Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Microsoft July 2020 Patch Tuesday - Patch Now!

Published: 2020-07-14
Last Updated: 2020-07-14 17:54:06 UTC
by Renato Marinho (Version: 1)
4 comment(s)

This month we got patches for 123 vulnerabilities. Of these, 17 are critical and 2 were previously disclosed.

Amongst critical vulnerabilities, there is a critical remote code execution (RCE) vulnerability (CVE-2020-1350) affecting Windows DNS Server on multiple Windows Server versions, including 2008, 2012, 2016 and 2019. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account.

The DNS Server vulnerability scores a perfect 10 CVSS and is considered wormable, which means it has the potential to spread via malware vulnerable computers without user interaction. Microsoft advises everyone running DNS servers to apply the security update as soon as possible. For those unable to apply the patch right way, Microsoft recommends the application of a workaround, described on the CVE-2020-1350 vulnerability advisory details. The workarround consists on a registry modification and requires just the service restart - no need to reboot the OS. There is a special guidance for the DNS Server vulnerability including further details about the workaround here: https://support.microsoft.com/en-us/help/4569509/windows-dns-server-remote-code-execution-vulnerability

There is also a critical RCE vulnerability affecting Windows Graphics Device Interface (GDI) (CVE-2020-1435). An attacker could exploit this vulnerability by convincing users to view a specially crafted website or sending them an e-mail attachment with a malicious attachment. The CVSS score for this one is 8.80.

A third RCE worth mentioning in today’s diary affects Hyper-V RemoteFX vGPU (CVE-2020-1036). To exploit this vulnerability, an attacker could run a specially crafted application on a guest operating system, attacking certain third-party video drivers running on the Hyper-V host. This could then cause the host operating system to execute arbitrary code. There is no patch for this vulnerability yet. According to the vulnerability FAQ, If you are running Windows Server 2016 or Windows Server 2019, Microsoft recommends the use of  Discrete Device Assignment (DDA) as opposed to RemoteFX vGPU to enable graphics virtualization. For more details, read: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1036

See Renato's dashboard for a more detailed breakout: https://patchtuesdaydashboard.com

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability
CVE-2020-1147 No No More Likely More Likely Critical    
Azure DevOps Server Cross-site Scripting Vulnerability
CVE-2020-1326 No No Less Likely Less Likely Important    
Bond Denial of Service Vulnerability
CVE-2020-1469 No No Less Likely Less Likely Important    
Connected User Experiences and Telemetry Service Information Disclosure Vulnerability
CVE-2020-1386 No No Less Likely Less Likely Important 5.5 5.0
DirectWrite Remote Code Execution Vulnerability
CVE-2020-1409 No No Less Likely Less Likely Critical 7.8 7.0
GDI+ Remote Code Execution Vulnerability
CVE-2020-1435 No No Less Likely Less Likely Critical 8.8 7.9
Group Policy Services Policy Processing Elevation of Privilege Vulnerability
CVE-2020-1333 No No Less Likely Less Likely Important 6.7 6.0
Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
CVE-2020-1032 No No Less Likely Less Likely Critical 8.0 7.6
CVE-2020-1036 No No Less Likely Less Likely Critical 8.0 7.6
CVE-2020-1040 No No Less Likely Less Likely Critical 8.0 7.6
CVE-2020-1041 No No Less Likely Less Likely Critical 8.0 7.6
CVE-2020-1043 No No Less Likely Less Likely Critical 8.0 7.6
CVE-2020-1042 No No Less Likely Less Likely Critical 8.0 7.6
Jet Database Engine Remote Code Execution Vulnerability
CVE-2020-1400 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1401 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1407 No No Less Likely Less Likely Important 7.8 7.0
LNK Remote Code Execution Vulnerability
CVE-2020-1421 No No Less Likely Less Likely Critical 7.5 6.7
Local Security Authority Subsystem Service Denial of Service Vulnerability
CVE-2020-1267 No No Less Likely Less Likely Important 4.9 4.4
Microsoft Defender Elevation of Privilege Vulnerability
CVE-2020-1461 No No Less Likely Less Likely Important 7.8 7.0
Microsoft Edge PDF Information Disclosure Vulnerability
CVE-2020-1433 No No Less Likely Less Likely Important 4.3 3.9
Microsoft Excel Remote Code Execution Vulnerability
CVE-2020-1240 No No Less Likely Less Likely Important    
Microsoft Graphics Component Information Disclosure Vulnerability
CVE-2020-1351 No No Less Likely Less Likely Important 5.5 5.0
Microsoft Graphics Components Remote Code Execution Vulnerability
CVE-2020-1412 No No Less Likely Less Likely Important 7.5 6.7
Microsoft Graphics Remote Code Execution Vulnerability
CVE-2020-1408 No No Less Likely Less Likely Important 8.8 7.9
Microsoft Guidance for Enabling Request Smuggling Filter on IIS Servers
ADV200008 No No Less Likely Less Likely Important    
Microsoft Office Elevation of Privilege Vulnerability
CVE-2020-1025 No No Less Likely Less Likely Critical    
Microsoft Office Information Disclosure Vulnerability
CVE-2020-1342 No No Less Likely Less Likely Important    
CVE-2020-1445 No No Less Likely Less Likely Important    
Microsoft Office Remote Code Execution Vulnerability
CVE-2020-1458 No No Less Likely Less Likely Important    
Microsoft Office SharePoint XSS Vulnerability
CVE-2020-1456 No No Less Likely Less Likely Important    
CVE-2020-1450 No No Less Likely Less Likely Important    
CVE-2020-1451 No No Less Likely Less Likely Important    
Microsoft OneDrive Elevation of Privilege Vulnerability
CVE-2020-1465 No No Less Likely Less Likely Important    
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2020-1349 No No Less Likely Less Likely Critical    
Microsoft Project Remote Code Execution Vulnerability
CVE-2020-1449 No No Less Likely Less Likely Important    
Microsoft SharePoint Reflective XSS Vulnerability
CVE-2020-1454 No No Less Likely Less Likely Important    
Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2020-1444 No No Less Likely Less Likely Important    
Microsoft SharePoint Spoofing Vulnerability
CVE-2020-1443 No No Less Likely Less Likely Important    
Microsoft Word Remote Code Execution Vulnerability
CVE-2020-1446 No No Less Likely Less Likely Important    
CVE-2020-1447 No No Less Likely Less Likely Important    
CVE-2020-1448 No No Less Likely Less Likely Important    
Office Web Apps XSS Vulnerability
CVE-2020-1442 No No Less Likely Less Likely Important    
PerformancePoint Services Remote Code Execution Vulnerability
CVE-2020-1439 No No Less Likely Less Likely Critical    
Remote Desktop Client Remote Code Execution Vulnerability
CVE-2020-1374 No No More Likely More Likely Critical 7.5 6.7
Skype for Business via Internet Explorer Information Disclosure Vulnerability
CVE-2020-1432 No No Less Likely Less Likely Important 2.4 2.2
Skype for Business via Microsoft Edge (EdgeHTML-based) Information Disclosure Vulnerability
CVE-2020-1462 No No Less Likely Less Likely Important 4.3 3.9
VBScript Remote Code Execution Vulnerability
CVE-2020-1403 No No More Likely More Likely Critical 6.4 5.8
Visual Studio Code ESLint Extention Remote Code Execution Vulnerability
CVE-2020-1481 No No Less Likely Less Likely Important    
Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability
CVE-2020-1416 No No Less Likely Less Likely Important    
Windows ALPC Elevation of Privilege Vulnerability
CVE-2020-1396 No No Less Likely Less Likely Important 7.8 7.0
Windows ActiveX Installer Service Elevation of Privilege Vulnerability
CVE-2020-1402 No No Less Likely Less Likely Important 7.8 7.0
Windows Address Book Remote Code Execution Vulnerability
CVE-2020-1410 No No Less Likely Less Likely Critical 7.8 7.0
Windows Agent Activation Runtime Information Disclosure Vulnerability
CVE-2020-1391 No No Less Likely Less Likely Important 5.5 5.0
Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
CVE-2020-1431 No No Less Likely Less Likely Important 7.1 6.4
Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
CVE-2020-1359 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1384 No No Less Likely Less Likely Important 7.0 6.3
Windows COM Server Elevation of Privilege Vulnerability
CVE-2020-1375 No No Less Likely Less Likely Important 7.8 7.0
Windows Credential Enrollment Manager Service Elevation of Privilege Vulnerability
CVE-2020-1368 No No Less Likely Less Likely Important 7.8 7.0
Windows Credential Picker Elevation of Privilege Vulnerability
CVE-2020-1385 No No Less Likely Less Likely Important 4.5 4.1
Windows DNS Server Remote Code Execution Vulnerability
CVE-2020-1350 No No More Likely More Likely Critical 10.0 9.0
Windows Diagnostics Hub Elevation of Privilege Vulnerability
CVE-2020-1418 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1393 No No Less Likely Less Likely Important 7.8 7.0
Windows Elevation of Privilege Vulnerability
CVE-2020-1388 No No Less Likely Less Likely Important 7.0 6.3
CVE-2020-1392 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1394 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1395 No No Less Likely Less Likely Important 7.8 7.0
Windows Error Reporting Information Disclosure Vulnerability
CVE-2020-1420 No No Less Likely Less Likely Important 5.5 5.0
Windows Error Reporting Manager Elevation of Privilege Vulnerability
CVE-2020-1429 No No Less Likely Less Likely Important 7.0 6.3
Windows Event Logging Service Elevation of Privilege Vulnerability
CVE-2020-1365 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1371 No No Less Likely Less Likely Important 7.8 7.0
Windows Font Driver Host Remote Code Execution Vulnerability
CVE-2020-1355 No No Less Likely Less Likely Important 7.8 7.0
Windows Font Library Remote Code Execution Vulnerability
CVE-2020-1436 No No Less Likely Less Likely Critical 8.8 7.9
Windows Function Discovery Service Elevation of Privilege Vulnerability
CVE-2020-1085 No No Less Likely Less Likely Important 7.8 7.0
Windows GDI Information Disclosure Vulnerability
CVE-2020-1468 No No Less Likely Less Likely Important 5.5 5.0
Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2020-1381 No No More Likely More Likely Important 7.8 7.0
CVE-2020-1382 No No More Likely More Likely Important 7.8 7.0
Windows Imaging Component Information Disclosure Vulnerability
CVE-2020-1397 No No Less Likely Less Likely Important 4.3 3.9
Windows Kernel Elevation of Privilege Vulnerability
CVE-2020-1336 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1411 No No Less Likely Less Likely Important 7.8 7.0
Windows Kernel Information Disclosure Vulnerability
CVE-2020-1419 No No Less Likely Less Likely Important 5.5 5.0
CVE-2020-1367 No No Less Likely Less Likely Important 5.5 5.0
CVE-2020-1389 No No Less Likely Less Likely Important 5.5 5.0
CVE-2020-1426 No No More Likely More Likely Important 5.5 5.0
Windows Lockscreen Elevation of Privilege Vulnerability
CVE-2020-1398 No No Less Likely Less Likely Important 6.8 6.1
Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability
CVE-2020-1372 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1405 No No Less Likely Less Likely Important 7.1 6.4
Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability
CVE-2020-1330 No No Less Likely Less Likely Important 5.5 5.0
Windows Modules Installer Elevation of Privilege Vulnerability
CVE-2020-1346 No No Less Likely Less Likely Important 7.8 7.0
Windows Network Connections Service Elevation of Privilege Vulnerability
CVE-2020-1373 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1390 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1427 No No Less Likely Less Likely Important 7.0 6.3
CVE-2020-1428 No No Less Likely Less Likely Important 7.0 6.3
CVE-2020-1438 No No Less Likely Less Likely Important 7.0 6.3
Windows Network List Service Elevation of Privilege Vulnerability
CVE-2020-1406 No No Less Likely Less Likely Important 7.0 6.3
Windows Network Location Awareness Service Elevation of Privilege Vulnerability
CVE-2020-1437 No No Less Likely Less Likely Important 7.0 6.3
Windows Picker Platform Elevation of Privilege Vulnerability
CVE-2020-1363 No No Less Likely Less Likely Important 7.8 7.0
Windows Print Workflow Service Elevation of Privilege Vulnerability
CVE-2020-1366 No No Less Likely Less Likely Important 7.0 6.3
Windows Profile Service Elevation of Privilege Vulnerability
CVE-2020-1360 No No Less Likely Less Likely Important 7.8 7.0
Windows Push Notification Service Elevation of Privilege Vulnerability
CVE-2020-1387 No No Less Likely Less Likely Important 7.0 6.3
Windows Resource Policy Information Disclosure Vulnerability
CVE-2020-1358 No No Less Likely Less Likely Important 5.5 5.0
Windows Runtime Elevation of Privilege Vulnerability
CVE-2020-1422 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1353 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1370 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1399 No No More Likely More Likely Important 7.8 7.0
CVE-2020-1404 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1413 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1414 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1415 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1249 No No Less Likely Less Likely Important 7.8 7.0
Windows SharedStream Library Elevation of Privilege Vulnerability
CVE-2020-1463 No No Less Likely Less Likely Important 7.8 7.0
Windows Storage Services Elevation of Privilege Vulnerability
CVE-2020-1347 No No Less Likely Less Likely Important 7.8 7.0
Windows Subsystem for Linux Elevation of Privilege Vulnerability
CVE-2020-1423 No No Less Likely Less Likely Important 7.8 7.0
Windows Sync Host Service Elevation of Privilege Vulnerability
CVE-2020-1434 No No Less Likely Less Likely Important 4.5 4.1
Windows System Events Broker Elevation of Privilege Vulnerability
CVE-2020-1357 No No Less Likely Less Likely Important 7.8 7.0
Windows UPnP Device Host Elevation of Privilege Vulnerability
CVE-2020-1354 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1430 No No Less Likely Less Likely Important 7.8 7.0
Windows USO Core Worker Elevation of Privilege Vulnerability
CVE-2020-1352 No No Less Likely Less Likely Important 7.8 7.0
Windows Update Stack Elevation of Privilege Vulnerability
CVE-2020-1424 No No Less Likely Less Likely Important 7.8 7.0
Windows WalletService Denial of Service Vulnerability
CVE-2020-1364 No No Less Likely Less Likely Important 7.1 6.4
Windows WalletService Elevation of Privilege Vulnerability
CVE-2020-1344 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1362 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1369 No No Less Likely Less Likely Important 7.8 7.0
Windows WalletService Information Disclosure Vulnerability
CVE-2020-1361 No No Less Likely Less Likely Important 5.5 5.0
Windows iSCSI Target Service Elevation of Privilege Vulnerability
CVE-2020-1356 No No Less Likely Less Likely Important 7.8 7.0

--
Renato Marinho
Morphus Labs| LinkedIn|Twitter

Keywords:
4 comment(s)
Diary Archives