๐ The September 2020 Security Update Review
๐ก Newskategorie: Hacking
๐ Quelle: thezdi.com
September is upon us and so are the latest security offerings from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details of security patches for this month.
Adobe Patches for September 2020
Adobe released three patches addressing 18 unique CVEs in InDesign, Framemaker, and Adobe Experience Manager. The patch forย InDesignย corrects five memory corruption bugs. The patch forย Framemakerย fixes an out-of-bounds read and an stack-based buffer overflow. Both are rated Critical and both were reported through the ZDI program. The patch forย Experience Managerย fixes a variety of bugs, but most are related to cross-site scripting (XSS).
As a reminder, Adobe Flash will go out of support at the end of thisย year. It will be interesting to see if any further patches for the once ubiquitous media player are released.
Microsoft Patches for August 2020
For September, Microsoft released patches for 129 CVEs in Microsoft Windows, Edge (EdgeHTML-based and Chromium-based), ChakraCore, Internet Explorer (IE), SQL Server, Office and Office Services and Web Apps, Microsoft Dynamics, Visual Studio, Exchange Server, ASP.NET, OneDrive, and Azure DevOps. That brings us to seven straight months of 110+ CVEs. It also brings the yearly total close to 1,000. It certainly seems like this volume is the new normal for Microsoft patches.ย
Of these 129 patches, 23 are listed as Critical while 105 are listed as Important, and one is listed as Moderate in severity. A total of 12 of these bugs came through the ZDI program. None of the bugs are listed as publicly known or under active attack at the time of release. Letโs take a closer look at some of the more severe bugs in this release, starting with an Exchange bug that is sure to get a lot of attention:
-ย ย ย ย ย ย ย CVE-2020-16875ย โ Microsoft Exchange Memory Corruption VulnerabilityWithout a doubt, this is the most severe bug being addressed this month. This patch corrects a vulnerability that allows an attacker to execute code at SYSTEM by sending a specially crafted email to an affected Exchange Server. That doesnโt quite make it wormable, but itโs about the worst-case scenario for Exchange servers. We have seen the previously patched Exchange bugย CVE-2020-0688used in the wild, and that requires authentication. Weโll likely see this one in the wild soon. This should be your top priority.
ย -ย ย ย ย ย ย ย CVE-2020-1129ย โ Microsoft Windows Codecs Library Remote Code Execution Vulnerabilityย This bug was reported by ZDI vulnerability researcher Hossein Lotfi and could allow code execution if an affected system views a specially crafted image. Since this vulnerability resides in the codecs library, multiple applications could be affected. The specific flaw exists within the parsing ofย HEVCย streams. A crafted HEVC stream in a video file can trigger an overflow of a fixed-length stack-based buffer.
-ย ย ย ย ย ย ย CVE-2020-0922ย โ Microsoft COM for Windows Remote Code Execution Vulnerability
This patch corrects a vulnerability that would allow an attacker to execute code on an affected system if they can convince a user to open a specially crafted file or lure the target to a website hosting malicious JavaScript. Since this bug resides in COM, there are likely multiple applications that could be impacted by this flaw.
-ย ย ย ย ย ย ย CVE-2020-0951ย โ Windows Defender Application Control Security Feature Bypass Vulnerability
This patch is interesting for reasons beyond just the bug being fixed. An attacker with administrative privileges on a local machine could connect to a PowerShell session and send commands to execute arbitrary code. This behavior should be blocked by WDAC, which does make this an interesting bypass. However, whatโs really interesting is that this is getting patched at all. Vulnerabilities that require administrative access to exploit typically do not get patches. Iโm curious about what makes this one different.
Hereโs the full list of CVEs released by Microsoft for September 2020:
CVE | Title | Severity | Public | Exploited | XI - Latest | XI - Older | Type |
CVE-2020-1285 | GDI+ Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-0878 | Microsoft Browser Memory Corruption Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-0922 | Microsoft COM for Windows Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-16862 | Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-16857 | Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability | Critical | No | No | N/A | N/A | RCE |
CVE-2020-16875 | Microsoft Exchange Memory Corruption Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-1200 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-1210 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-1452 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-1453 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-1576 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-1595 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-1460 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-1129 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-1319 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-1057 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-1172 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-16874 | Visual Studio Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-0997 | Windows Camera Codec Pack Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-1508 | Windows Media Audio Decoder Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-1593 | Windows Media Audio Decoder Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-1252 | Windows Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-0908 | Windows Text Service Module Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-0664 | Active Directory Information Disclosure Vulnerability | Important | No | No | 1 | 1 | Info |
CVE-2020-0856 | Active Directory Information Disclosure Vulnerability | Important | No | No | 1 | 1 | Info |
CVE-2020-0718 | Active Directory Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-0761 | Active Directory Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-0837 | ADFS Spoofing Vulnerability | Important | No | No | 2 | 2 | Spoofing |
CVE-2020-1590 | Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1130 | Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1133 | Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1053 | DirectX Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1308 | DirectX Elevation of Privilege Vulnerability | Important | No | No | 1 | 1 | EoP |
CVE-2020-1013 | Group Policy Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-16884 | Internet Explorer Browser Helper Object (BHO) Memory Corruption Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-1039 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-1074 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-1045 | Microsoft ASP.NET Core Security Feature Bypass Vulnerability | Important | No | No | 2 | 2 | SFB |
CVE-2020-1507 | Microsoft COM for Windows Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-16858 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability | Important | No | No | 2 | 2 | XSS |
CVE-2020-16859 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability | Important | No | No | 2 | 2 | XSS |
CVE-2020-16861 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability | Important | No | No | 2 | 2 | XSS |
CVE-2020-16864 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability | Important | No | No | 2 | 2 | XSS |
CVE-2020-16871 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability | Important | No | No | 2 | 2 | XSS |
CVE-2020-16872 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability | Important | No | No | 2 | 2 | XSS |
CVE-2020-16878 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability | Important | No | No | 2 | 2 | XSS |
CVE-2020-16860 | Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-1224 | Microsoft Excel Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2020-1193 | Microsoft Excel Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-1332 | Microsoft Excel Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-1335 | Microsoft Excel Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-1594 | Microsoft Excel Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-0921 | Microsoft Graphics Component Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2020-1083 | Microsoft Graphics Component Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2020-16855 | Microsoft Office Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2020-1198 | Microsoft Office SharePoint XSS Vulnerability | Important | No | No | N/A | N/A | XSS |
CVE-2020-1227 | Microsoft Office SharePoint XSS Vulnerability | Important | No | No | N/A | N/A | XSS |
CVE-2020-1345 | Microsoft Office SharePoint XSS Vulnerability | Important | No | No | 2 | 2 | XSS |
CVE-2020-1482 | Microsoft Office SharePoint XSS Vulnerability | Important | No | No | 2 | 2 | XSS |
CVE-2020-1514 | Microsoft Office SharePoint XSS Vulnerability | Important | No | No | 2 | 2 | XSS |
CVE-2020-1575 | Microsoft Office SharePoint XSS Vulnerability | Important | No | No | 2 | 2 | XSS |
CVE-2020-1440 | Microsoft SharePoint Server Tampering Vulnerability | Important | No | No | 2 | 2 | Tampering |
CVE-2020-1523 | Microsoft SharePoint Server Tampering Vulnerability | Important | No | No | 2 | 2 | Tampering |
CVE-2020-1205 | Microsoft SharePoint Spoofing Vulnerability | Important | No | No | 2 | 2 | Spoofing |
CVE-2020-0790 | Microsoft splwow64 Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-0875 | Microsoft splwow64 Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2020-0766 | Microsoft Store Runtime Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1146 | Microsoft Store Runtime Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1218 | Microsoft Word Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-1338 | Microsoft Word Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-0838 | NTFS Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-16851 | OneDrive for Windows Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-16852 | OneDrive for Windows Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-16853 | OneDrive for Windows Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-16879 | Projected Filesystem Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2020-0805 | Projected Filesystem Security Feature Bypass Vulnerability | Important | No | No | 2 | 2 | SFB |
CVE-2020-1180 | Scripting Engine Memory Corruption Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-0870 | Shell infrastructure component Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1596 | TLS Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2020-16881 | Visual Studio JSON Remote Code Execution | Important | No | No | 2 | 2 | RCE |
CVE-2020-16856 | Visual Studio Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-1245 | Win32k Elevation of Privilege Vulnerability | Important | No | No | 1 | 1 | EoP |
CVE-2020-0941 | Win32k Information Disclosure Vulnerability | Important | No | No | 1 | 1 | Info |
CVE-2020-1250 | Win32k Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2020-1471 | Windows CloudExperienceHost Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1115 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important | No | No | 1 | 1 | EoP |
CVE-2020-0782 | Windows Cryptographic Catalog Services Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-0951 | Windows Defender Application Control Security Feature Bypass Vulnerability | Important | No | No | 2 | 2 | SFB |
CVE-2020-1031 | Windows DHCP Server Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2020-0836 | Windows DNS Denial of Service Vulnerability | Important | No | No | 2 | 2 | DoS |
CVE-2020-1228 | Windows DNS Denial of Service Vulnerability | Important | No | No | 2 | 2 | DoS |
CVE-2020-0839 | Windows dnsrslvr.dll Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1052 | Windows Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1159 | Windows Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1376 | Windows Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1491 | Windows Function Discovery Service Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-0912 | Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1256 | Windows GDI Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2020-0998 | Windows Graphics Component Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |