Threat Level: green Handler on Duty: Richard Porter

SANS ISC: December 2020 Microsoft Patch Tuesday: Exchange, Sharepoint, Dynamics and DNS Spoofing SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
December 2020 Microsoft Patch Tuesday: Exchange, Sharepoint, Dynamics and DNS Spoofing

December 2020 Microsoft Patch Tuesday: Exchange, Sharepoint, Dynamics, and DNS SpoofingFor the last Patch Tuesday of the year, Microsoft provided updates fixing 58 vulnerabilities, which is at the low end of what we have seen this year. 9 of the vulnerabilities are rated critical.

The largest CVSS score is 8.8 this month, which was assigned to vulnerabilities affecting Microsoft Dynamics. The 6 vulnerabilities in Microsoft Exchange should also not be ignored. One of the vulnerabilities is an information disclosure problem. But the other 5 vulnerabilities are remote code execution issues. Note that older Exchange vulnerabilities still remain unpatched at some organizations and have been used in attacks this last year. 

Sharepoint remains another regular participant in patch Tuesday with two remote code execution vulnerabilities, one reaching a CVSS score of 8.8.

In addition, Microsoft released an advisory regarding a DNS spoofing vulnerability. This DNS spoofing issue involves fragmentation, but Microsoft is not very specific as to the exact methodology. There have been a few different fragmentation related cache spoofing issues that people have written about in the last few years. The workaround is to avoid fragmentation by reducing the buffer size to 1221 bytes, which should be small enough to not cause fragmentation. As a side effect of the workaround, you may see more TCP port 53 traffic to your DNS servers.

I did not see an advisory regarding Adobe Flash. This would be the last month for an Adobe Flash advisory which will officially be retired at the end of the year.

Patch Tuesday Dashboard: https://patchtuesdaydashboard.com/

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
Azure DevOps Server Spoofing Vulnerability
CVE-2020-17135 No No Less Likely Less Likely Important 6.4 5.6
Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
CVE-2020-17145 No No Less Likely Less Likely Important 5.4 4.7
Azure SDK for C Security Feature Bypass Vulnerability
CVE-2020-17002 No No Less Likely Less Likely Important 7.4 6.4
Azure SDK for Java Security Feature Bypass Vulnerability
CVE-2020-16971 No No Less Likely Less Likely Important 7.4 6.4
Azure Sphere Security Feature Bypass Vulnerability
CVE-2020-17160 No No Less Likely Less Likely Important 7.4 6.4
Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2020-17131 No No Less Likely Less Likely Critical 4.2 3.8
DirectX Graphics Kernel Elevation of Privilege Vulnerability
CVE-2020-17137 No No Less Likely Less Likely Important 7.8 6.8
Dynamics CRM Webclient Cross-site Scripting Vulnerability
CVE-2020-17147 No No Less Likely Less Likely Important 8.7 7.6
Hyper-V Remote Code Execution Vulnerability
CVE-2020-17095 No No Less Likely Less Likely Critical 8.5 7.4
Kerberos Security Feature Bypass Vulnerability
CVE-2020-16996 No No Less Likely Less Likely Important 6.5 5.7
Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
CVE-2020-17152 No No More Likely More Likely Critical 8.8 7.7
CVE-2020-17158 No No More Likely More Likely Critical 8.8 7.7
Microsoft Dynamics Business Central/NAV Information Disclosure
CVE-2020-17133 No No Less Likely Less Likely Important 6.5 5.7
Microsoft Edge for Android Spoofing Vulnerability
CVE-2020-17153 No No Less Likely Less Likely Moderate 4.3 3.9
Microsoft Excel Information Disclosure Vulnerability
CVE-2020-17126 No No Less Likely Less Likely Important 5.5 4.8
Microsoft Excel Remote Code Execution Vulnerability
CVE-2020-17122 No No Less Likely Less Likely Important 7.8 6.8
CVE-2020-17123 No No Less Likely Less Likely Important 7.8 6.8
CVE-2020-17125 No No Less Likely Less Likely Important 7.8 6.8
CVE-2020-17127 No No Less Likely Less Likely Important 7.8 6.8
CVE-2020-17128 No No Less Likely Less Likely Important 7.8 6.8
CVE-2020-17129 No No Less Likely Less Likely Important 7.8 6.8
Microsoft Excel Security Feature Bypass Vulnerability
CVE-2020-17130 No No Less Likely Less Likely Important 6.5 5.7
Microsoft Exchange Information Disclosure Vulnerability
CVE-2020-17143 No No Less Likely Less Likely Important 8.8 7.9
Microsoft Exchange Remote Code Execution Vulnerability
CVE-2020-17117 No No Less Likely Less Likely Critical 6.6 5.9
CVE-2020-17132 No No Less Likely Less Likely Critical 8.4 7.6
CVE-2020-17141 No No Less Likely Less Likely Important 8.4 7.6
CVE-2020-17142 No No Less Likely Less Likely Critical 8.4 7.6
CVE-2020-17144 No No More Likely More Likely Important 8.4 7.6
Microsoft Guidance for Addressing Spoofing Vulnerability in DNS Resolver
ADV200013 No No Less Likely Less Likely Important    
Microsoft Outlook Information Disclosure Vulnerability
CVE-2020-17119 No No Less Likely Less Likely Important 6.5 5.9
Microsoft PowerPoint Remote Code Execution Vulnerability
CVE-2020-17124 No No Less Likely Less Likely Important 7.8 6.8
Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2020-17089 No No Less Likely Less Likely Important 7.1 6.4
Microsoft SharePoint Information Disclosure Vulnerability
CVE-2020-17120 No No Less Likely Less Likely Important 5.3 4.6
Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2020-17118 No No More Likely More Likely Critical 8.1 7.3
CVE-2020-17121 No No More Likely More Likely Critical 8.8 7.7
Microsoft SharePoint Spoofing Vulnerability
CVE-2020-17115 No No Less Likely Less Likely Moderate 8.0 7.0
Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability
CVE-2020-17159 No No Less Likely Less Likely Important 7.8 6.8
Visual Studio Code Remote Code Execution Vulnerability
CVE-2020-17150 No No Less Likely Less Likely Important 7.8 6.8
Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability
CVE-2020-17148 No No Less Likely Less Likely Important 7.8 6.8
Visual Studio Remote Code Execution Vulnerability
CVE-2020-17156 No No Less Likely Less Likely Important 7.8 6.8
Windows Backup Engine Elevation of Privilege Vulnerability
CVE-2020-16958 No No Less Likely Less Likely Important 7.8 6.8
CVE-2020-16959 No No Less Likely Less Likely Important 7.8 6.8
CVE-2020-16960 No No Less Likely Less Likely Important 7.8 6.8
CVE-2020-16961 No No Less Likely Less Likely Important 7.8 6.8
CVE-2020-16962 No No Less Likely Less Likely Important 7.8 6.8
CVE-2020-16963 No No Less Likely Less Likely Important 7.8 6.8
CVE-2020-16964 No No Less Likely Less Likely Important 7.8 6.8
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2020-17103 No No Less Likely Less Likely Important 7.0 6.1
CVE-2020-17134 No No Less Likely Less Likely Important 7.8 6.8
CVE-2020-17136 No No Less Likely Less Likely Important 7.8 6.8
Windows Digital Media Receiver Elevation of Privilege Vulnerability
CVE-2020-17097 No No Less Likely Less Likely Important 3.3 2.9
Windows Error Reporting Information Disclosure Vulnerability
CVE-2020-17094 No No Less Likely Less Likely Important 5.5 4.8
CVE-2020-17138 No No Less Likely Less Likely Important 5.5 4.8
Windows GDI+ Information Disclosure Vulnerability
CVE-2020-17098 No No Less Likely Less Likely Important 5.5 4.8
Windows Lock Screen Security Feature Bypass Vulnerability
CVE-2020-17099 No No Less Likely Less Likely Important 6.8 5.9
Windows NTFS Remote Code Execution Vulnerability
CVE-2020-17096 No No More Likely More Likely Important 7.5 6.5
Windows Network Connections Service Elevation of Privilege Vulnerability
CVE-2020-17092 No No Less Likely Less Likely Important 7.8 6.8
Windows Overlay Filter Security Feature Bypass Vulnerability
CVE-2020-17139 No No Less Likely Less Likely Important 7.8 6.8
Windows SMB Information Disclosure Vulnerability
CVE-2020-17140 No No Less Likely Less Likely Important 8.1 7.1

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|

I will be teaching next: Intrusion Detection In-Depth - SANS Baltimore Spring: Virtual Edition 2021

Johannes

4104 Posts
ISC Handler
Dec 8th 2020

Sign Up for Free or Log In to start participating in the conversation!