Microsoft October 2020 Patch Tuesday
This month we got patches for 87 vulnerabilities. Of these, 12 are critical, 6 were previously disclosed and none of them are being exploited according to Microsoft.
Amongst critical vulnerabilities, there is a CVSSv3 9.8 remote code execution in Windows TCP/IP stack (CVE-2020-16898) due to the way it improperly handles ICMPv6 Router Advertisement packets. To exploit this vulnerability, an attacker would have to send specially crafted ICMPv6 Router Advertisement packets to a remote Windows host (client or server). Several Windows 10 versions, Windows Server (core installation), and Windows Server 2019 are affected by this vulnerability. There is a workaround for Windows 1709 and above that consists in disabling ICMPV6 RDNSS. For more details, check the vulnerability advisory at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16898
There is also a remote code execution in Windows Graphics Device Interface (GDI+) (CVE-2020-16911). An attacker could exploit this vulnerability by convincing users to view a specially crafted website or sending them an e-mail attachment with a malicious attachment. The CVSS v3 score for this vulnerability is 8.8.
A third vulnerability worth mentioning is an elevation of privilege affecting Windows Hyper-V (CVE-2020-1080). If successfully exploited, this vulnerability could give an attacker elevated privileges on the target system. The CVSSv3 for this vulnerability is 8.8 as well.
See Renato's dashboard for a more detailed breakout: https://patchtuesdaydashboard.com
Description | |||||||
---|---|---|---|---|---|---|---|
CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) |
.NET Framework Information Disclosure Vulnerability | |||||||
CVE-2020-16937 | Yes | No | Less Likely | Less Likely | Important | 4.7 | 4.2 |
Azure Functions Elevation of Privilege Vulnerability | |||||||
CVE-2020-16904 | No | No | Less Likely | Less Likely | Important | 5.3 | 4.8 |
Base3D Remote Code Execution Vulnerability | |||||||
CVE-2020-16918 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-17003 | No | No | Less Likely | Less Likely | Critical | 7.8 | 7.0 |
Dynamics 365 Commerce Elevation of Privilege Vulnerability | |||||||
CVE-2020-16943 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
GDI+ Remote Code Execution Vulnerability | |||||||
CVE-2020-16911 | No | No | Less Likely | Less Likely | Critical | 8.8 | 7.9 |
Group Policy Elevation of Privilege Vulnerability | |||||||
CVE-2020-16939 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Jet Database Engine Remote Code Execution Vulnerability | |||||||
CVE-2020-16924 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Media Foundation Memory Corruption Vulnerability | |||||||
CVE-2020-16915 | No | No | Less Likely | Less Likely | Critical | 7.8 | 7.0 |
Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability | |||||||
CVE-2020-16956 | No | No | Less Likely | Less Likely | Important | 5.4 | 4.9 |
CVE-2020-16978 | No | No | Less Likely | Less Likely | Important | 5.4 | 4.9 |
Microsoft Excel Remote Code Execution Vulnerability | |||||||
CVE-2020-16929 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-16930 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-16931 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-16932 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Microsoft Exchange Information Disclosure Vulnerability | |||||||
CVE-2020-16969 | No | No | Less Likely | Less Likely | Important | 7.1 | 6.4 |
Microsoft Graphics Components Remote Code Execution Vulnerability | |||||||
CVE-2020-16923 | No | No | Less Likely | Less Likely | Critical | 7.8 | 7.0 |
CVE-2020-1167 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | |||||||
CVE-2020-16957 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Microsoft Office Click-to-Run Elevation of Privilege Vulnerability | |||||||
CVE-2020-16928 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-16934 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.3 |
CVE-2020-16955 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Microsoft Office Remote Code Execution Vulnerability | |||||||
CVE-2020-16954 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Microsoft Office SharePoint XSS Vulnerability | |||||||
CVE-2020-16945 | No | No | Less Likely | Less Likely | Important | 8.7 | 7.8 |
CVE-2020-16946 | No | No | Less Likely | Less Likely | Important | 8.7 | 7.8 |
Microsoft Outlook Denial of Service Vulnerability | |||||||
CVE-2020-16949 | No | No | Less Likely | Less Likely | Moderate | 4.7 | 4.2 |
Microsoft Outlook Remote Code Execution Vulnerability | |||||||
CVE-2020-16947 | No | No | Less Likely | Less Likely | Critical | 8.1 | 7.3 |
Microsoft SharePoint Information Disclosure Vulnerability | |||||||
CVE-2020-16941 | No | No | Less Likely | Less Likely | Important | 4.1 | 3.7 |
CVE-2020-16942 | No | No | Less Likely | Less Likely | Important | 4.1 | 3.7 |
CVE-2020-16948 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
CVE-2020-16953 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
CVE-2020-16950 | No | No | Less Likely | Less Likely | Important | 5.0 | 4.5 |
Microsoft SharePoint Reflective XSS Vulnerability | |||||||
CVE-2020-16944 | No | No | Less Likely | Less Likely | Important | 8.7 | 7.8 |
Microsoft SharePoint Remote Code Execution Vulnerability | |||||||
CVE-2020-16951 | No | No | Less Likely | Less Likely | Critical | 8.6 | 7.7 |
CVE-2020-16952 | No | No | Less Likely | Less Likely | Critical | 8.6 | 7.7 |
Microsoft Word Security Feature Bypass Vulnerability | |||||||
CVE-2020-16933 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.3 |
NetBT Information Disclosure Vulnerability | |||||||
CVE-2020-16897 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
Network Watcher Agent Virtual Machine Extension for Linux Elevation of Privilege Vulnerability | |||||||
CVE-2020-16995 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
October 2020 Adobe Flash Security Update | |||||||
ADV200012 | No | No | Less Likely | Less Likely | Critical | ||
PowerShellGet Module WDAC Security Feature Bypass Vulnerability | |||||||
CVE-2020-16886 | No | No | Less Likely | Less Likely | Important | 5.3 | 4.8 |
Visual Studio Code Python Extension Remote Code Execution Vulnerability | |||||||
CVE-2020-16977 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.3 |
Win32k Elevation of Privilege Vulnerability | |||||||
CVE-2020-16907 | No | No | More Likely | More Likely | Important | 7.8 | 7.0 |
CVE-2020-16913 | No | No | More Likely | More Likely | Important | 7.8 | 7.0 |
Windows - User Profile Service Elevation of Privilege Vulnerability | |||||||
CVE-2020-16940 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Application Compatibility Client Library Elevation of Privilege Vulnerability | |||||||
CVE-2020-16876 | No | No | Less Likely | Less Likely | Important | 7.1 | 6.4 |
CVE-2020-16920 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Backup Service Elevation of Privilege Vulnerability | |||||||
CVE-2020-16976 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-16912 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-16936 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-16972 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-16973 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-16974 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-16975 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows COM Server Elevation of Privilege Vulnerability | |||||||
CVE-2020-16935 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-16916 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Camera Codec Pack Remote Code Execution Vulnerability | |||||||
CVE-2020-16967 | No | No | Less Likely | Less Likely | Critical | 7.8 | 7.0 |
CVE-2020-16968 | No | No | Less Likely | Less Likely | Critical | 7.8 | 7.0 |
Windows Elevation of Privilege Vulnerability | |||||||
CVE-2020-16877 | No | No | Less Likely | Less Likely | Important | 7.1 | 6.4 |
Windows Enterprise App Management Service Information Disclosure Vulnerability | |||||||
CVE-2020-16919 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
Windows Error Reporting Elevation of Privilege Vulnerability | |||||||
CVE-2020-16905 | No | No | Less Likely | Less Likely | Important | 6.8 | 6.1 |
CVE-2020-16909 | Yes | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Error Reporting Manager Elevation of Privilege Vulnerability | |||||||
CVE-2020-16895 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Event System Elevation of Privilege Vulnerability | |||||||
CVE-2020-16900 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.3 |
Windows GDI+ Information Disclosure Vulnerability | |||||||
CVE-2020-16914 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
Windows Hyper-V Denial of Service Vulnerability | |||||||
CVE-2020-1243 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Hyper-V Elevation of Privilege Vulnerability | |||||||
CVE-2020-1047 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1080 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.9 |
Windows Hyper-V Remote Code Execution Vulnerability | |||||||
CVE-2020-16891 | No | No | Less Likely | Less Likely | Critical | 8.8 | 7.9 |
Windows Image Elevation of Privilege Vulnerability | |||||||
CVE-2020-16892 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Installer Elevation of Privilege Vulnerability | |||||||
CVE-2020-16902 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Kernel Elevation of Privilege Vulnerability | |||||||
CVE-2020-16890 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Kernel Information Disclosure Vulnerability | |||||||
CVE-2020-16938 | Yes | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
CVE-2020-16901 | Yes | No | Less Likely | Less Likely | Important | 5.0 | 4.5 |
Windows KernelStream Information Disclosure Vulnerability | |||||||
CVE-2020-16889 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
Windows NAT Remote Code Execution Vulnerability | |||||||
CVE-2020-16894 | No | No | Less Likely | Less Likely | Important | 7.7 | 6.9 |
Windows Network Connections Service Elevation of Privilege Vulnerability | |||||||
CVE-2020-16887 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability | |||||||
CVE-2020-16927 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.7 |
Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | |||||||
CVE-2020-16896 | No | No | More Likely | More Likely | Important | 7.5 | 6.7 |
Windows Remote Desktop Service Denial of Service Vulnerability | |||||||
CVE-2020-16863 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.7 |
Windows Security Feature Bypass Vulnerability | |||||||
CVE-2020-16910 | No | No | Less Likely | Less Likely | Important | 6.2 | 5.6 |
Windows Setup Elevation of Privilege Vulnerability | |||||||
CVE-2020-16908 | Yes | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Spoofing Vulnerability | |||||||
CVE-2020-16922 | No | No | More Likely | More Likely | Important | 5.3 | 4.8 |
Windows Storage Services Elevation of Privilege Vulnerability | |||||||
CVE-2020-0764 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Storage VSP Driver Elevation of Privilege Vulnerability | |||||||
CVE-2020-16885 | Yes | No | Less Likely | Less Likely | Important | 7.8 | 7.2 |
Windows TCP/IP Denial of Service Vulnerability | |||||||
CVE-2020-16899 | No | No | More Likely | More Likely | Important | 7.5 | 6.7 |
Windows TCP/IP Remote Code Execution Vulnerability | |||||||
CVE-2020-16898 | No | No | More Likely | More Likely | Critical | 9.8 | 8.8 |
Windows Text Services Framework Information Disclosure Vulnerability | |||||||
CVE-2020-16921 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
Windows iSCSI Target Service Elevation of Privilege Vulnerability | |||||||
CVE-2020-16980 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
--
Renato Marinho
Morphus Labs| LinkedIn|Twitter
Comments