๐ The April 2020 Security Update Review
๐ก Newskategorie: Hacking
๐ Quelle: thezdi.com
April is here, and it brings another cornucopia of security patches from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month.
Adobe Patches for April 2020
For April, Adobe released on three patches addressing five CVEs in Adobe ColdFusion, After Effects, and Digital Editions. All CVEs are rated Important and none are listed as being publicly known or under active attack at the time of release. The update for ColdFusion should be on the top of the deployment list as it includes a local privilege escalation (LPE) to go along with an info disclosure and denial-of-service bug. The update for After Effects, reported by ZDI researcher Mat Powell, corrects an info disclosure bug. The patch for Digital Editions also corrects a single information disclosure bug. Although there is no update for Flash this month, the window for the final Flash patches is closing as it goes out of support at the end of this year.
Microsoft Patches for April 2020
For April, Microsoft released patches for 113 CVEs covering Microsoft Windows, Microsoft Edge (EdgeHTML-based and Chromium-based), ChakraCore, Internet Explorer, Office and Office Services and Web Apps, Windows Defender, Visual Studio, Microsoft Dynamics, Microsoft Apps for Android, and Microsoft Apps for Mac. Of these 113 CVEs, 17 are rated Critical and 96 are rated Important in severity. Twelve of these CVEs were reported through the ZDI program. If you feel like there have been a lot of patches this year, youโre not wrong. Microsoft has seen a 44% increase in the number of CVEs patched between January to April of 2020 compared to the same time period in 2019. Both an increasing number of researchers looking for bugs and an expanding portfolio of supported products likely caused this increase. It will be interesting to see if this pace continues, especially considering Microsoft will pause optional Windows 10 updates starting next month.
Two of the bugs addressed this month are listed as being under active attack, and two are listed as being public at the time of release. Letโs take a closer look at some of the more interesting updates for this month, starting with bugs under active attack.
-ย ย ย ย ย ย CVE-2020-1020 โ Adobe Font Manager Library Remote Code Execution Vulnerability
Initially disclosed back in late March, this bug is one of two reported to be targeting Windows 7 systems. Attackers can use this vulnerability to execute their code on affected systems if they can convince a user to view a specially crafted font. The code would run at the level of the logged-on user. Although the attacks specifically have targeted Windows 7 systems, not all Win7 systems will receive a patch since the OS left support in January of this year. Only those Windows 7 and Server 2008 customers with an ESU license will receive the patch.
-ย ย ย ย ย ย CVE-2020-0938 โ OpenType Font Parsing Remote Code Execution Vulnerability
This bug is associated with the previous vulnerability, although it impacts a different font renderer. It too is listed as being under active attack. Again, an attacker could execute their code on a target system if a user viewed a specially crafted font. We should also note Windows 10 systems are less impacted by these bugs since the code execution would occur in an AppContainer sandbox. Win7 users will also need an ESU license for this patch.
-ย ย ย ย ย ย CVE-2020-0993 โ Windows DNS Denial of Service VulnerabilityThis patch addresses a Denial-of-Service (DoS) bug in the Windows DNS service. Note thatโs the DNS service and not the DNS Server, so client systems are also affected by this vulnerability. An attacker could cause the DNS service to be nonresponsive by sending some specially crafted DNS queries to an affected system. Since there is no code execution involved, the only gets rated as Important. However, considering the damage that could be done by an unauthenticated attacker, this should be high on your test and deploy list.
-ย ย ย ย ย ย CVE-2020-0981 โ Windows Token Security Feature Bypass Vulnerability
Itโs not often you see a security feature bypass directly result in a sandbox escape, but thatโs exactly what this bug allows. The vulnerability results from Windows improperly handling token relationships. Attackers could abuse this to allow an application with a certain integrity level to execute code at a different โ presumably higher โ integrity level. The result is a sandbox escape. This only affects Windows 10 version 1903 and higher, so the code is a relatively recent addition.
Hereโs the full list of CVEs released by Microsoft for April 2020.
CVE | Title | Severity | Public | Exploited | XI - Latest | XI - Older | Type |
CVE-2020-1020 | Adobe Font Manager Library Remote Code Execution Vulnerability | Important | Yes | Yes | 2 | 0 | RCE |
CVE-2020-0938 | OpenType Font Parsing Remote Code Execution Vulnerability | Important | No | Yes | 2 | 0 | RCE |
CVE-2020-0935 | OneDrive for Windows Elevation of Privilege Vulnerability | Important | Yes | No | 2 | N/A | EoP |
CVE-2020-0969 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No | 2 | N/A | RCE |
CVE-2020-1022 | Dynamics Business Central Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-0948 | Media Foundation Memory Corruption Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-0949 | Media Foundation Memory Corruption Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-0950 | Media Foundation Memory Corruption Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-0907 | Microsoft Graphics Components Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-0687 | Microsoft Graphics Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-0927 | Microsoft Office SharePoint XSS Vulnerability | Critical | No | No | 2 | 2 | XSS |
CVE-2020-0929 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-0931 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-0932 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-0974 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-0965 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-0968 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No | 1 | 1 | RCE |
CVE-2020-0970 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No | 2 | N/A | RCE |
CVE-2020-0967 | VBScript Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-0910 | Windows Hyper-V Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-0942 | Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-0944 | Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1029 | Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-0784 | DirectX Elevation of Privilege Vulnerability | Important | No | No | 1 | 1 | EoP |
CVE-2020-0888 | DirectX Elevation of Privilege Vulnerability | Important | No | No | 2 | 1 | EoP |
CVE-2020-0964 | GDI+ Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-0889 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-0953 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-0959 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-0960 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-0988 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-0992 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-0994 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-0995 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-0999 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-1008 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-0937 | Media Foundation Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2020-0939 | Media Foundation Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2020-0945 | Media Foundation Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2020-0946 | Media Foundation Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2020-0947 | Media Foundation Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2020-0984 | Microsoft (MAU) Office Elevation of Privilege Vulnerability | Important | No | No | 2 | N/A | EoP |
CVE-2020-1002 | Microsoft Defender Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1049 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability | Important | No | No | 2 | 2 | XSS |
CVE-2020-1050 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability | Important | No | No | 2 | 2 | XSS |
CVE-2020-1018 | Microsoft Dynamics Business Central/NAV Information Disclosure | Important | No | No | 2 | 2 | Info |
CVE-2020-0906 | Microsoft Excel Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-0979 | Microsoft Excel Remote Code Execution Vulnerability | Important | No | No | N/A | 2 | RCE |
CVE-2020-0982 | Microsoft Graphics Component Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2020-0987 | Microsoft Graphics Component Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2020-1005 | Microsoft Graphics Component Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2020-0961 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-0760 | Microsoft Office Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-0991 | Microsoft Office Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-0923 | Microsoft Office SharePoint XSS Vulnerability | Important | No | No | 2 | 2 | XSS |
CVE-2020-0924 | Microsoft Office SharePoint XSS Vulnerability | Important | No | No | 2 | 2 | XSS |
CVE-2020-0925 | Microsoft Office SharePoint XSS Vulnerability | Important | No | No | 2 | 2 | XSS |
CVE-2020-0926 | Microsoft Office SharePoint XSS Vulnerability | Important | No | No | 2 | 2 | XSS |
CVE-2020-0930 | Microsoft Office SharePoint XSS Vulnerability | Important | No | No | 2 | 2 | XSS |
CVE-2020-0933 | Microsoft Office SharePoint XSS Vulnerability | Important | No | No | 2 | 2 | XSS |
CVE-2020-0954 | Microsoft Office SharePoint XSS Vulnerability | Important | No | No | 2 | 2 | XSS |
CVE-2020-0973 | Microsoft Office SharePoint XSS Vulnerability | Important | No | No | 2 | 2 | XSS |
CVE-2020-0978 | Microsoft Office SharePoint XSS Vulnerability | Important | No | No | 2 | 2 | XSS |
CVE-2020-0919 | Microsoft Remote Desktop App for Mac Elevation of Privilege Vulnerability | Important | No | No | 2 | N/A | EoP |
CVE-2020-1019 | Microsoft RMS Sharing App for Mac Elevation of Privilege Vulnerability | Important | No | No | 2 | N/A | EoP |
CVE-2020-0920 | Microsoft SharePoint Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-0971 | Microsoft SharePoint Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-0972 | Microsoft SharePoint Spoofing Vulnerability | Important | No | No | 2 | 2 | Spoof |
CVE-2020-0975 | Microsoft SharePoint Spoofing Vulnerability | Important | No | No | 2 | 2 | Spoof |
CVE-2020-0976 | Microsoft SharePoint Spoofing Vulnerability | Important | No | No | N/A | 2 | Spoof |
CVE-2020-0977 | Microsoft SharePoint Spoofing Vulnerability | Important | No | No | 2 | 2 | Spoof |
CVE-2020-0899 | Microsoft Visual Studio Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1014 | Microsoft Windows Update Client Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-0980 | Microsoft Word Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-0943 | Microsoft YourPhone Application for Android Authentication Bypass Vulnerability | Important | No | No | 2 | N/A | EoP |
CVE-2020-1026 | MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability | Important | No | No | 2 | N/A | SFB |
CVE-2020-0966 | VBScript Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-0900 | Visual Studio Extension Installer Service Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-0956 | Win32k Elevation of Privilege Vulnerability | Important | No | No | 1 | 1 | EoP |
CVE-2020-0957 | Win32k Elevation of Privilege Vulnerability | Important | No | No | N/A | 1 | EoP |
CVE-2020-0958 | Win32k Elevation of Privilege Vulnerability | Important | No | No | 1 | 1 | EoP |
CVE-2020-0699 | Win32k Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2020-0962 | Win32k Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2020-0835 | Windows Defender Antimalware Platform Hard Link Elevation of Privilege Vulnerability | Important | No | No | 2 | N/A | EoP |
CVE-2020-0794 | Windows Denial of Service Vulnerability | Important | No | No | 2 | 2 | DoS |
CVE-2020-0993 | Windows DNS Denial of Service Vulnerability | Important | No | No | 2 | 2 | DoS |
CVE-2020-0934 | Windows Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-0983 | Windows Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1009 | Windows Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1011 | Windows Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1015 | Windows Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-0952 | Windows GDI Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2020-1004 | Windows Graphics Component Elevation of Privilege Vulnerability | Important | No | No | 1 | 1 | EoP |
CVE-2020-0917 | Windows Hyper-V Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-0918 | Windows Hyper-V Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-0913 | Windows Kernel Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1000 | Windows Kernel Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1003 | Windows Kernel Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1027 | ๐ Komplette Nachricht lesen
๐ Zur Startseite
|