The October 2020 Security Update Review


Hacking vom | Direktlink: thezdi.com

October is here and with it comes the latest security offerings from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details of security patches for this month.

Adobe Patches for October 2020

Adobe released only one patch for October. It fixes a single vulnerability in Flash, which reaches it end-of-life (EOL) at the end of this year. The patch corrects a NULL pointer Dereference bug. These types of bugs rarely lead to security problems as they usually generate an immediate segmentation fault error. However, Adobe states this vulnerability can lead to an exploitable crash and result in code execution in the context of the current user. Considering Flash is so close to its EOL, there’s the possibility this is the last patch we see for the once ubiquitous media player.

Microsoft Patches for October 2020

For October, Microsoft released patches to correct 87 CVEs in Microsoft Windows, Office and Office Services and Web Apps, Azure Functions, Open Source Software, Exchange Server, Visual Studio, .NET Framework, Microsoft Dynamics, and the Windows Codecs Library. That ends the streak of more than 110 CVEs being fixed at seven months (March through September), but you’re not likely to hear any complaints. Microsoft is still on pace to double its CVE count from 2017, but hopefully, the last few months of 2020 will see this lighter load.

Of these 87 patches, 11 are listed as Critical while 75 are listed as Important, and one is listed as Moderate in severity. A total of 11 of these bugs came through the ZDI program. None of these bugs are listed as being under active attack, but six bugs are listed as publicly known at the time of release. Let’s take a closer look at some of the more severe bugs in this release, starting with a bug in the TCP/IP stack that is sure to get some notice:

-       CVE-2020-16898 – Windows TCP/IP Remote Code Execution Vulnerability
This patch corrects a problem in the TCP/IP stack caused by the way it handles ICMPv6 router advertisements. A specially crafted ICMPv6 router advertisement could cause code execution on an affected system. Since the code execution occurs in the TCP/IP stack, it is assumed the attacker could execute arbitrary code with elevated privileges. If you’re running an IPv6 network, you know that filtering router advertisements is not a practical workaround. Microsoft also gives this bug its highest exploitability rating, so exploits are likely. You should definitely test and deploy this patch as soon as possible.

-       CVE-2020-16947 - Microsoft Outlook Remote Code Execution Vulnerability
This vulnerability was reported through the ZDI program, and it could allow code execution on affected versions of Outlook just by viewing a specially crafted e-mail. The Preview Pane is an attack vector here, so you don’t even need to open the mail to be impacted. The specific flaw exists within the parsing of HTML content in an email. The issue results from the lack of proper validation of the length of user-supplied data before copying it to a fixed-length heap-based buffer. Although Microsoft gives this an XI rating of 2, we have a working proof-of-concept. Patch this one quickly.

-       CVE-2020-16891 - Windows Hyper-V Remote Code Execution Vulnerability
This patch corrects a bug that allows an attacker to run a specially crafted program on an affected guest OS to execute arbitrary code on the host OS. The write up doesn’t say at what permission level the code execution occurs, but that shouldn’t stop you from rolling this out to your Hyper-V servers quickly.

-       CVE-2020-16909 - Windows Error Reporting Elevation of Privilege Vulnerability
This is one of the six bugs listed as publicly known for this month. The patch corrects an escalation of privilege (EoP) in the Windows Error Reporting (WER) component that could allow an authenticated attacker to execute arbitrary code with escalated privileges. Although this CVE is not listed as being publicly exploited, bugs in this component have been reported as being used in the wild in fileless attacks. Regardless, this and the other bugs in the WER component being fixed this month should not be ignored.

Here’s the full list of CVEs released by Microsoft for October 2020. 

CVE Title Severity Public Exploited XI - Latest XI - Older Type
CVE-2020-16937 .NET Framework Information Disclosure Vulnerability Important Yes No 2 2 Info
CVE-2020-16909 Windows Error Reporting Elevation of Privilege Vulnerability Important Yes No 2 2 EoP
CVE-2020-16901 Windows Kernel Information Disclosure Vulnerability Important Yes No 2 2 Info
CVE-2020-16938 Windows Kernel Information Disclosure Vulnerability Important Yes No 2 2 Info
CVE-2020-16908 Windows Setup Elevation of Privilege Vulnerability Important Yes No 2 2 EoP
CVE-2020-16885 Windows Storage VSP Driver Elevation of Privilege Vulnerability Important Yes No 2 2 EoP
CVE-2020-17003 Base3D Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-16911 GDI+ Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-16915 Media Foundation Memory Corruption Vulnerability Critical No No 2 2 RCE
CVE-2020-16923 Microsoft Graphics Components Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-16947 Microsoft Outlook Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-16951 Microsoft SharePoint Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-16952 Microsoft SharePoint Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-16967 Windows Camera Codec Pack Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-16968 Windows Camera Codec Pack Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-16891 Windows Hyper-V Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-16898 Windows TCP/IP Remote Code Execution Vulnerability Critical No No 1 1 RCE
CVE-2020-16904 Azure Functions Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-16918 Base3D Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-16943 Dynamics 365 Commerce Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-16939 Group Policy Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-16924 Jet Database Engine Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-16956 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Important No No 2 2 XSS
CVE-2020-16978 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Important No No 2 2 XSS
CVE-2020-16929 Microsoft Excel Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-16930 Microsoft Excel Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-16931 Microsoft Excel Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-16932 Microsoft Excel Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-16969 Microsoft Exchange Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1167 Microsoft Graphics Components Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-16957 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-16928 Microsoft Office Click-to-Run Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-16934 Microsoft Office Click-to-Run Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-16955 Microsoft Office Click-to-Run Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-16954 Microsoft Office Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-16945 Microsoft Office SharePoint XSS Vulnerability Important No No 2 2 XSS
CVE-2020-16946 Microsoft Office SharePoint XSS Vulnerability Important No No 2 2 XSS
CVE-2020-16941 Microsoft SharePoint Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-16942 Microsoft SharePoint Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-16948 Microsoft SharePoint Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-16950 Microsoft SharePoint Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-16953 Microsoft SharePoint Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-16944 Microsoft SharePoint Reflective XSS Vulnerability Important No No 2 2 XSS
CVE-2020-16933 Microsoft Word Security Feature Bypass Vulnerability Important No No 2 2 SFB
CVE-2020-16897 NetBT Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-16995 Network Watcher Agent virtual machine extension for Linux Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-16886 PowerShellGet Module WDAC Security Feature Bypass Vulnerability Important No No 2 2 SFB
CVE-2020-16977 Visual Studio Code Python Extension Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-16907 Win32k Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2020-16913 Win32k Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2020-16940 Windows - User Profile Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-16876 Windows Application Compatibility Client Library Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-16920 Windows Application Compatibility Client Library Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-16912 Windows Backup Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-16936 Windows Backup Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-16972 Windows Backup Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-16973 Windows Backup Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-16974 Windows Backup Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-16975 Windows Backup Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-16976 Windows Backup Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-16916 Windows COM Server Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-16935 Windows COM Server Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-16877 Windows Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-16919 Windows Enterprise App Management Service Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-16905 Windows Error Reporting Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-16895 Windows Error Reporting Manager Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-16900 Windows Event System Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-16914 Windows GDI+ Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1243 Windows Hyper-V Denial of Service Vulnerability Important No No 2 2 DoS
CVE-2020-1047 Windows Hyper-V Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1080 Windows Hyper-V Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-16892 Windows Image Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-16902 Windows Installer Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-16980 Windows iSCSI Target Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-16890 Windows Kernel Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-16889 Windows KernelStream Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-16894 Windows NAT Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-16887 Windows Network Connections Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-16927 Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability Important No No 2 2 DoS
CVE-2020-16896 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Important No No 1 1 Info
CVE-2020-16863 Windows Remote Desktop Service Denial of Service Vulnerability Important No No 2 2 DoS
CVE-2020-16910 Windows Security Feature Bypass Vulnerability Important No No 2 2 SFB
CVE-2020-16922 Windows Spoofing Vulnerability Important No No 1 1 Spoofing
CVE-2020-0764 Windows Storage Services Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-16899 Windows TCP/IP Denial of Service Vulnerability Important No No 1 1 DoS
CVE-2020-16921 Windows Text Services Framework Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-16949 Microsoft Outlook Denial of Service Vulnerability Moderate No No 2 2 DoS

Of the remaining publicly known bugs, two are EoP bugs in the Windows Setup component and the Windows Storage VSP Driver. The remaining public bugs are information disclosure bugs in the kernel and .NET Framework. These info disclosure bugs leak the contents of kernel memory but do not expose any personally identifiable information.

Checking on the remaining Critical-rated bugs, two impact the Windows Camera Codec and were reported by ZDI vulnerability researcher Hossein Lotfi. These bugs result from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. Sticking with the media theme, there are also code execution bugs in Media Foundation Library, Base3D rendering engine, Graphics components, and GDI+. The final Critical-rated bugs are code execution vulnerabilities in SharePoint Server. In both cases, the attacker would need to upload a specially crafted SharePoint application package to an affected version of SharePoint to get arbitrary code execution. This can be accomplished by an unprivileged SharePoint user if the server’s configuration allows it.

Moving on to the Important-rated bugs, the first that pops out is a spoofing bug in Windows that could allow an attacker to loaded improperly signed files. This could also be considered a security feature bypass (SFB) since Windows is designed to only load files with valid signatures. A different bug that is listed as an SFB could allow an attacker to create files in a protected Unified Extensible Firmware Interface (UEFI) location. Another interesting SFB being fixed this month resides in Word when it improperly handles .LNK files. An attacker could perform actions in the context of whoever opens a specially crafted Word doc. While not arbitrary code execution, it certainly can be useful for attackers. A final SFB exists in PowerShell. This one could allow an attacker to bypass the Windows Defender Application Control (WDAC) policy and execute arbitrary code on a policy locked-down machine. 

Including the cases previously mentioned, there are 36 patches to address EoP bugs this month. While this is a lower number than some other months, it still represents 42.5% of the total release for October. In almost all of these cases, an attacker would need to log on to an affected system and run their application. Affected components include Office Click-to-Run, the Backup Service, Azure Functions, Dynamics 365, Group Policy, and Windows COM. Also getting an EoP patch is the Network Watcher Agent Virtual Machine Extension for Linux. However, to get this update, you’ll need to manually update the Network Watcher Agent virtual machine extensions. As someone who has been in the industry for a while, it’s still odd to see Microsoft release patches for Linux. It’s a welcome change.

Moving on to the Denial-of-Service (DoS) bugs, there are only five this month, and one of those is rated Moderate. However, there is a DoS in the TCP/IP similar to the RCE bug previously mentioned. In this case, malformed ICMPv6 Router Advertisements could cause a system to stop responding. Not quite as bad as code execution, but not good. There are also two DoS bugs in the Remote Desktop Protocol and Hyper-V server.

There are 15 information disclosure bugs receiving patches this month, including those previously mentioned. For the most part, the information leaked consists of unspecified memory contents. Not so for the info disclosure bug in Microsoft Exchange. This improper token validation bug could potentially leak IDs, tokens, nonces, and other sensitive information. According to the write-up, an attacker could exploit this by sending specially crafted OWA messages that could be loaded without warning or filtering. Information disclosure bugs can be easy to overlook, but don’t discount this one. Finally, this month’s release is rounded out by five cross-site scripting (XSS) bugs in Dynamics 365 (On-Premise) and SharePoint Server.

Looking at the advisories for October, the first is Microsoft’s version of the aforementioned patch for Flash in Internet Explorer. The other is the update to the Windows Servicing Stack, which adds updates for all supported versions of Windows.

Looking Ahead

The next Patch Tuesday falls on November 10, and we’ll return with details and patch analysis then. Until then, stay safe, enjoy your patching, and may all your reboots be smooth and clean!

...

Externe Quelle mit kompletten Artikel anzeigen

https://www.thezdi.com/blog/2020/10/13/the-october-2020-security-update-review
Zur Startseite

➤ Weitere Beiträge von Team Security | IT Sicherheit

CentOS Blog: CentOS Community newsletter, November 2019 (#1911)

vom 444.23 Punkte ic_school_black_18dp
Dear CentOS enthusiast, CentOS is more than just code. If you want to contribute in other non-code ways - documentation, design, promotion, events - we want to hear from you. See the "Contributing" section below for more details. IN THIS EDITION:

The November 2020 Security Update Review

vom 342.69 Punkte ic_school_black_18dp
November is here and with it comes the latest security offerings from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details of security patches for this month.Adobe Patches for November 2020Adobe kick

The October 2020 Security Update Review

vom 319.31 Punkte ic_school_black_18dp
October is here and with it comes the latest security offerings from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details of security patches for this month.Adobe Patches for October 2020Adobe relea

The July 2020 Security Update Review

vom 314.09 Punkte ic_school_black_18dp
July is upon us, and it brings another huge batch of security patches from Microsoft, and a few from Adobe as well. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month.Adobe Patches for

The March 2020 Security Update Review

vom 314.05 Punkte ic_school_black_18dp
March is upon us, and it brings a bumper crop of security patches from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month.Adobe Patches for March 2020Oddly, Adobe

The June 2020 Security Update Review

vom 312.8 Punkte ic_school_black_18dp
June is here, and it brings with it a record number of security patches from Microsoft, and a few from Adobe as well. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month.Adobe

The April 2020 Security Update Review

vom 312.23 Punkte ic_school_black_18dp
April is here, and it brings another cornucopia of security patches from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month.Adobe Patches for April 2020For April, Ad

The September 2020 Security Update Review

vom 310.84 Punkte ic_school_black_18dp
September is upon us and so are the latest security offerings from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details of security patches for this month.Adobe Patches for September 2020Adobe rel

The August 2020 Security Update Review

vom 309.3 Punkte ic_school_black_18dp
August is here and so is the latest batch of security patches from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details of security patches for this month.Adobe Patches for August 2020The Adobe re

The May 2020 Security Update Review

vom 308.08 Punkte ic_school_black_18dp
May is upon us, and with it brings another bumper crop of security patches from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month.Adobe Patches for May 2020The Adobe updat

The February 2020 Security Update Review

vom 306.88 Punkte ic_school_black_18dp
February is here, and with it comes some significant security patches from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month. Adobe Patches for February 2020The Adobe

CentOS Blog: CentOS Pulse Newsletter, November 2018 (#1806)

vom 274.65 Punkte ic_school_black_18dp
Dear CentOS enthusiast, Here's what's been happening in the past month at CentOS. Releases and updates The following releases and updates happened in October. For each update, the given URL provides the upstream notes about the change. Errata and En

Team Security Diskussion über The October 2020 Security Update Review