❈ The November 2020 Security Update Review
November is here and with it comes the latest security offerings from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details of security patches for this month.
Adobe Patches for November 2020
Adobe kicked off their November patch cycle a bit early by releasing an update for Acrobat and Reader last Tuesday. The patch fixes 14 CVEs, four of which were reported through the ZDI program. Four of these CVEs are rated as Critical and could lead to code execution if a user opened a specially crafted PDF.
Today, Adobe released patches for Reader for Android and Connect fixing three total CVEs. The update for Reader for Android fixes an info disclosure bug. The two CVEs addressed by the Connect patch cover reflective cross-site scripting (XSS) bugs. None of the CVEs fixed by Adobe this or last week were listed as publicly known or under active attack at the time of release.
Microsoft Patches for November 2020
For November, Microsoft released patches to correct 112 CVEs in Microsoft Windows, Office and Office Services and Web Apps, Internet Explorer (IE), Edge (EdgeHTML-based and Chromium-based), ChakraCore, Exchange Server, Microsoft Dynamics, Azure Sphere, Windows Defender, Microsoft Teams, and Visual Studio. After a brief dip in October, we’re back into the 110+ CVEs per month volume of patches again. That makes eight months this year with this level of patches, so we really need to think of this as the new normal.
Of these 112 patches, 17 are rated as Critical, 93 are rated as Important, and two are rated Low in severity. A total of six of these bugs came through the ZDI program. Only one bug is listed as publicly known and under active attack. You’ll notice some big changes in the documentation for this month’s release (see below for details). Microsoft has decided to withhold the amount of information it publishes about the bugs being patched. Consequently, you’ll see less detail in this blog as well. We’ll still do what we can to parse the release with what data Microsoft does publish and our deep knowledge of bug reports. We do see quite a few of them. Let’s begin take a closer look at some of the more severe bugs in this release, starting with the bug currently being exploited:
-Â Â Â Â Â Â Â CVE-2020-17087Â - Windows Kernel Local Elevation of Privilege Vulnerability
This privilege escalation bug was publicly disclosed by Google in late October. They noted it was combined with a Chrome bug to escape the browser sandbox and execute code on the target system. While not explicitly stated, the language used makes it seem the exploit is not yet widespread. However, considering there is a full analysis of the bug weeks before the patch, it will likely be incorporated into other exploits quickly.
-Â Â Â Â Â Â Â CVE-2020-17084Â - Microsoft Exchange Server Remote Code Execution Vulnerability
This patch corrects a code execution bug in Exchange that was reported by Pwn2Own Miami winner Steven Seeley. With no details provided by Microsoft, we can only assume this is the bypass of CVE-2020-16875 he had previously mentioned. It is very likely he will his publish the details of these bugs soon. Microsoft rates this as Important, but I would treat it as Critical, especially since people seem to find it hard to patch Exchange at all.
-Â Â Â Â Â Â Â CVE-2020-17051Â - Windows Network File System Remote Code Execution Vulnerability
With no description to work from, we need to rely on the CVSS to provide clues about the real risk from this bug. At a 9.8, it’s about as critical as a bug can get. Considering this is listed as no user interaction with low attack complexity, and considering NFS is a network service, you should treat this as wormable until we learn otherwise.
-Â Â Â Â Â Â Â CVE-2020-17040Â - Windows Hyper-V Security Feature Bypass Vulnerability
Here’s another bug that could be helped by a description. It’s not clear which security feature in Hyper-V is being bypassed or how an attacker can abuse it. Again, the attack complexity is low, authentication is not required, and there is no user interaction. Additional details are needed to accurately judge the risk from this bug, but the title and CVSS values alone put this bug on everyone’s radar.
Here’s the full list of CVEs released by Microsoft for November 2020.Â
| CVE | Title | Severity | Public | Exploited | Type | |
| CVE-2020-17087 | Windows Kernel Local Elevation of Privilege Vulnerability | Important | Yes | Yes | EoP | |
| CVE-2020-17105 | AV1 Video Extension Remote Code Execution Vulnerability | Critical | No | No | RCE | |
| CVE-2020-16988 | Azure Sphere Elevation of Privilege Vulnerability | Critical | No | No | EoP | |
| CVE-2020-17048 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No | RCE | |
| CVE-2020-17101 | HEIF Image Extensions Remote Code Execution Vulnerability | Critical | No | No | RCE | |
| CVE-2020-17106 | HEVC Video Extensions Remote Code Execution Vulnerability | Critical | No | No | RCE | |
| CVE-2020-17107 | HEVC Video Extensions Remote Code Execution Vulnerability | Critical | No | No | RCE | |
| CVE-2020-17108 | HEVC Video Extensions Remote Code Execution Vulnerability | Critical | No | No | RCE | |
| CVE-2020-17109 | HEVC Video Extensions Remote Code Execution Vulnerability | Critical | No | No | RCE | |
| CVE-2020-17110 | HEVC Video Extensions Remote Code Execution Vulnerability | Critical | No | No | RCE | |
| CVE-2020-17053 | Internet Explorer Memory Corruption Vulnerability | Critical | No | No | RCE | |
| CVE-2020-17058 | Microsoft Browser Memory Corruption Vulnerability | Critical | No | No | RCE | |
| CVE-2020-17078 | Raw Image Extension Remote Code Execution Vulnerability | Critical | No | No | RCE | |
| CVE-2020-17079 | Raw Image Extension Remote Code Execution Vulnerability | Critical | No | No | RCE | |
| CVE-2020-17082 | Raw Image Extension Remote Code Execution Vulnerability | Critical | No | No | RCE | |
| CVE-2020-17052 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No | RCE | |
| CVE-2020-17051 | Windows Network File System Remote Code Execution Vulnerability | Critical | No | No | RCE | |
| CVE-2020-17042 | Windows Print Spooler Remote Code Execution Vulnerability | Critical | No | No | RCE | |
| CVE-2020-1325 | Azure DevOps Server and Team Foundation Services Spoofing Vulnerability | Important | No | No | Spoof | |
| CVE-2020-16986 | Azure Sphere Denial of Service Vulnerability | Important | No | No | DoS | |
| CVE-2020-16981 | Azure Sphere Elevation of Privilege Vulnerability | Important | No | No | EoP | |
| CVE-2020-16989 | Azure Sphere Elevation of Privilege Vulnerability | Important | No | No | EoP | |
| CVE-2020-16992 | Azure Sphere Elevation of Privilege Vulnerability | Important | No | No | EoP | |
| CVE-2020-16993 | Azure Sphere Elevation of Privilege Vulnerability | Important | No | No | EoP | |
| CVE-2020-16985 | Azure Sphere Information Disclosure Vulnerability | Important | No | No | Info | |
| CVE-2020-16990 | Azure Sphere Information Disclosure Vulnerability | Important | No | No | Info | |
| CVE-2020-16983 | Azure Sphere Tampering Vulnerability | Important | No | No | Tampering | |
| CVE-2020-16970 | Azure Sphere Unsigned Code Execution Vulnerability | Important | No | No | RCE | |
| CVE-2020-16982 | Azure Sphere Unsigned Code Execution Vulnerability | Important | No | No | RCE | |
| CVE-2020-16984 | Azure Sphere Unsigned Code Execution Vulnerability | Important | No | No | RCE | |
| CVE-2020-16987 | Azure Sphere Unsigned Code Execution Vulnerability | Important | No | No | RCE | |
| CVE-2020-16991 | Azure Sphere Unsigned Code Execution Vulnerability | Important | No | No | RCE | |
| CVE-2020-16994 | Azure Sphere Unsigned Code Execution Vulnerability | Important | No | No | RCE | |
| CVE-2020-17054 | Chakra Scripting Engine Memory Corruption Vulnerability | Important | No | No | RCE | |
| CVE-2020-16998 | DirectX Elevation of Privilege Vulnerability | Important | No | No | EoP | |
| CVE-2020-17049 | Kerberos Security Feature Bypass Vulnerability | Important | No | No | SFB | |
| CVE-2020-17090 | Microsoft Defender for Endpoint Security Feature Bypass Vulnerability | Important | No | No | SFB | |
| CVE-2020-17005 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important | No | No | XSS | |
| CVE-2020-17006 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important | No | No | XSS | |
| CVE-2020-17018 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important | No | No | XSS | |
| CVE-2020-17021 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important | No | No | XSS | |
| CVE-2020-17019 | Microsoft Excel Remote Code Execution Vulnerability | Important | No | No | RCE | |
| CVE-2020-17064 | Microsoft Excel Remote Code Execution Vulnerability | Important | No | No | RCE | |
| CVE-2020-17065 | Microsoft Excel Remote Code Execution Vulnerability | Important | No | No | RCE | |
| CVE-2020-17066 | Microsoft Excel Remote Code Execution Vulnerability | Important | No | No | RCE | |
| CVE-2020-17067 | Microsoft Excel Security Feature Bypass Vulnerability | Important | No | No | SFB | |
| CVE-2020-17085 | Microsoft Exchange Server Denial of Service Vulnerability | Important | No | No | DoS | |
| CVE-2020-17083 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important | No | No | RCE | |
| CVE-2020-17084 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important | No | No | RCE | |
| CVE-2020-17062 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | Important | No | No | RCE | |
| CVE-2020-17063 | Microsoft Office Online Spoofing Vulnerability | Important | No | No | Spoof | |
| CVE-2020-17081 | Microsoft Raw Image Extension Information Disclosure Vulnerability | Important | No | No | Info | |
| CVE-2020-17086 | Microsoft Raw Image Extension Information Disclosure Vulnerability | Important | No | No | Info | |
| CVE-2020-16979 | Microsoft SharePoint Information Disclosure Vulnerability | Important | No | No | Info | |
| CVE-2020-17017 | Microsoft SharePoint Information Disclosure Vulnerability | Important | No | No | Info | |
| CVE-2020-17061 | Microsoft SharePoint Remote Code Execution Vulnerability | Important | No | No | RCE | |
| CVE-2020-17016 | Microsoft SharePoint Spoofing Vulnerability | Important | No | No | Spoof | |
| CVE-2020-17060 | Microsoft SharePoint Spoofing Vulnerability | Important | No | No | Spoof | |
| CVE-2020-17091 | Microsoft Teams Remote Code Execution Vulnerability | Important | No | No | RCE | |
| CVE-2020-17020 | Microsoft Word Security Feature Bypass Vulnerability | Important | No | No | SFB | |
| CVE-2020-17000 | Remote Desktop Protocol Client Information Disclosure Vulnerability | Important | No | No | Info | |
| CVE-2020-16997 | Remote Desktop Protocol Server Information Disclosure Vulnerability | Important | No | No | Info | |
| CVE-2020-17104 | Visual Studio Code JSHint Extension Remote Code Execution Vulnerability | Important | No | No | RCE | |
| CVE-2020-17100 | Visual Studio Tampering Vulnerability | Important | No | No | Tampering | |
| CVE-2020-17102 | WebP Image Extensions Information Disclosure Vulnerability | Important | No | No | Info | |
| CVE-2020-17010 | Win32k Elevation of Privilege Vulnerability | Important | No | No | EoP | |
| CVE-2020-17038 | Win32k Elevation of Privilege Vulnerability | Important | No | No | EoP | |
| CVE-2020-17013 | Win32k Information Disclosure Vulnerability | Important | No | No | Info | |
| CVE-2020-17012 | Windows Bind Filter Driver Elevation of Privilege Vulnerability | Important | No | No | EoP | |
| CVE-2020-17113 | Windows Camera Codec Information Disclosure Vulnerability | Important | No | No | Info | |
| CVE-2020-17029 | Windows Canonical Display Driver Information Disclosure Vulnerability | Important | No | No | Info | |
| CVE-2020-17024 | Windows Client Side Rendering Print Provider Elevation of Privilege Vulnerability | Important | No | No | EoP | |
| CVE-2020-17088 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important | No | No | EoP | |
| CVE-2020-17071 | Windows Delivery Optimization Information Disclosure Vulnerability | Important | No | No | Info | |
| CVE-2020-17007 | Windows Error Reporting Elevation of Privilege Vulnerability | Important | No | No | EoP | |
| CVE-2020-17036 | Windows Function Discovery SSDP Provider Information Disclosure Vulnerability | Important | No | No | Info | |
| CVE-2020-17068 | Windows GDI+ Remote Code Execution Vulnerability | Important | No | No | RCE | |
| CVE-2020-17004 | Windows Graphics Component Information Disclosure Vulnerability | Important | No | No | Info | |
| CVE-2020-17040 | Windows Hyper-V Security Feature Bypass Vulnerability | Important | No | No | SFB | |
| CVE-2020-17035 | Windows Kernel Elevation of Privilege Vulnerability | Important | No | No | EoP | |
| CVE-2020-17045 | Windows KernelStream Information Disclosure Vulnerability | Important | No | No | Info | |
| CVE-2020-17030 | Windows MSCTF Server Information Disclosure Vulnerability | Important | No | No | Info | |
| CVE-2020-17069 | Windows NDIS Information Disclosure Vulnerability | Important | No | No | Info | |
| CVE-2020-17047 | Windows Network File System Denial of Service Vulnerability | Important | No | No | DoS | |
| CVE-2020-17056 | Windows Network File System Information Disclosure Vulnerability | Important | No | No | Info | |
| CVE-2020-17011 | Windows Port Class Library Elevation of Privilege Vulnerability | Important | No | No | EoP | |
| CVE-2020-17041 | Windows Print Configuration Elevation of Privilege Vulnerability | Important | No | No | EoP | |
| CVE-2020-17001 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | No | No | EoP | |
| CVE-2020-17014 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | No | No | EoP | |
| CVE-2020-17025 | Windows Remote Access Elevation of Privilege Vulnerability | Important | No | No | EoP | |
| CVE-2020-17026 | Windows Remote Access Elevation of Privilege Vulnerability | Important | No | No | EoP | |
| CVE-2020-17027 | Windows Remote Access Elevation of Privilege Vulnerability | Important | No | No | EoP | |
| CVE-2020-17028 | Windows Remote Access Elevation of Privilege Vulnerability | Important | No | No | EoP | |
| CVE-2020-17031 | Windows Remote Access Elevation of Privilege Vulnerability | Important | No | No | EoP | |
| CVE-2020-17032 | Windows Remote Access Elevation of Privilege Vulnerability | Important | No | No | EoP | |
| CVE-2020-17033 | Windows Remote Access Elevation of Privilege Vulnerability | Important | No | No | EoP | |
| CVE-2020-17034 | Windows Remote Access Elevation of Privilege Vulnerability | Important | No | No | EoP | |
| CVE-2020-17043 | Windows Remote Access Elevation of Privilege Vulnerability | Important | No | No | EoP | |
| CVE-2020-17044 | Windows Remote Access Elevation of Privilege Vulnerability | Important | No | No | EoP | |
| CVE-2020-17055 | Windows Remote Access Elevation of Privilege Vulnerability | Important | No | No | EoP | |
| CVE-2020-1599 | Windows Spoofing Vulnerability | Important | No | No | Spoof | |
| CVE-2020-17070 | Windows Update Medic Service Elevation of Privilege Vulnerability | Important | No | No | EoP | |
| CVE-2020-17073 | Windows Update Orchestrator Service Elevation of Privilege Vulnerability | Important | No | No | EoP | |
| CVE-2020-17074 | Windows Update Orchestrator Service Elevation of Privilege Vulnerability | Important | No | No | EoP | |
| CVE-2020-17076 | Windows Update Orchestrator Service Elevation of Privilege Vulnerability | Important | No | No ...
Kompletten Artikel lesen (externe Quelle: https://www.thezdi.com/blog/2020/11/10/the-november-2020-security-update-review) Zur Team IT Security IT Sicherheit Nachrichtenportal Startseite ➤ Weitere Beiträge von Team Security | IT Sicherheit (tsecurity.de)
Team Security Diskussion über The November 2020 Security Update Review |