800+ IT
News
als RSS Feed abonnieren๐ The August 2020 Security Update Review
๐ก Newskategorie: Hacking
๐ Quelle: thezdi.com
August is here and so is the latest batch of security patches from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details of security patches for this month.
Adobe Patches for August 2020
The Adobe release for August includes only two patches. The update forย Adobe Readerย fixes a total of 26 bugs, eight of which came through the ZDI program. Most of these are Out-Of-Bounds (OOB) Reads, but there are also some Use-After-Free (UAF), OOB Write, stack exhaustion, and memory corruption bugs addressed. One interesting bug being fixed here is CVE-2020-9697, which was found by ZDI Vulnerability Analysis Manager Abdul-Aziz Hariri. The reliable info disclosure leak appears to have existed for more than a decade. Weโllย tweetย out the proof-of-concept demonstration for this one tomorrow. Yes โ the demo is short enough to fit in a tweet. Also of note is the Critical-rated CVE-2020-9712. This bug could allow attackers to bypass HTML parsing mitigations within Acrobat Pro DC. Through this, an attacker can trigger the parsing of HTML documentsย remotelyย from within Acrobat. The other patch fixes one privilege escalation bug inย Adobe Lightroom.ย
None of the bugs patched by Adobe today are listed as publicly known or under active attack at the time of release. In the past two months, Adobe released additional patches later in the month. It will be interesting to see if that trend continues.
Microsoft Patches for August 2020
For August, Microsoft released patches for 120 CVEs in Microsoft Windows, Edge (EdgeHTML-based and Chromium-based), ChakraCore, Internet Explorer (IE), Microsoft Scripting Engine, SQL Server, .NET Framework, ASP.NET Core, Office and Office Services and Web Apps, Windows Codecs Library, and Microsoft Dynamics. Thatโs now six straight months of 110+ CVEs and brings the yearly total to 862 โ 11 more patches than Microsoft shipped in all of 2019. If they maintain this pace, itโs quite possible for them to ship more than 1,300 patches this year. This volume โ along with difficult servicing scenarios โ puts extra pressure on patch management teams.
Of these 120 patches, 17 are listed as Critical and 103 are listed as Important in severity. Eleven of these bugs came through the ZDI program. One of these bugs is listed as being publicly known and two are listed as being under active attack at the time of release. Letโs take a closer look at some of the more interesting updates for this month, starting with the bugs currently being exploited in the wild:
-ย ย ย ย ย ย ย CVE-2020-1380ย - Scripting Engine Memory Corruption Vulnerability
This bug in IE is currently under active attack. Attackers could run their code on a target system if an affected version of IE views a specially crafted website. It is not known how extensive the attacks are, but considering this bug was reported by Kaspersky, itโs reasonable to assume malware is involved. If youโre still using IE, make this one your top priority.
-ย ย ย ย ย ย ย CVE-2020-1464ย - Windows Spoofing Vulnerability
This spoofing bug is publicly known and currently being exploited. It allows an attacker to load improperly signed files, bypassing signature verification. Microsoft does not list where this is public or how many people are affected by the attacks. Regardless, this bug affects all supported versions of Windows, so test and deploy this one quickly.
-ย ย ย ย ย ย ย CVE-2020-1472ย - NetLogon Elevation of Privilege Vulnerability
Itโs rare to see a Critical-rated elevation of privilege bug, but this one deserves it. A vulnerability in the Netlogon Remote Protocol (MS-NRPC) could allow attackers to run their applications on a device on the network. An unauthenticated attacker would use MS-NRPC to connect to a Domain Controller (DC) to obtain administrative access. Whatโs worse is that there is not a full fix available. This patch enables the DCs to protect devices, but a second patch currently slated for Q1 2021 enforces secure Remote Procedure Call (RPC) with Netlogon to fully address this bug. After applying this patch, youโll still need to make changes to your DC. Microsoft publishedย guidelinesย to help administrators choose the correct settings.ย
-ย ย ย ย ย ย ย CVE-2020-1585ย - Microsoft Windows Codecs Library Remote Code Execution Vulnerability
This is one of two codec bugs reported by ZDIโs Abdul-Aziz Hariri. The bug allows for code execution if an attacker can convince a user to view a specially crafted image file. The โAV1 Video Extensionโ codec is impacted here, and it is only available through the Windows Store, which means the patch is only available through the Windows store. The codec is not a default component, so if you have offline systems, they are unlikely to have the codec installed.ย
Hereโs the full list of CVEs released by Microsoft for August 2020.ย
| CVE | Title | Severity | Public | Exploited | XI - Latest | XI - Older | Type |
| CVE-2020-1464 | Windows Spoofing Vulnerability | Important | Yes | Yes | 0 | 0 | Spoof |
| CVE-2020-1380 | Scripting Engine Memory Corruption Vulnerability | Critical | No | Yes | 0 | N/A | RCE |
| CVE-2020-1046 | .NET Framework Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
| CVE-2020-1525 | Media Foundation Memory Corruption Vulnerability | Critical | No | No | 2 | 2 | RCE |
| CVE-2020-1379 | Media Foundation Memory Corruption Vulnerability | Critical | No | No | 2 | 2 | RCE |
| CVE-2020-1477 | Media Foundation Memory Corruption Vulnerability | Critical | No | No | 2 | 2 | RCE |
| CVE-2020-1492 | Media Foundation Memory Corruption Vulnerability | Critical | No | No | 2 | 2 | RCE |
| CVE-2020-1554 | Media Foundation Memory Corruption Vulnerability | Critical | No | No | 2 | 2 | RCE |
| CVE-2020-1568 | Microsoft Edge PDF Remote Code Execution Vulnerability | Critical | No | No | 2 | N/A | RCE |
| CVE-2020-1483 | Microsoft Outlook Memory Corruption Vulnerability | Critical | No | No | 2 | 2 | RCE |
| CVE-2020-1560 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability | Critical | No | No | 2 | N/A | RCE |
| CVE-2020-1574 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
| CVE-2020-1585 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability | Critical | No | No | N/A | 2 | RCE |
| CVE-2020-1567 | MSHTML Engine Remote Code Execution Vulnerability | Critical | No | No | 1 | 1 | RCE |
| CVE-2020-1472 | NetLogon Elevation of Privilege Vulnerability | Critical | No | No | 2 | 2 | EoP |
| CVE-2020-1555 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No | 2 | N/A | RCE |
| CVE-2020-1570 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No | 1 | 1 | RCE |
| CVE-2020-1339 | Windows Media Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
| CVE-2020-1476 | ASP.NET and .NET Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
| CVE-2020-1597 | ASP.NET Core Denial of Service Vulnerability | Important | No | No | 2 | 2 | DoS |
| CVE-2020-1511 | Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
| CVE-2020-1577 | DirectWrite Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
| CVE-2020-1479 | DirectX Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
| CVE-2020-1473 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
| CVE-2020-1557 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
| CVE-2020-1558 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
| CVE-2020-1564 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
| CVE-2020-1509 | Local Security Authority Subsystem Service Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
| CVE-2020-1487 | Media Foundation Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
| CVE-2020-1478 | Media Foundation Memory Corruption Vulnerability | Important | No | No | 2 | 2 | RCE |
| CVE-2020-1582 | Microsoft Access Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
| CVE-2020-1591 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability | Important | No | No | 2 | N/A | XSS |
| CVE-2020-1569 | Microsoft Edge Memory Corruption Vulnerability | Important | No | No | 2 | N/A | RCE |
| CVE-2020-1497 | Microsoft Excel Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
| CVE-2020-1494 | Microsoft Excel Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
| CVE-2020-1495 | Microsoft Excel Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
| CVE-2020-1496 | Microsoft Excel Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
| CVE-2020-1498 | Microsoft Excel Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
| CVE-2020-1504 | Microsoft Excel Remote Code Execution Vulnerability | Important | No | No | N/A | 2 | RCE |
| CVE-2020-1561 | Microsoft Graphics Components Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
| CVE-2020-1562 | Microsoft Graphics Components Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
| CVE-2020-1581 | Microsoft Office Click-to-Run Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
| CVE-2020-1563 | Microsoft Office Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
| CVE-2020-1573 | Microsoft Office SharePoint XSS Vulnerability | Important | No | No | 2 | 2 | XSS |
| CVE-2020-1580 | Microsoft Office SharePoint XSS Vulnerability | Important | No | No | 2 | 2 | XSS |
| CVE-2020-1493 | Microsoft Outlook Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
| CVE-2020-1505 | Microsoft SharePoint Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
| CVE-2020-1499 | Microsoft SharePoint Spoofing Vulnerability | Important | No | No | 2 | 2 | Spoof |
| CVE-2020-1500 | Microsoft SharePoint Spoofing Vulnerability | Important | No | No | 2 | 2 | Spoof |
| CVE-2020-1501 | Microsoft SharePoint Spoofing Vulnerability | Important | No | No | 2 | 2 | Spoof |
| CVE-2020-1455 | Microsoft SQL Server Management Studio Denial of Service Vulnerability | Important | No | No | 2 | N/A | DoS |
| CVE-2020-1502 | Microsoft Word Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
| CVE-2020-1503 | Microsoft Word Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
| CVE-2020-1583 | Microsoft Word Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
| CVE-2020-0604 | Visual Studio Code Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
| CVE-2020-1510 | Win32k Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
| CVE-2020-1571 | Windows 10 Update Assistant Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
| CVE-2020-1531 | Windows Accounts Control Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
| CVE-2020-1587 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important | No | No | 1 | 1 | EoP |
| CVE-2020-1488 | Windows AppX Deployment Extensions Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
| CVE-2020-1459 | Windows ARM Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
| CVE-2020-1535 | Windows Backup Engine Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
| CVE-2020-1536 | Windows Backup Engine Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
| CVE-2020-1539 | Windows Backup Engine Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
| CVE-2020-1540 | Windows Backup Engine Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
| CVE-2020-1541 | Windows Backup Engine Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
| CVE-2020-1542 | Windows Backup Engine Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
| CVE-2020-1543 | Windows Backup Engine Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
| CVE-2020-1544 | Windows Backup Engine Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
| CVE-2020-1545 | Windows Backup Engine Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
| CVE-2020-1546 | Windows Backup Engine Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
| CVE-2020-1547 | Windows Backup Engine Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
| CVE-2020-1551 | Windows Backup Engine Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
| CVE-2020-1534 | Windows Backup Service Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
| CVE-2020-1549 | Windows CDP User Components Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
| CVE-2020-1550 | Windows CDP User Components Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
| CVE-2020-1489 | Windows CSC Service Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
| CVE-2020-1513 | Windows CSC Service Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
| CVE-2020-1527 | Windows Custom Protocol Engine Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
| CVE-2020-1584 | Windows dnsrslvr.dll Elevation of Privilege Vulnerability | Important | No | No | 1 | 1 | EoP |
| CVE-2020-1565 | Windows Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
| CVE-2020-1517 | Windows File Server Resource Management Service Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
| CVE-2020-1518 | Windows File Server Resource Management Service Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
| CVE-2020-1520 | Windows Font Driver Host Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
| CVE-2020-1579 | Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
| CVE-2020-1529 | Windows GDI Elevation of Privilege Vulnerability | Important | No | No | 1 | 1 | EoP |
| CVE-2020-1480 | Windows GDI Elevation of Privilege Vulnerability | Important | No | No | 1 | 1 | EoP |
| CVE-2020-1467 | Windows Hard Link Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
| CVE-2020-1474 | Windows Image Acquisition Service Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
| CVE-2020-1485 | Windows Image Acquisition Service Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
| CVE-2020-1417 | Windows Kernel Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
| CVE-2020-1486 | Windows Kernel Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
| CVE-2020-1566 | Windows Kernel Elevation of Privilege Vulnerability | Important | No | No | 1 | 1 | EoP |
| CVE-2020-1578 | Windows Kernel Information Disclosure Vulnerability | Important | No | No | 1 | 1 | Info |
| CVE-2020-1526 | Windows Network Connection Broker Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
| CVE-2020-1337 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
| CVE-2020-1528 | Windows Radio Manager API Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
| CVE-2020-1377 | Windows Registry Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
| CVE-2020-1378 | Windows Registry Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
| CVE-2020-1530 | Windows Rem ...
|