Blog

Microsoft July 2020 Patch Tuesday – Patch Now!, (Tue, Jul 14th)

This month we got patches for 123 vulnerabilities. Of these, 17 are critical and 2 were previously disclosed.

Amongst critical vulnerabilities, there is a critical remote code execution (RCE) vulnerability (CVE-2020-1350) affecting Windows DNS Server on multiple Windows Server versions, including 2008, 2012, 2016 and 2019. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account.

The DNS Server vulnerability scores a perfect 10 CVSS and is considered wormable, which means it has the potential to spread via malware vulnerable computers without user interaction. Microsoft advises everyone running DNS servers to apply the security update as soon as possible. For those unable to apply the patch right way, Microsoft recommends the application of a workaround, described on the CVE-2020-1350 vulnerability advisory details. The workarround consists on a registry modification and requires just the service restart – no need to reboot the OS. There is a special guidance for the DNS Server vulnerability including further details about the workaround here: https://support.microsoft.com/en-us/help/4569509/windows-dns-server-remote-code-execution-vulnerability

There is also a critical RCE vulnerability affecting Windows Graphics Device Interface (GDI) (CVE-2020-1435). An attacker could exploit this vulnerability by convincing users to view a specially crafted website or sending them an e-mail attachment with a malicious attachment. The CVSS score for this one is 8.80.

A third RCE worth mentioning in today’s diary affects Hyper-V RemoteFX vGPU (CVE-2020-1036). To exploit this vulnerability, an attacker could run a specially crafted application on a guest operating system, attacking certain third-party video drivers running on the Hyper-V host. This could then cause the host operating system to execute arbitrary code. There is no patch for this vulnerability yet. According to the vulnerability FAQ, If you are running Windows Server 2016 or Windows Server 2019, Microsoft recommends the use of  Discrete Device Assignment (DDA) as opposed to RemoteFX vGPU to enable graphics virtualization. For more details, read: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1036

See Renato’s dashboard for a more detailed breakout: https://patchtuesdaydashboard.com

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability
%%cve:2020-1147%% No No More Likely More Likely Critical    
Azure DevOps Server Cross-site Scripting Vulnerability
%%cve:2020-1326%% No No Less Likely Less Likely Important    
Bond Denial of Service Vulnerability
%%cve:2020-1469%% No No Less Likely Less Likely Important    
Connected User Experiences and Telemetry Service Information Disclosure Vulnerability
%%cve:2020-1386%% No No Less Likely Less Likely Important 5.5 5.0
DirectWrite Remote Code Execution Vulnerability
%%cve:2020-1409%% No No Less Likely Less Likely Critical 7.8 7.0
GDI+ Remote Code Execution Vulnerability
%%cve:2020-1435%% No No Less Likely Less Likely Critical 8.8 7.9
Group Policy Services Policy Processing Elevation of Privilege Vulnerability
%%cve:2020-1333%% No No Less Likely Less Likely Important 6.7 6.0
Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
%%cve:2020-1032%% No No Less Likely Less Likely Critical 8.0 7.6
%%cve:2020-1036%% No No Less Likely Less Likely Critical 8.0 7.6
%%cve:2020-1040%% No No Less Likely Less Likely Critical 8.0 7.6
%%cve:2020-1041%% No No Less Likely Less Likely Critical 8.0 7.6
%%cve:2020-1043%% No No Less Likely Less Likely Critical 8.0 7.6
%%cve:2020-1042%% No No Less Likely Less Likely Critical 8.0 7.6
Jet Database Engine Remote Code Execution Vulnerability
%%cve:2020-1400%% No No Less Likely Less Likely Important 7.8 7.0
%%cve:2020-1401%% No No Less Likely Less Likely Important 7.8 7.0
%%cve:2020-1407%% No No Less Likely Less Likely Important 7.8 7.0
LNK Remote Code Execution Vulnerability
%%cve:2020-1421%% No No Less Likely Less Likely Critical 7.5 6.7
Local Security Authority Subsystem Service Denial of Service Vulnerability
%%cve:2020-1267%% No No Less Likely Less Likely Important 4.9 4.4
Microsoft Defender Elevation of Privilege Vulnerability
%%cve:2020-1461%% No No Less Likely Less Likely Important 7.8 7.0
Microsoft Edge PDF Information Disclosure Vulnerability
%%cve:2020-1433%% No No Less Likely Less Likely Important 4.3 3.9
Microsoft Excel Remote Code Execution Vulnerability
%%cve:2020-1240%% No No Less Likely Less Likely Important    
Microsoft Graphics Component Information Disclosure Vulnerability
%%cve:2020-1351%% No No Less Likely Less Likely Important 5.5 5.0
Microsoft Graphics Components Remote Code Execution Vulnerability
%%cve:2020-1412%% No No Less Likely Less Likely Important 7.5 6.7
Microsoft Graphics Remote Code Execution Vulnerability
%%cve:2020-1408%% No No Less Likely Less Likely Important 8.8 7.9
Microsoft Guidance for Enabling Request Smuggling Filter on IIS Servers
ADV200008 No No Less Likely Less Likely Important    
Microsoft Office Elevation of Privilege Vulnerability
%%cve:2020-1025%% No No Less Likely Less Likely Critical    
Microsoft Office Information Disclosure Vulnerability
%%cve:2020-1342%% No No Less Likely Less Likely Important    
%%cve:2020-1445%% No No Less Likely Less Likely Important    
Microsoft Office Remote Code Execution Vulnerability
%%cve:2020-1458%% No No Less Likely Less Likely Important    
Microsoft Office SharePoint XSS Vulnerability
%%cve:2020-1456%% No No Less Likely Less Likely Important    
%%cve:2020-1450%% No No Less Likely Less Likely Important    
%%cve:2020-1451%% No No Less Likely Less Likely Important    
Microsoft OneDrive Elevation of Privilege Vulnerability
%%cve:2020-1465%% No No Less Likely Less Likely Important    
Microsoft Outlook Remote Code Execution Vulnerability
%%cve:2020-1349%% No No Less Likely Less Likely Critical    
Microsoft Project Remote Code Execution Vulnerability
%%cve:2020-1449%% No No Less Likely Less Likely Important    
Microsoft SharePoint Reflective XSS Vulnerability
%%cve:2020-1454%% No No Less Likely Less Likely Important    
Microsoft SharePoint Remote Code Execution Vulnerability
%%cve:2020-1444%% No No Less Likely Less Likely Important    
Microsoft SharePoint Spoofing Vulnerability
%%cve:2020-1443%% No No Less Likely Less Likely Important    
Microsoft Word Remote Code Execution Vulnerability
%%cve:2020-1446%% No No Less Likely Less Likely Important    
%%cve:2020-1447%% No No Less Likely Less Likely Important    
%%cve:2020-1448%% No No Less Likely Less Likely Important    
Office Web Apps XSS Vulnerability
%%cve:2020-1442%% No No Less Likely Less Likely Important    
PerformancePoint Services Remote Code Execution Vulnerability
%%cve:2020-1439%% No No Less Likely Less Likely Critical    
Remote Desktop Client Remote Code Execution Vulnerability
%%cve:2020-1374%% No No More Likely More Likely Critical 7.5 6.7
Skype for Business via Internet Explorer Information Disclosure Vulnerability
%%cve:2020-1432%% No No Less Likely Less Likely Important 2.4 2.2
Skype for Business via Microsoft Edge (EdgeHTML-based) Information Disclosure Vulnerability
%%cve:2020-1462%% No No Less Likely Less Likely Important 4.3 3.9
VBScript Remote Code Execution Vulnerability
%%cve:2020-1403%% No No More Likely More Likely Critical 6.4 5.8
Visual Studio Code ESLint Extention Remote Code Execution Vulnerability
%%cve:2020-1481%% No No Less Likely Less Likely Important    
Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability
%%cve:2020-1416%% No No Less Likely Less Likely Important    
Windows ALPC Elevation of Privilege Vulnerability
%%cve:2020-1396%% No No Less Likely Less Likely Important 7.8 7.0
Windows ActiveX Installer Service Elevation of Privilege Vulnerability
%%cve:2020-1402%% No No Less Likely Less Likely Important 7.8 7.0
Windows Address Book Remote Code Execution Vulnerability
%%cve:2020-1410%% No No Less Likely Less Likely Critical 7.8 7.0
Windows Agent Activation Runtime Information Disclosure Vulnerability
%%cve:2020-1391%% No No Less Likely Less Likely Important 5.5 5.0
Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
%%cve:2020-1431%% No No Less Likely Less Likely Important 7.1 6.4
Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
%%cve:2020-1359%% No No Less Likely Less Likely Important 7.8 7.0
%%cve:2020-1384%% No No Less Likely Less Likely Important 7.0 6.3
Windows COM Server Elevation of Privilege Vulnerability
%%cve:2020-1375%% No No Less Likely Less Likely Important 7.8 7.0
Windows Credential Enrollment Manager Service Elevation of Privilege Vulnerability
%%cve:2020-1368%% No No Less Likely Less Likely Important 7.8 7.0
Windows Credential Picker Elevation of Privilege Vulnerability
%%cve:2020-1385%% No No Less Likely Less Likely Important 4.5 4.1
Windows DNS Server Remote Code Execution Vulnerability
%%cve:2020-1350%% No No More Likely More Likely Critical 10.0 9.0
Windows Diagnostics Hub Elevation of Privilege Vulnerability
%%cve:2020-1418%% No No Less Likely Less Likely Important 7.8 7.0
%%cve:2020-1393%% No No Less Likely Less Likely Important 7.8 7.0
Windows Elevation of Privilege Vulnerability
%%cve:2020-1388%% No No Less Likely Less Likely Important 7.0 6.3
%%cve:2020-1392%% No No Less Likely Less Likely Important 7.8 7.0
%%cve:2020-1394%% No No Less Likely Less Likely Important 7.8 7.0
%%cve:2020-1395%% No No Less Likely Less Likely Important 7.8 7.0
Windows Error Reporting Information Disclosure Vulnerability
%%cve:2020-1420%% No No Less Likely Less Likely Important 5.5 5.0
Windows Error Reporting Manager Elevation of Privilege Vulnerability
%%cve:2020-1429%% No No Less Likely Less Likely Important 7.0 6.3
Windows Event Logging Service Elevation of Privilege Vulnerability
%%cve:2020-1365%% No No Less Likely Less Likely Important 7.8 7.0
%%cve:2020-1371%% No No Less Likely Less Likely Important 7.8 7.0
Windows Font Driver Host Remote Code Execution Vulnerability
%%cve:2020-1355%% No No Less Likely Less Likely Important 7.8 7.0
Windows Font Library Remote Code Execution Vulnerability
%%cve:2020-1436%% No No Less Likely Less Likely Critical 8.8 7.9
Windows Function Discovery Service Elevation of Privilege Vulnerability
%%cve:2020-1085%% No No Less Likely Less Likely Important 7.8 7.0
Windows GDI Information Disclosure Vulnerability
%%cve:2020-1468%% No No Less Likely Less Likely Important 5.5 5.0
Windows Graphics Component Elevation of Privilege Vulnerability
%%cve:2020-1381%% No No More Likely More Likely Important 7.8 7.0
%%cve:2020-1382%% No No More Likely More Likely Important 7.8 7.0
Windows Imaging Component Information Disclosure Vulnerability
%%cve:2020-1397%% No No Less Likely Less Likely Important 4.3 3.9
Windows Kernel Elevation of Privilege Vulnerability
%%cve:2020-1336%% No No Less Likely Less Likely Important 7.8 7.0
%%cve:2020-1411%% No No Less Likely Less Likely Important 7.8 7.0
Windows Kernel Information Disclosure Vulnerability
%%cve:2020-1419%% No No Less Likely Less Likely Important 5.5 5.0
%%cve:2020-1367%% No No Less Likely Less Likely Important 5.5 5.0
%%cve:2020-1389%% No No Less Likely Less Likely Important 5.5 5.0
%%cve:2020-1426%% No No More Likely More Likely Important 5.5 5.0
Windows Lockscreen Elevation of Privilege Vulnerability
%%cve:2020-1398%% No No Less Likely Less Likely Important 6.8 6.1
Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability
%%cve:2020-1372%% No No Less Likely Less Likely Important 7.8 7.0
%%cve:2020-1405%% No No Less Likely Less Likely Important 7.1 6.4
Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability
%%cve:2020-1330%% No No Less Likely Less Likely Important 5.5 5.0
Windows Modules Installer Elevation of Privilege Vulnerability
%%cve:2020-1346%% No No Less Likely Less Likely Important 7.8 7.0
Windows Network Connections Service Elevation of Privilege Vulnerability
%%cve:2020-1373%% No No Less Likely Less Likely Important 7.8 7.0
%%cve:2020-1390%% No No Less Likely Less Likely Important 7.8 7.0
%%cve:2020-1427%% No No Less Likely Less Likely Important 7.0 6.3
%%cve:2020-1428%% No No Less Likely Less Likely Important 7.0 6.3
%%cve:2020-1438%% No No Less Likely Less Likely Important 7.0 6.3
Windows Network List Service Elevation of Privilege Vulnerability
%%cve:2020-1406%% No No Less Likely Less Likely Important 7.0 6.3
Windows Network Location Awareness Service Elevation of Privilege Vulnerability
%%cve:2020-1437%% No No Less Likely Less Likely Important 7.0 6.3
Windows Picker Platform Elevation of Privilege Vulnerability
%%cve:2020-1363%% No No Less Likely Less Likely Important 7.8 7.0
Windows Print Workflow Service Elevation of Privilege Vulnerability
%%cve:2020-1366%% No No Less Likely Less Likely Important 7.0 6.3
Windows Profile Service Elevation of Privilege Vulnerability
%%cve:2020-1360%% No No Less Likely Less Likely Important 7.8 7.0
Windows Push Notification Service Elevation of Privilege Vulnerability
%%cve:2020-1387%% No No Less Likely Less Likely Important 7.0 6.3
Windows Resource Policy Information Disclosure Vulnerability
%%cve:2020-1358%% No No Less Likely Less Likely Important 5.5 5.0
Windows Runtime Elevation of Privilege Vulnerability
%%cve:2020-1422%% No No Less Likely Less Likely Important 7.8 7.0
%%cve:2020-1353%% No No Less Likely Less Likely Important 7.8 7.0
%%cve:2020-1370%% No No Less Likely Less Likely Important 7.8 7.0
%%cve:2020-1399%% No No More Likely More Likely Important 7.8 7.0
%%cve:2020-1404%% No No Less Likely Less Likely Important 7.8 7.0
%%cve:2020-1413%% No No Less Likely Less Likely Important 7.8 7.0
%%cve:2020-1414%% No No Less Likely Less Likely Important 7.8 7.0
%%cve:2020-1415%% No No Less Likely Less Likely Important 7.8 7.0
%%cve:2020-1249%% No No Less Likely Less Likely Important 7.8 7.0
Windows SharedStream Library Elevation of Privilege Vulnerability
%%cve:2020-1463%% No No Less Likely Less Likely Important 7.8 7.0
Windows Storage Services Elevation of Privilege Vulnerability
%%cve:2020-1347%% No No Less Likely Less Likely Important 7.8 7.0
Windows Subsystem for Linux Elevation of Privilege Vulnerability
%%cve:2020-1423%% No No Less Likely Less Likely Important 7.8 7.0
Windows Sync Host Service Elevation of Privilege Vulnerability
%%cve:2020-1434%% No No Less Likely Less Likely Important 4.5 4.1
Windows System Events Broker Elevation of Privilege Vulnerability
%%cve:2020-1357%% No No Less Likely Less Likely Important 7.8 7.0
Windows UPnP Device Host Elevation of Privilege Vulnerability
%%cve:2020-1354%% No No Less Likely Less Likely Important 7.8 7.0
%%cve:2020-1430%% No No Less Likely Less Likely Important 7.8 7.0
Windows USO Core Worker Elevation of Privilege Vulnerability
%%cve:2020-1352%% No No Less Likely Less Likely Important 7.8 7.0
Windows Update Stack Elevation of Privilege Vulnerability
%%cve:2020-1424%% No No Less Likely Less Likely Important 7.8 7.0
Windows WalletService Denial of Service Vulnerability
%%cve:2020-1364%% No No Less Likely Less Likely Important 7.1 6.4
Windows WalletService Elevation of Privilege Vulnerability
%%cve:2020-1344%% No No Less Likely Less Likely Important 7.8 7.0
%%cve:2020-1362%% No No Less Likely Less Likely Important 7.8 7.0
%%cve:2020-1369%% No No Less Likely Less Likely Important 7.8 7.0
Windows WalletService Information Disclosure Vulnerability
%%cve:2020-1361%% No No Less Likely Less Likely Important 5.5 5.0
Windows iSCSI Target Service Elevation of Privilege Vulnerability
%%cve:2020-1356%% No No Less Likely Less Likely Important 7.8 7.0


Renato Marinho
Morphus Labs| LinkedIn|Twitter

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Reposted from SANS. View original.

Posted in: SANS

Leave a Comment (0) ↓