Microsoft November 2020 Patch Tuesday

Published: 2020-11-10. Last Updated: 2020-11-10 18:50:26 UTC
by Renato Marinho (Version: 1)
3 comment(s)

This month we got patches for 112 vulnerabilities. Of these, 17 are critical and one was previously disclosed and is already being exploited according to Microsoft.

Amongst critical vulnerabilities, there is a CVSSv3 9.8 remote code execution in Windows Network File System (CVE-2020-17051). There are no details regarding the vulnerable component neither how the vulnerability could be exploited. The vulnerability affects virtually all supported Windows versions and is classified by Microsoft as ‘Exploitation More Likely’ which means that an exploit could be created in such a way that an attacker could consistently exploit this vulnerability.

The exploited and already disclosed one is a Windows Kernel Local Elevation of Privilege vulnerability (CVE-2020-17087). This vulnerability has been chained with Google Chrome CVE-2020-15999 to perform privilege escalation and gain administrator access to a system. More details about this vulnerability can be found at [1].

A third vulnerability worth mentioning here is remote code execution (RCE) in Microsoft Sharepoint (CVE-2020-17061). According to the advisory, it requires no user interaction and is classified as ‘Exploitation More Likely’.

See Renato's dashboard for a more detailed breakout: https://patchtuesdaydashboard.com

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
AV1 Video Extension Remote Code Execution Vulnerability
CVE-2020-17105 No No Less Likely Less Likely Critical 7.8 6.8
Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
CVE-2020-1325 No No Less Likely Less Likely Important 5.4 4.7
Azure Sphere Denial of Service Vulnerability
CVE-2020-16986 No No Less Likely Less Likely Important 6.2 5.4
Azure Sphere Elevation of Privilege Vulnerability
CVE-2020-16981 No No Less Likely Less Likely Important 6.1 5.3
CVE-2020-16988 No No Less Likely Less Likely Critical 6.9 6.0
CVE-2020-16989 No No Less Likely Less Likely Important 5.4 4.7
CVE-2020-16992 No No Less Likely Less Likely Important 7.5 7.5
CVE-2020-16993 No No Less Likely Less Likely Important 5.4 4.7
Azure Sphere Information Disclosure Vulnerability
CVE-2020-16985 No No Less Likely Less Likely Important 6.2 5.4
CVE-2020-16990 No No Less Likely Less Likely Important 6.2 5.4
Azure Sphere Tampering Vulnerability
CVE-2020-16983 No No Less Likely Less Likely Important 5.7 5.0
Azure Sphere Unsigned Code Execution Vulnerability
CVE-2020-16970 No No Less Likely Less Likely Important 8.1 7.1
CVE-2020-16982 No No Less Likely Less Likely Important 6.1 5.3
CVE-2020-16984 No No Less Likely Less Likely Important 6.2 5.4
CVE-2020-16987 No No Less Likely Less Likely Important 6.2 5.4
CVE-2020-16991 No No Less Likely Less Likely Important 6.2 5.4
CVE-2020-16994 No No Less Likely Less Likely Important 6.2 5.4
Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2020-17048 No No Less Likely Less Likely Critical 4.2 3.8
CVE-2020-17054 No No Less Likely Less Likely Important 4.2 3.7
DirectX Elevation of Privilege Vulnerability
CVE-2020-16998 No No More Likely More Likely Important 7.0 6.1
HEIF Image Extensions Remote Code Execution Vulnerability
CVE-2020-17101 No No Less Likely Less Likely Critical 7.8 6.8
HEVC Video Extensions Remote Code Execution Vulnerability
CVE-2020-17106 No No Less Likely Less Likely Critical 7.8 6.8
CVE-2020-17107 No No Less Likely Less Likely Critical 7.8 6.8
CVE-2020-17108 No No Less Likely Less Likely Critical 7.8 6.8
CVE-2020-17109 No No Less Likely Less Likely Critical 7.8 6.8
CVE-2020-17110 No No Less Likely Less Likely Critical 7.8 6.8
Internet Explorer Memory Corruption Vulnerability
CVE-2020-17053 No No More Likely More Likely Critical 7.5 6.7
Kerberos Security Feature Bypass Vulnerability
CVE-2020-17049 No No Less Likely Less Likely Important 6.6 5.8
Microsoft Browser Memory Corruption Vulnerability
CVE-2020-17058 No No Less Likely Less Likely Critical 7.5 6.7
Microsoft Defender for Endpoint Security Feature Bypass Vulnerability
CVE-2020-17090 No No Less Likely Less Likely Important 5.3 4.6
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2020-17005 No No - - Important 5.4 4.7
CVE-2020-17006 No No Less Likely Less Likely Important 5.4 4.7
CVE-2020-17018 No No Less Likely Less Likely Important 5.4 4.7
CVE-2020-17021 No No Less Likely Less Likely Important 5.4 4.7
Microsoft Excel Remote Code Execution Vulnerability
CVE-2020-17019 No No Less Likely Less Likely Important 7.8 6.8
CVE-2020-17064 No No Less Likely Less Likely Important 7.8 6.8
CVE-2020-17065 No No Less Likely Less Likely Important 7.8 6.8
CVE-2020-17066 No No Less Likely Less Likely Important 7.8 6.8
Microsoft Excel Security Feature Bypass Vulnerability
CVE-2020-17067 No No Less Likely Less Likely Important 7.8 6.8
Microsoft Exchange Server Denial of Service Vulnerability
CVE-2020-17085 No No Less Likely Less Likely Important 6.2 5.4
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2020-17083 No No Less Likely Less Likely Important 5.5 4.8
CVE-2020-17084 No No Less Likely Less Likely Important 8.5 7.4
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
CVE-2020-17062 No No Less Likely Less Likely Important 7.8 6.8
Microsoft Office Online Spoofing Vulnerability
CVE-2020-17063 No No Less Likely Less Likely Important 6.8 5.9
Microsoft Raw Image Extension Information Disclosure Vulnerability
CVE-2020-17081 No No Less Likely Less Likely Important 5.5 4.8
Microsoft SharePoint Information Disclosure Vulnerability
CVE-2020-16979 No No Less Likely Less Likely Important 5.3 4.6
CVE-2020-17017 No No Less Likely Less Likely Important 5.3 4.6
Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2020-17061 No No More Likely More Likely Important 8.8 7.7
Microsoft SharePoint Spoofing Vulnerability
CVE-2020-17015 No No Less Likely Less Likely Low 4.3 3.8
CVE-2020-17016 No No Less Likely Less Likely Important 8.0 7.0
CVE-2020-17060 No No Less Likely Less Likely Important 5.4 4.7
Microsoft Teams Remote Code Execution Vulnerability
CVE-2020-17091 No No Less Likely Less Likely Important 7.8 6.8
Microsoft Word Security Feature Bypass Vulnerability
CVE-2020-17020 No No Less Likely Less Likely Important 3.3 2.9
Raw Image Extension Remote Code Execution Vulnerability
CVE-2020-17078 No No Less Likely Less Likely Critical 7.8 6.8
CVE-2020-17079 No No Less Likely Less Likely Critical 7.8 6.8
CVE-2020-17082 No No Less Likely Less Likely Critical 7.8 6.8
CVE-2020-17086 No No Less Likely Less Likely Important 7.8 6.8
Remote Desktop Protocol Client Information Disclosure Vulnerability
CVE-2020-17000 No No Less Likely Less Likely Important 5.5 4.8
Remote Desktop Protocol Server Information Disclosure Vulnerability
CVE-2020-16997 No No Less Likely Less Likely Important 7.7 6.7
Scripting Engine Memory Corruption Vulnerability
CVE-2020-17052 No No More Likely More Likely Critical 7.5 6.7
Visual Studio Code JSHint Extension Remote Code Execution Vulnerability
CVE-2020-17104 No No Less Likely Less Likely Important 7.8 6.8
Visual Studio Tampering Vulnerability
CVE-2020-17100 No No Less Likely Less Likely Important 5.5 4.8
WebP Image Extensions Information Disclosure Vulnerability
CVE-2020-17102 No No Less Likely Less Likely Important 5.5 4.8
Win32k Elevation of Privilege Vulnerability
CVE-2020-17010 No No More Likely More Likely Important 7.8 6.8
CVE-2020-17038 No No More Likely More Likely Important 7.8 6.8
Win32k Information Disclosure Vulnerability
CVE-2020-17013 No No Less Likely Less Likely Important 5.5 4.8
Windows Bind Filter Driver Elevation of Privilege Vulnerability
CVE-2020-17012 No No Less Likely Less Likely Important 7.8 6.8
Windows Camera Codec Information Disclosure Vulnerability
CVE-2020-17113 No No Less Likely Less Likely Important 5.5 5.0
Windows Canonical Display Driver Information Disclosure Vulnerability
CVE-2020-17029 No No Less Likely Less Likely Important 5.5 4.8
Windows Client Side Rendering Print Provider Elevation of Privilege Vulnerability
CVE-2020-17024 No No Less Likely Less Likely Important 7.8 6.8
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2020-17088 No No More Likely More Likely Important 7.8 7.2
Windows Delivery Optimization Information Disclosure Vulnerability
CVE-2020-17071 No No Less Likely Less Likely Important 5.5 4.8
Windows Error Reporting Denial of Service Vulnerability
CVE-2020-17046 No No Less Likely Less Likely Low 5.5 5.0
Windows Error Reporting Elevation of Privilege Vulnerability
CVE-2020-17007 No No Less Likely Less Likely Important 7.0 6.1
Windows Function Discovery SSDP Provider Information Disclosure Vulnerability
CVE-2020-17036 No No Less Likely Less Likely Important 5.5 4.8
Windows GDI+ Remote Code Execution Vulnerability
CVE-2020-17068 No No Less Likely Less Likely Important 7.8 6.8
Windows Graphics Component Information Disclosure Vulnerability
CVE-2020-17004 No No Less Likely Less Likely Important 5.5 4.8
Windows Hyper-V Security Feature Bypass Vulnerability
CVE-2020-17040 No No Less Likely Less Likely Important 6.5 5.7
Windows Kernel Elevation of Privilege Vulnerability
CVE-2020-17035 No No Less Likely Less Likely Important 7.8 6.8
Windows Kernel Local Elevation of Privilege Vulnerability
CVE-2020-17087 Yes Yes Detected Detected Important 7.8 7.2
Windows KernelStream Information Disclosure Vulnerability
CVE-2020-17045 No No Less Likely Less Likely Important 5.5 4.8
Windows MSCTF Server Information Disclosure Vulnerability
CVE-2020-17030 No No Less Likely Less Likely Important 5.5 4.8
Windows NDIS Information Disclosure Vulnerability
CVE-2020-17069 No No Less Likely Less Likely Important 5.5 4.8
Windows Network File System Denial of Service Vulnerability
CVE-2020-17047 No No Less Likely Less Likely Important 7.5 6.7
Windows Network File System Information Disclosure Vulnerability
CVE-2020-17056 No No More Likely More Likely Important 5.5 4.8
Windows Network File System Remote Code Execution Vulnerability
CVE-2020-17051 No No More Likely More Likely Critical 9.8 8.5
Windows Port Class Library Elevation of Privilege Vulnerability
CVE-2020-17011 No No Less Likely Less Likely Important 7.8 6.8
Windows Print Configuration Elevation of Privilege Vulnerability
CVE-2020-17041 No No Less Likely Less Likely Important 7.8 6.8
Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2020-17001 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-17014 No No Less Likely Less Likely Important 7.8 7.0
Windows Print Spooler Remote Code Execution Vulnerability
CVE-2020-17042 No No Less Likely Less Likely Critical 8.8 7.7
Windows Remote Access Elevation of Privilege Vulnerability
CVE-2020-17055 No No Less Likely Less Likely Important 7.8 6.8
CVE-2020-17025 No No Less Likely Less Likely Important 7.8 6.8
CVE-2020-17026 No No Less Likely Less Likely Important 7.8 6.8
CVE-2020-17027 No No Less Likely Less Likely Important 7.8 6.8
CVE-2020-17028 No No Less Likely Less Likely Important 7.8 6.8
CVE-2020-17031 No No Less Likely Less Likely Important 7.8 6.8
CVE-2020-17032 No No Less Likely Less Likely Important 7.8 6.8
CVE-2020-17033 No No Less Likely Less Likely Important 7.8 6.8
CVE-2020-17034 No No Less Likely Less Likely Important 7.8 6.8
CVE-2020-17043 No No Less Likely Less Likely Important 7.8 6.8
CVE-2020-17044 No No Less Likely Less Likely Important 7.8 6.8
Windows Spoofing Vulnerability
CVE-2020-1599 No No Less Likely Less Likely Important 5.5 4.8
Windows USO Core Worker Elevation of Privilege Vulnerability
CVE-2020-17075 No No Less Likely Less Likely Important 7.8 6.8
Windows Update Medic Service Elevation of Privilege Vulnerability
CVE-2020-17070 No No Less Likely Less Likely Important 7.8 6.8
Windows Update Orchestrator Service Elevation of Privilege Vulnerability
CVE-2020-17073 No No Less Likely Less Likely Important 7.8 6.8
CVE-2020-17074 No No Less Likely Less Likely Important 7.8 6.8
CVE-2020-17076 No No Less Likely Less Likely Important 7.8 6.8
Windows Update Stack Elevation of Privilege Vulnerability
CVE-2020-17077 No No Less Likely Less Likely Important 7.8 6.8
Windows WalletService Elevation of Privilege Vulnerability
CVE-2020-17037 No No Less Likely Less Likely Important 7.8 6.8
Windows WalletService Information Disclosure Vulnerability
CVE-2020-16999 No No Less Likely Less Likely Important 5.5 4.8
Windows Win32k Elevation of Privilege Vulnerability
CVE-2020-17057 No No More Likely More Likely Important 7.0 6.1

 

References:
[1] https://attackerkb.com/topics/y8mmBHc710/cve-2020-17087-windows-kernel-local-privilege-escalation-0day?referrer=home

--
Renato Marinho
Morphus Labs| LinkedIn|Twitter

Keywords:
3 comment(s)

Comments

Here is a writeup from McAfee on CVE-2020-17051:
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/cve-2020-17051-remote-kernel-heap-overflow-in-nfsv3-windows-server/

Seems to require the NFS Role to be enabled, and either credentials with write permissions or a share with anonymous write access enabled.

Definitely doesn't seem to be as concerning as the large CVSS score.
Has anyone found out which version of MS-Teams fixes CVE-2020-17091?
I cannot see it on their "improved" page https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17091
Microsoft has a known issue that causes Kerberos authentication problems on enterprise domain controllers after installing security updates released earlier this month to address CVE 2020 17049.

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-kerberos-authentication-issues-in-oob-update/

Diary Archives