs Library; both exist in the way that Microsoft Windows Codecs Library handles objects in memory, but while one (CVE-2020-1129) could be exploited to obtain information to compromise the user’s system further, the other (CVE-2020-1319) could be used to take control of the affected system.

Besides these, two remote code execution flaws affect the on-premises implementation of Microsoft Dynamics 365, but both require the attacker to be authenticated.

Microsoft also patched six critical remote code execution vulnerabilities in SharePoint and one in SharePoint Server. While exploiting the vulnerability in SharePoint Server requires authentication, other flaws in SharePoint do not.

Other critical flaws the tech giant patched this month reside in Windows, Windows Media Audio Decoder, Windows Text Service Module, Windows Camera Codec Pack, Visual Studio, Scripting Engine, Microsoft COM for Windows, Microsoft Browser, and Graphics Device Interface.

Most of these vulnerabilities allow information disclosure, the elevation of privilege, and cross-Site Scripting. Some also lead to remote code execution attacks. In contrast, others allow security feature bypass, spoofing, tampering, and denial of service attacks.

Windows users and system administrators are highly advised to apply the latest security patches as soon as possible to keep cybercriminals and hackers away from taking control of their computers.
For installing security updates, head on to Settings → Update & security → Windows Update → Check for updates or install the updates manually.