Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Microsoft October 2020 Patch Tuesday SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft October 2020 Patch Tuesday

This month we got patches for 87 vulnerabilities. Of these, 12 are critical, 6 were previously disclosed and none of them are being exploited according to Microsoft.

Amongst critical vulnerabilities, there is a CVSSv3 9.8 remote code execution in Windows TCP/IP stack (CVE-2020-16898) due to the way it improperly handles ICMPv6 Router Advertisement packets. To exploit this vulnerability, an attacker would have to send specially crafted ICMPv6 Router Advertisement packets to a remote Windows host (client or server). Several Windows 10 versions, Windows Server (core installation), and Windows Server 2019 are affected by this vulnerability. There is a workaround for Windows 1709 and above that consists in disabling ICMPV6 RDNSS. For more details, check the vulnerability advisory at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16898

There is also a remote code execution in Windows Graphics Device Interface (GDI+) (CVE-2020-16911). An attacker could exploit this vulnerability by convincing users to view a specially crafted website or sending them an e-mail attachment with a malicious attachment. The CVSS v3 score for this vulnerability is 8.8.

A third vulnerability worth mentioning is an elevation of privilege affecting Windows Hyper-V (CVE-2020-1080). If successfully exploited, this vulnerability could give an attacker elevated privileges on the target system. The CVSSv3 for this vulnerability is 8.8 as well.

See Renato's dashboard for a more detailed breakout: https://patchtuesdaydashboard.com

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
.NET Framework Information Disclosure Vulnerability
CVE-2020-16937 Yes No Less Likely Less Likely Important 4.7 4.2
Azure Functions Elevation of Privilege Vulnerability
CVE-2020-16904 No No Less Likely Less Likely Important 5.3 4.8
Base3D Remote Code Execution Vulnerability
CVE-2020-16918 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-17003 No No Less Likely Less Likely Critical 7.8 7.0
Dynamics 365 Commerce Elevation of Privilege Vulnerability
CVE-2020-16943 No No Less Likely Less Likely Important 6.5 5.9
GDI+ Remote Code Execution Vulnerability
CVE-2020-16911 No No Less Likely Less Likely Critical 8.8 7.9
Group Policy Elevation of Privilege Vulnerability
CVE-2020-16939 No No Less Likely Less Likely Important 7.8 7.0
Jet Database Engine Remote Code Execution Vulnerability
CVE-2020-16924 No No Less Likely Less Likely Important 7.8 7.0
Media Foundation Memory Corruption Vulnerability
CVE-2020-16915 No No Less Likely Less Likely Critical 7.8 7.0
Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
CVE-2020-16956 No No Less Likely Less Likely Important 5.4 4.9
CVE-2020-16978 No No Less Likely Less Likely Important 5.4 4.9
Microsoft Excel Remote Code Execution Vulnerability
CVE-2020-16929 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-16930 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-16931 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-16932 No No Less Likely Less Likely Important 7.8 7.0
Microsoft Exchange Information Disclosure Vulnerability
CVE-2020-16969 No No Less Likely Less Likely Important 7.1 6.4
Microsoft Graphics Components Remote Code Execution Vulnerability
CVE-2020-16923 No No Less Likely Less Likely Critical 7.8 7.0
CVE-2020-1167 No No Less Likely Less Likely Important 7.8 7.0
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
CVE-2020-16957 No No Less Likely Less Likely Important 7.8 7.0
Microsoft Office Click-to-Run Elevation of Privilege Vulnerability
CVE-2020-16928 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-16934 No No Less Likely Less Likely Important 7.0 6.3
CVE-2020-16955 No No Less Likely Less Likely Important 7.8 7.0
Microsoft Office Remote Code Execution Vulnerability
CVE-2020-16954 No No Less Likely Less Likely Important 7.8 7.0
Microsoft Office SharePoint XSS Vulnerability
CVE-2020-16945 No No Less Likely Less Likely Important 8.7 7.8
CVE-2020-16946 No No Less Likely Less Likely Important 8.7 7.8
Microsoft Outlook Denial of Service Vulnerability
CVE-2020-16949 No No Less Likely Less Likely Moderate 4.7 4.2
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2020-16947 No No Less Likely Less Likely Critical 8.1 7.3
Microsoft SharePoint Information Disclosure Vulnerability
CVE-2020-16941 No No Less Likely Less Likely Important 4.1 3.7
CVE-2020-16942 No No Less Likely Less Likely Important 4.1 3.7
CVE-2020-16948 No No Less Likely Less Likely Important 6.5 5.9
CVE-2020-16953 No No Less Likely Less Likely Important 6.5 5.9
CVE-2020-16950 No No Less Likely Less Likely Important 5.0 4.5
Microsoft SharePoint Reflective XSS Vulnerability
CVE-2020-16944 No No Less Likely Less Likely Important 8.7 7.8
Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2020-16951 No No Less Likely Less Likely Critical 8.6 7.7
CVE-2020-16952 No No Less Likely Less Likely Critical 8.6 7.7
Microsoft Word Security Feature Bypass Vulnerability
CVE-2020-16933 No No Less Likely Less Likely Important 7.0 6.3
NetBT Information Disclosure Vulnerability
CVE-2020-16897 No No Less Likely Less Likely Important 5.5 5.0
Network Watcher Agent Virtual Machine Extension for Linux Elevation of Privilege Vulnerability
CVE-2020-16995 No No Less Likely Less Likely Important 7.8 7.0
October 2020 Adobe Flash Security Update
ADV200012 No No Less Likely Less Likely Critical    
PowerShellGet Module WDAC Security Feature Bypass Vulnerability
CVE-2020-16886 No No Less Likely Less Likely Important 5.3 4.8
Visual Studio Code Python Extension Remote Code Execution Vulnerability
CVE-2020-16977 No No Less Likely Less Likely Important 7.0 6.3
Win32k Elevation of Privilege Vulnerability
CVE-2020-16907 No No More Likely More Likely Important 7.8 7.0
CVE-2020-16913 No No More Likely More Likely Important 7.8 7.0
Windows - User Profile Service Elevation of Privilege Vulnerability
CVE-2020-16940 No No Less Likely Less Likely Important 7.8 7.0
Windows Application Compatibility Client Library Elevation of Privilege Vulnerability
CVE-2020-16876 No No Less Likely Less Likely Important 7.1 6.4
CVE-2020-16920 No No Less Likely Less Likely Important 7.8 7.0
Windows Backup Service Elevation of Privilege Vulnerability
CVE-2020-16976 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-16912 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-16936 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-16972 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-16973 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-16974 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-16975 No No Less Likely Less Likely Important 7.8 7.0
Windows COM Server Elevation of Privilege Vulnerability
CVE-2020-16935 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-16916 No No Less Likely Less Likely Important 7.8 7.0
Windows Camera Codec Pack Remote Code Execution Vulnerability
CVE-2020-16967 No No Less Likely Less Likely Critical 7.8 7.0
CVE-2020-16968 No No Less Likely Less Likely Critical 7.8 7.0
Windows Elevation of Privilege Vulnerability
CVE-2020-16877 No No Less Likely Less Likely Important 7.1 6.4
Windows Enterprise App Management Service Information Disclosure Vulnerability
CVE-2020-16919 No No Less Likely Less Likely Important 5.5 5.0
Windows Error Reporting Elevation of Privilege Vulnerability
CVE-2020-16905 No No Less Likely Less Likely Important 6.8 6.1
CVE-2020-16909 Yes No Less Likely Less Likely Important 7.8 7.0
Windows Error Reporting Manager Elevation of Privilege Vulnerability
CVE-2020-16895 No No Less Likely Less Likely Important 7.8 7.0
Windows Event System Elevation of Privilege Vulnerability
CVE-2020-16900 No No Less Likely Less Likely Important 7.0 6.3
Windows GDI+ Information Disclosure Vulnerability
CVE-2020-16914 No No Less Likely Less Likely Important 5.5 5.0
Windows Hyper-V Denial of Service Vulnerability
CVE-2020-1243 No No Less Likely Less Likely Important 7.8 7.0
Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2020-1047 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1080 No No Less Likely Less Likely Important 8.8 7.9
Windows Hyper-V Remote Code Execution Vulnerability
CVE-2020-16891 No No Less Likely Less Likely Critical 8.8 7.9
Windows Image Elevation of Privilege Vulnerability
CVE-2020-16892 No No Less Likely Less Likely Important 7.8 7.0
Windows Installer Elevation of Privilege Vulnerability
CVE-2020-16902 No No Less Likely Less Likely Important 7.8 7.0
Windows Kernel Elevation of Privilege Vulnerability
CVE-2020-16890 No No Less Likely Less Likely Important 7.8 7.0
Windows Kernel Information Disclosure Vulnerability
CVE-2020-16938 Yes No Less Likely Less Likely Important 5.5 5.0
CVE-2020-16901 Yes No Less Likely Less Likely Important 5.0 4.5
Windows KernelStream Information Disclosure Vulnerability
CVE-2020-16889 No No Less Likely Less Likely Important 5.5 5.0
Windows NAT Remote Code Execution Vulnerability
CVE-2020-16894 No No Less Likely Less Likely Important 7.7 6.9
Windows Network Connections Service Elevation of Privilege Vulnerability
CVE-2020-16887 No No Less Likely Less Likely Important 7.8 7.0
Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
CVE-2020-16927 No No Less Likely Less Likely Important 7.5 6.7
Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
CVE-2020-16896 No No More Likely More Likely Important 7.5 6.7
Windows Remote Desktop Service Denial of Service Vulnerability
CVE-2020-16863 No No Less Likely Less Likely Important 7.5 6.7
Windows Security Feature Bypass Vulnerability
CVE-2020-16910 No No Less Likely Less Likely Important 6.2 5.6
Windows Setup Elevation of Privilege Vulnerability
CVE-2020-16908 Yes No Less Likely Less Likely Important 7.8 7.0
Windows Spoofing Vulnerability
CVE-2020-16922 No No More Likely More Likely Important 5.3 4.8
Windows Storage Services Elevation of Privilege Vulnerability
CVE-2020-0764 No No Less Likely Less Likely Important 7.8 7.0
Windows Storage VSP Driver Elevation of Privilege Vulnerability
CVE-2020-16885 Yes No Less Likely Less Likely Important 7.8 7.2
Windows TCP/IP Denial of Service Vulnerability
CVE-2020-16899 No No More Likely More Likely Important 7.5 6.7
Windows TCP/IP Remote Code Execution Vulnerability
CVE-2020-16898 No No More Likely More Likely Critical 9.8 8.8
Windows Text Services Framework Information Disclosure Vulnerability
CVE-2020-16921 No No Less Likely Less Likely Important 5.5 5.0
Windows iSCSI Target Service Elevation of Privilege Vulnerability
CVE-2020-16980 No No Less Likely Less Likely Important 7.8 7.0

--
Renato Marinho
Morphus Labs| LinkedIn|Twitter

Renato

58 Posts
ISC Handler
Oct 13th 2020

Sign Up for Free or Log In to start participating in the conversation!