1. Cybersecurity >
  2. Hacker >
  3. The January 2020 Security Update Review

ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

The January 2020 Security Update Review


Hacking vom | Direktlink: thezdi.com Nachrichten Bewertung

Welcome to the new year, and welcome to the first Patch Tuesday of 2020. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month.

Adobe Patches for January 2020

Adobe begins the year with only two patches addressing a total of nine CVEs. The update for Illustrator CC fixes five Critical-rated CVEs. All of these bugs could allow code execution if a user opened a specially crafted file. The update for Experience Manager fixes three Important and one Moderate-rated information disclosure bugs. None of these vulnerabilities are listed as publicly known or under active attack at the time of release.

Citrix Patches for January 2020

We don’t normally discuss Citrix patches on this blog, but a recent bug (CVE-2019-19781) has been described as “one of the most dangerous bugs disclosed in recent years,” and a proof-of-concept exploit has been made public. What’s worse is that patches are not available yet but are scheduled for later this month. If you use Citrix, you should follow the mitigations posted here and look to apply patches as soon as they become available.

Microsoft Patches for January 2020

Before we get into this month’s patches, I briefly wanted to remind everyone that support for Windows 7 ends today. While Microsoft won’t necessarily be producing new patches for the venerable OS, attackers will certainly continue to produce new exploits. You should definitely be working on your migration strategy to a supported platform.

For January, Microsoft released patches for 49 CVEs covering Microsoft Windows, Internet Explorer (IE), Office and Office Services and Web Apps, ASP.NET, .NET Core, .NET Framework, Modern Apps, and Microsoft Dynamics. Five of these CVEs were submitted through the ZDI program. Of these 49 CVEs, eight are listed as Critical and 41 are listed as Important in severity. According to Microsoft, none of these are publicly known or under active attack at the time of release. However, there have been some reports of an IE bug being actively exploited. It does not appear that bug is addressed by any of these patches.

Let’s take a closer look at some of the more interesting updates for this month, starting with a crypto-related bug that has the rumor mill swirling:

-       CVE-2020-0601 – Windows CryptoAPI Spoofing Vulnerability
While only listed as Important in severity, this spoofing bug could have a wide-reaching impact and should be on the top of everyone’s list. This vulnerability could allow an attacker to create a code-signing certificate to sign a malicious executable, making it appear as though the file was from a trusted, legitimate source. It’s not hard to imagine how attackers could employ this tactic. For example, ransomware or other spyware is much easier to install when it appears to have a valid certificate. The patch also creates a new entry in the Windows event logs if someone attempts to use a forged certificate against a patched (and rebooted) system. This is significant and will help admins determine if they have been targeted. In the write-up, Microsoft credits the National Security Agency (NSA) for reporting this bug, which should heighten the sense of urgency in getting this patch tested and deployed.

-       CVE-2020-0609 – Windows RDP Gateway Server Remote Code Execution Vulnerability
I could just as easily listed CVE-2020-0610 here, as the write up from Microsoft is identical for both bugs. An attacker who exploited either of these bugs could get code execution on affected RDP Gateway Servers. This code execution occurs at the level of the server and is pre-auth and without user interaction. That means these bugs are wormable – at least between RDP Gateway Servers. While not as widespread as systems affected by Bluekeep, it certainly presents an attractive target for attackers.

-       CVE-2020-0611 – Remote Desktop Client Remote Code Execution Vulnerability
While not quite as severe as the previously mentioned RDP bugs, this client-side vulnerability deserves some attention. An attacker could take over an affected system if they can convince a user to connect to a malicious RDP server. Because of that requirement, this may not seem as critical. However, combine this client-side bug with two server-side bugs released in this same month, and an entire exploit chain becomes clear.  

Here’s the full list of CVEs released by Microsoft for January 2020:

CVE Title Severity Public Exploited XI - Latest XI - Older Type
CVE-2020-0603 ASP.NET Core Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-0605 .NET Framework Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-0606 .NET Framework Remote Code Execution Injection Vulnerability Critical No No 2 2 RCE
CVE-2020-0609 Windows RDP Gateway Server Remote Code Execution Vulnerability Critical No No N/A 1 RCE
CVE-2020-0610 Windows RDP Gateway Server Remote Code Execution Vulnerability Critical No No N/A 1 RCE
CVE-2020-0611 Remote Desktop Client Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-0640 Internet Explorer Memory Corruption Vulnerability Critical No No 2 2 RCE
CVE-2020-0646 .NET Framework Remote Code Execution Injection Vulnerability Critical No No 2 2 RCE
CVE-2020-0601 Windows CryptoAPI Spoofing Vulnerability Important No No 1 1 Spoof
CVE-2020-0602 ASP.NET Core Denial of Service Vulnerability Important No No 2 2 DoS
CVE-2020-0607 Microsoft Graphics Components Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0608 Win32k Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0612 Windows Remote Desktop Protocol (RDP) Gateway Server Denial of Service Vulnerability Important No No N/A 2 DoS
CVE-2020-0613 Windows Search Indexer Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0614 Windows Search Indexer Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0615 Windows Common Log File System Driver Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0616 Microsoft Windows Denial of Service Vulnerability Important No No 2 2 DoS
CVE-2020-0617 Hyper-V Denial of Service Vulnerability Important No No N/A 2 DoS
CVE-2020-0620 Microsoft Cryptographic Services Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0621 Windows Security Feature Bypass Vulnerability Important No No N/A 2 SFB
CVE-2020-0622 Microsoft Graphics Component Information Disclosure Vulnerability Important No No N/A 2 Info
CVE-2020-0623 Windows Search Indexer Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0624 Win32k Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0625 Windows Search Indexer Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0626 Windows Search Indexer Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0627 Windows Search Indexer Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0628 Windows Search Indexer Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0629 Windows Search Indexer Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0630 Windows Search Indexer Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0631 Windows Search Indexer Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0632 Windows Search Indexer Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0633 Windows Search Indexer Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0634 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2020-0635 Windows Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0636 Windows Subsystem for Linux Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0637 Remote Desktop Web Access Information Disclosure Vulnerability Important No No N/A 2 Info
CVE-2020-0638 Update Notification Manager Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0639 Windows Common Log File System Driver Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0641 Microsoft Windows Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0642 Win32k Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0643 Windows GDI+ Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0644 Windows Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0647 Microsoft Office Online Spoofing Vulnerability Important No No 2 N/A Spoof
CVE-2020-0650 Microsoft Excel Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-0651 Microsoft Excel Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-0652 Microsoft Office Memory Corruption Vulnerability Important No No 2 2 RCE
CVE-2020-0653 Microsoft Excel Remote Code Execution Vulnerability Important No No N/A 2 RCE
CVE-2020-0654 Microsoft OneDrive for Android Security Feature Bypass Vulnerability Important No No 2 2 SFB
CVE-2020-0656 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Important No No 2 2 XSS

Of the remaining Critical-rated patches, one is for IE, but again, this is not listed as publicly known or under active attack. There are also three Critical patches for .NET Framework and one for ASP.NET. Most of these require a user open a specially crafted file on an affected system. However, in CVE-2020-0646, an attacker could pass specific input to an application utilizing susceptible .NET methods to gain code execution. The code execution would occur at the level of the logged-on user, which brings us to another time to remind you not to log on with admin privileges to do your day-to-day work.

Looking at the Important-rated updates, the 12 updates for the Windows Search Indexer immediately stand out. The write-ups for these dozen bugs are all identical, and they were all reported by the same researcher. All list improper handling of objects in memory as a cause. In each case, a local user could run a specially crafted application to escalate privileges. In all, 21 January patches relate to a local privilege escalation in some form. Affected components include the Windows Subsystem for Linux, the Update Notification Manager, the Windows Kernel, and Microsoft Cryptographic Services.

There are two security feature bypass bugs this month, and both deserve mention. The first involves password creation, and it sounds like some creativity would be needed to exploit it as well. An attacker could create a password filter when creating a new password, which would result in a password that should have been blocked. I would love to hear the story of how the researchers discovered this scenario. The other bypass is for the OneDrive for Android app could allow an attacker to bypass the passcode or fingerprint requirements of the application. For this bug, you’ll need to download the update through the Google Play store.

There are a few RCE bugs fixed in Excel and Office. None of these bugs involve the Preview Pane and all require user interaction. There are also a handful of information disclosure bugs addressed in various Windows components. There are four Denial-of-Service (DoS) bugs fixed this month. A problem with hard links could make an affected Windows server unresponsive. RDP Gateway Servers also get a patch to fix a vulnerability that would allow a remote attacker to shut down an RDP Gateway Server. There’s also patches to address DoS bugs in Hyper-V and ASP.NET Core.

Wrapping up this release, there’s a spoofing bug in Office that could allow for cross-origin attacks on affected systems. The final patch from Microsoft for January fixes a cross-site scripting (XSS) bug in Microsoft Dynamics 365 (On-Premise).

No security advisories were released this month.

Looking Ahead

The next Patch Tuesday falls on February 11, and we’ll return with details and patch analysis then. Until then, happy patching and may all your reboots be smooth and clean!

...
https://www.thezdi.com/blog/2020/1/14/the-january-2020-security-update-review

Externe Quelle mit kompletten Inhalt anzeigen


Zur Startseite von Team IT Security

➤ Weitere Beiträge von Team Security | IT Sicherheit

CentOS Blog: CentOS Community newsletter, February 2020 (#2002)

vom 447.92 Punkte ic_school_black_18dp
Dear CentOS enthusiast, After a slowdown over the past few months, the year is off to a busy start. I'm getting the newsletter out a little later than usual, due to having spent last week in Brussels, at FOSDEM. More about this below. Special thanks go to Ama

The April 2020 Security Update Review

vom 410.23 Punkte ic_school_black_18dp
April is here, and it brings another cornucopia of security patches from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month.Adobe Patches for April 2020For April, Ad

The March 2020 Security Update Review

vom 408.81 Punkte ic_school_black_18dp
March is upon us, and it brings a bumper crop of security patches from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month.Adobe Patches for March 2020Oddly, Adobe

The February 2020 Security Update Review

vom 408.34 Punkte ic_school_black_18dp
February is here, and with it comes some significant security patches from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month. Adobe Patches for February 2020The Adobe

The July 2020 Security Update Review

vom 402.84 Punkte ic_school_black_18dp
July is upon us, and it brings another huge batch of security patches from Microsoft, and a few from Adobe as well. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month.Adobe Patches for

The June 2020 Security Update Review

vom 401.17 Punkte ic_school_black_18dp
June is here, and it brings with it a record number of security patches from Microsoft, and a few from Adobe as well. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month.Adobe

The September 2020 Security Update Review

vom 398.94 Punkte ic_school_black_18dp
September is upon us and so are the latest security offerings from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details of security patches for this month.Adobe Patches for September 2020Adobe rel

The August 2020 Security Update Review

vom 396.99 Punkte ic_school_black_18dp
August is here and so is the latest batch of security patches from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details of security patches for this month.Adobe Patches for August 2020The Adobe re

The May 2020 Security Update Review

vom 395.38 Punkte ic_school_black_18dp
May is upon us, and with it brings another bumper crop of security patches from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month.Adobe Patches for May 2020The Adobe updat

TA18-004A: Meltdown and Spectre Side-Channel Vulnerability Guidance

vom 331.89 Punkte ic_school_black_18dp
Original release date: January 04, 2018 | Last revised: February 10, 2018Systems Affected CPU hardware implementations Overview On January 3, 2018, the National Cybersecurity and Communications Integration Center (NCCIC) became aware of a set o

Movierulz 2020 | Download Watch Telugu Bollywood and Hollywood Full Movies Online Free

vom 273.97 Punkte ic_school_black_18dp
Movierulz - Download watch latest Bollywood Hollywood Hindi English Telugu Tamil Malayalam Dubbed Kannada Marathi Punjabi movies online free movierulz torrent8Movierulz.ws- Download Watch Telugu Bollywood and Hollywood Full Movies Online FreeThe torre

CentOS Blog: CentOS Community newsletter, April 2020 (#2004)

vom 273.21 Punkte ic_school_black_18dp
Dear CentOS enthusiast, I hope you are all well. I know that this is a very difficult time for all of you, and that you likely have other things on your mind than CentOS, so I'll try to make it interesting this month. In this edition: News Releases and updates Event

Team Security Diskussion über The January 2020 Security Update Review