๐ The July 2020 Security Update Review
๐ก Newskategorie: Hacking
๐ Quelle: thezdi.com
July is upon us, and it brings another huge batch of security patches from Microsoft, and a few from Adobe as well. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month.
Adobe Patches for July 2020
This month, Adobe released five patches covering 13 CVEs in Adobe Cold Fusion, Download Manager, Genuine Service, Media Encoder, and the Creative Cloud Desktop Application. Three of these bugs came through the ZDI program. The update for Cold Fusion covers two DLL search-order hijacking bugs that could allow a privilege escalation. The fix for Download Manager corrects a single command injection vulnerability. The patch for Media Encoder address two Out-Of-Bounds (OOB) Write and an OOB Read bug. The OOB Write bugs could lead to arbitrary code execution if an attacker convinces a target to visit a malicious page or open a malicious file. The update for the Creative Cloud Desktop Application fixes four different bugs. The most severe of these would allow an arbitrary file system write, while the others could allow a privilege escalation. Finally, the patch for Adobe Genuine Service fixes three Important-severity privilege escalation vulnerabilities. None of the bugs fixed by Adobe are listed as publicly known or under active attack at the time of release.
Microsoft Patches for July 2020
For July, Microsoft released patches for 123 CVEs and one advisory covering Microsoft Windows, Edge (EdgeHTML-based and Chromium-based) in IE Mode, ChakraCore, Internet Explorer (IE), Office and Office Services and Web Apps, Windows Defender, Skype for Business, Visual Studio, .NET Framework, OneDrive, Azure DevOp, and Open Source Software. That makes five straight months of 110+ CVEs released and brings the total for 2020 up to 742. For comparison, Microsoft released patches for 851 CVEs in all of 2019. At this pace, Microsoft will eclipse that number next month. They have already passed their totals for 2017 (665) and 2018 (691).
Of these 123 patches, 18 are listed as Critical and 105 are listed as Important in severity. Seven of these bugs came through the ZDI program. None of these bugs are listed as being under attack at the time of release, while one CVE is listed as publicly known. Letโs take a closer look at some of the more interesting updates for this month, starting with a highly exploitable bug in Windows DNS servers:
-ย ย ย ย ย ย CVE-2020-1350 - Windows DNS Server Remote Code Execution Vulnerability
This patch fixes a CVSS 10 rated bug in the Windows DNS Server service that could allow unauthenticated code execution at the level of Local System account if an affected system received a specially crafted request. That makes this bug wormable โ at least between affected DNS servers. Microsoft also suggests a registry edit that limits the size of TCP packets the server will process as a workaround, but they donโt list any potential side effects of that registry change. The attack vector requires very large DNS packets, so attacks cannot be conducted over UDP. Considering Windows DNS servers are usually also Domain Controllers, definitely get this patched as soon as you can.
-ย ย ย ย ย ย CVE-2020-1025 - Microsoft Office Elevation of Privilege Vulnerability
Itโs rare to see an Elevation of Privilege (EoP) bug rated Critical in severity, but this vulnerability in SharePoint and Skype for Business servers certainly earns its rating. An attacker could use this to gain access to an affected server through the improper handling of an OAuth token. Lync servers are also impacted by this, so if you have one of those left around, patch and then seriously consider upgrading to something newer.
-ย ย ย ย ย ย CVE-2020-1147 - .NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability
A problem with the way XML source markup is checked could lead to RCE in .NET, SharePoint, and Visual Studio. This also seems to be related to CVE-2020-1439, as both list the core problem residing in the โDataSetโ and โDataTableโ types which are .NET components used to manage data sets. Either way, all patches are needed to fully address this bug, and that could make servicing difficult. At least it appears the patches may be installed in any order.
-ย ย ย ย ย ย CVE-2020-1349 - Microsoft Outlook Remote Code Execution Vulnerability
This patch fixes a bug in Outlook that could allow an attacker to execute code at the level of the logged-on user if they open or view a specially crafted e-mail. What sets this vulnerability apart is the fact that just viewing the e-mail in the Preview Pane is enough to trigger the bug.
Hereโs the full list of CVEs released by Microsoft for July 2020.
CVE | Title | Severity | Public | Exploited | XI - Latest | XI - Older | Type |
CVE-2020-1463 | Windows SharedStream Library Elevation of Privilege Vulnerability | Important | Yes | No | 2 | 2 | EoP |
CVE-2020-1147 | .NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-1409 | DirectWrite Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-1435 | GDI+ Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-1032 | Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-1036 | Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-1040 | Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-1041 | Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-1042 | Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-1043 | Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-1421 | LNK Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-1025 | Microsoft Office Elevation of Privilege Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-1349 | Microsoft Outlook Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-1439 | PerformancePoint Services Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-1374 | Remote Desktop Client Remote Code Execution Vulnerability | Critical | No | No | 1 | 1 | RCE |
CVE-2020-1403 | VBScript Remote Code Execution Vulnerability | Critical | No | No | 1 | 1 | RCE |
CVE-2020-1410 | Window Address Book Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-1350 | Windows DNS Server Remote Code Execution Vulnerability | Critical | No | No | 1 | 1 | RCE |
CVE-2020-1436 | Windows Font Library Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-1469 | Bond Denial of Service Vulnerability | Important | No | No | 2 | 2 | DoS |
CVE-2020-1333 | Group Policy Services Policy Processing Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1400 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-1401 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-1407 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-1267 | Local Security Authority Subsystem Service Denial of Service Vulnerability | Important | No | No | 2 | 2 | DoS |
CVE-2020-1461 | Microsoft Defender Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1433 | Microsoft Edge Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2020-1240 | Microsoft Excel Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-1351 | Microsoft Graphics Component Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2020-1412 | Microsoft Graphics Components Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-1408 | Microsoft Graphics Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-1342 | Microsoft Office Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2020-1445 | Microsoft Office Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2020-1458 | Microsoft Office Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-1450 | Microsoft Office SharePoint XSS Vulnerability | Important | No | No | 2 | 2 | XSS |
CVE-2020-1451 | Microsoft Office SharePoint XSS Vulnerability | Important | No | No | 2 | 2 | XSS |
CVE-2020-1456 | Microsoft Office SharePoint XSS Vulnerability | Important | No | No | 2 | 2 | XSS |
CVE-2020-1465 | Microsoft OneDrive Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1449 | Microsoft Project Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-1454 | Microsoft SharePoint Reflective XSS Vulnerability | Important | No | No | 2 | 2 | XSS |
CVE-2020-1444 | Microsoft SharePoint Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-1443 | Microsoft SharePoint Spoofing Vulnerability | Important | No | No | 2 | 2 | Spoof |
CVE-2020-1446 | Microsoft Word Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-1447 | Microsoft Word Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-1448 | Microsoft Word Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-1442 | Office Web Apps XSS Vulnerability | Important | No | No | 2 | 2 | XSS |
CVE-2020-1462 | Skype for Business and Microsoft Edge (EdgeHTML-based) Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2020-1432 | Skype for Business via Internet Explorer Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2020-1326 | Team Foundation Server Cross-site Scripting Vulnerability | Important | No | No | 2 | 2 | XSS |
CVE-2020-1416 | Visual Studio Code Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1481 | Visual Studio Code Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-1402 | Windows ActiveX Installer Service Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1391 | Windows Agent Activation Runtime Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2020-1396 | Windows ALPC Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1431 | Windows AppX Deployment Extensions Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1359 | Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1384 | Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1375 | Windows COM Server Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1368 | Windows Credential Enrollment Manager Service Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1385 | Windows Credential Picker Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1393 | Windows Diagnostics Hub Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1418 | Windows Diagnostics Hub Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1388 | Windows Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1392 | Windows Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1394 | Windows Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1395 | Windows Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1420 | Windows Error Reporting Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2020-1429 | Windows Error Reporting Manager Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1365 | Windows Event Logging Service Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1371 | Windows Event Logging Service Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1386 | Windows Feedback Hub Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2020-1355 | Windows Font Driver Host Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-1085 | Windows Function Discovery Service Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1468 | Windows GDI Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2020-1381 | Windows Graphics Component Elevation of Privilege Vulnerability | Important | No | No | 1 | 1 | EoP |
CVE-2020-1382 | Windows Graphics Component Elevation of Privilege Vulnerability | Important | No | No | 1 | 1 | EoP |
CVE-2020-1397 | Windows Imaging Component Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2020-1356 | Windows iSCSI Target Service Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1336 | Windows Kernel Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1411 | Windows Kernel Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1367 | Windows Kernel Information Disclosure Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1389 | Windows Kernel Information Disclosure Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1419 | Windows Kernel Information Disclosure Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1426 | Windows Kernel Information Disclosure Vulnerability | Important | No | No | 1 | 1 | EoP |
CVE-2020-1398 | Windows Lockscreen Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1372 | Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1405 | Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1330 | Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2020-1346 | Windows Modules Installer Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1373 | Windows Network Connections Service Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1390 | Windows Network Connections Service Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1427 | Windows Network Connections Service Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1428 | Windows Network Connections Service Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1438 | Windows Network Connections Service Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1406 | Windows Network List Service Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1437 | Windows Network Location Awareness Service Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1363 | Windows Picker Platform Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1366 | Windows Print Workflow Service Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1360 | Windows Profile Service Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1387 | Windows Push Notification Service Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1358 | Windows Resource Policy Information Disclosure Vulnerability | Important | No ...
|