Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Microsoft August 2020 Patch Tuesday SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft August 2020 Patch Tuesday

This month we got patches for 120 vulnerabilities total. According to Microsoft, two of them are being exploited (CVE-2020-1380 and CVE-2020-1464), and one was previously disclosed (CVE-2020-1464).

The previously known and already exploited vulnerability (CVE-2020-1464) is a Windows Spoofing Vulnerability, which may cause incorrect signature validation for files. An attacker could exploit this vulnerability to bypass security features and load improperly signed files.

The other exploited vulnerability (CVE-2020-1380) is a remote code execution (RCE) affecting Internet Explorer. It is related to the way the script engine handles objects in memory. An attacker who exploits this vulnerability could gain the same user privileges on the system.

The highest CVSS score this month (8.80) was associated with three vulnerabilities: CVE-2020-1509, CVE-2020-1585, and CVE-2020-1472. The CVE-2020-1509 is an LSASS Elevation of Privilege Vulnerability. An authenticated attacker could exploit this vulnerability by sending a specially crafted authentication request. The CVE-2020-1585 is a Microsoft Windows Codecs Library RCE Vulnerability. An attacker could exploit this vulnerability opening a specially crafted image file and take control of the affected system.

The third CVSS 8.80 (CVE-2020-1472) is a Netlogon Elevation of Privilege Vulnerability and is a little bit trickier to patch. An unauthenticated attacker would be required to use the Netlogon Remote Protocol (MS-NRPC) to connect to a domain controller to obtain domain administrator access. Microsoft is addressing this vulnerability in a two-part phase rollout and requires additional steps in addition to applying the updates. The second phase of the update will be available in February 2021. There is a special guideline on how to manage changes required for this vulnerability at https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc

See Renato's dashboard for a more detailed breakout: https://patchtuesdaydashboard.com

 

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
.NET Framework Remote Code Execution Vulnerability
CVE-2020-1046 No No Less Likely Less Likely Critical    
ASP.NET Core Denial of Service Vulnerability
CVE-2020-1597 No No Less Likely Less Likely Important    
ASP.NET and .NET Elevation of Privilege Vulnerability
CVE-2020-1476 No No Less Likely Less Likely Important    
Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
CVE-2020-1511 No No Less Likely Less Likely Important 7.8 7.0
DirectWrite Information Disclosure Vulnerability
CVE-2020-1577 No No Less Likely Less Likely Important 5.5 5.0
DirectX Elevation of Privilege Vulnerability
CVE-2020-1479 No No Less Likely Less Likely Important 7.0 6.3
Jet Database Engine Remote Code Execution Vulnerability
CVE-2020-1473 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1557 No No Less Likely Less Likely Important    
CVE-2020-1558 No No Less Likely Less Likely Important    
CVE-2020-1564 No No Less Likely Less Likely Important    
Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
CVE-2020-1509 No No Less Likely Less Likely Important 8.8 7.9
MSHTML Engine Remote Code Execution Vulnerability
CVE-2020-1567 No No More Likely More Likely Critical 6.4 5.8
Media Foundation Information Disclosure Vulnerability
CVE-2020-1487 No No Less Likely Less Likely Important 5.5 5.0
Media Foundation Memory Corruption Vulnerability
CVE-2020-1525 No No Less Likely Less Likely Critical 7.8 7.0
CVE-2020-1379 No No Less Likely Less Likely Critical 7.8 7.0
CVE-2020-1477 No No Less Likely Less Likely Critical 7.8 7.0
CVE-2020-1478 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1492 No No Less Likely Less Likely Critical 7.8 7.0
CVE-2020-1554 No No Less Likely Less Likely Critical 8.0 7.6
Microsoft Access Remote Code Execution Vulnerability
CVE-2020-1582 No No Less Likely Less Likely Important    
Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
CVE-2020-1591 No No - - Important    
Microsoft Edge Memory Corruption Vulnerability
CVE-2020-1569 No No - - Important 4.2 3.8
Microsoft Edge PDF Remote Code Execution Vulnerability
CVE-2020-1568 No No - - Critical 4.2 3.8
Microsoft Excel Information Disclosure Vulnerability
CVE-2020-1497 No No Less Likely Less Likely Important    
Microsoft Excel Remote Code Execution Vulnerability
CVE-2020-1494 No No Less Likely Less Likely Important    
CVE-2020-1495 No No Less Likely Less Likely Important    
CVE-2020-1496 No No Less Likely Less Likely Important    
CVE-2020-1498 No No Less Likely Less Likely Important    
CVE-2020-1504 No No - - Important    
Microsoft Graphics Components Remote Code Execution Vulnerability
CVE-2020-1561 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1562 No No Less Likely Less Likely Important 7.8 7.0
Microsoft Office Click-to-Run Elevation of Privilege Vulnerability
CVE-2020-1581 No No Less Likely Less Likely Important    
Microsoft Office Remote Code Execution Vulnerability
CVE-2020-1563 No No Less Likely Less Likely Important    
Microsoft Office SharePoint XSS Vulnerability
CVE-2020-1573 No No Less Likely Less Likely Important    
CVE-2020-1580 No No Less Likely Less Likely Important    
Microsoft Outlook Information Disclosure Vulnerability
CVE-2020-1493 No No Less Likely Less Likely Important    
Microsoft Outlook Memory Corruption Vulnerability
CVE-2020-1483 No No Less Likely Less Likely Critical    
Microsoft SQL Server Management Studio Denial of Service Vulnerability
CVE-2020-1455 No No - - Important    
Microsoft SharePoint Information Disclosure Vulnerability
CVE-2020-1505 No No Less Likely Less Likely Important    
Microsoft SharePoint Spoofing Vulnerability
CVE-2020-1499 No No Less Likely Less Likely Important    
CVE-2020-1500 No No Less Likely Less Likely Important    
CVE-2020-1501 No No Less Likely Less Likely Important    
Microsoft Windows Codecs Library Remote Code Execution Vulnerability
CVE-2020-1560 No No - - Critical 7.3 6.6
CVE-2020-1574 No No Less Likely Less Likely Critical 7.3 6.6
CVE-2020-1585 No No - - Critical 8.8 7.9
Microsoft Word Information Disclosure Vulnerability
CVE-2020-1502 No No Less Likely Less Likely Important    
CVE-2020-1503 No No Less Likely Less Likely Important    
CVE-2020-1583 No No Less Likely Less Likely Important    
Netlogon Elevation of Privilege Vulnerability
CVE-2020-1472 No No Less Likely Less Likely Critical 8.8 7.9
Scripting Engine Memory Corruption Vulnerability
CVE-2020-1380 No Yes - - Critical 6.4 5.8
CVE-2020-1555 No No - - Critical    
CVE-2020-1570 No No More Likely More Likely Critical 6.4 5.8
Visual Studio Code Remote Code Execution Vulnerability
CVE-2020-0604 No No Less Likely Less Likely Important    
Win32k Information Disclosure Vulnerability
CVE-2020-1510 No No Less Likely Less Likely Important 5.5 5.0
Windows ARM Information Disclosure Vulnerability
CVE-2020-1459 No No Less Likely Less Likely Important 5.5 5.0
Windows Accounts Control Elevation of Privilege Vulnerability
CVE-2020-1531 No No Less Likely Less Likely Important 7.8 7.0
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2020-1587 No No More Likely More Likely Important 7.8 7.0
Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
CVE-2020-1488 No No Less Likely Less Likely Important 7.8 7.0
Windows Backup Engine Elevation of Privilege Vulnerability
CVE-2020-1535 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1536 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1539 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1540 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1541 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1542 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1543 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1544 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1545 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1546 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1547 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1551 No No Less Likely Less Likely Important 7.8 7.0
Windows Backup Service Elevation of Privilege Vulnerability
CVE-2020-1534 No No Less Likely Less Likely Important 7.8 7.0
Windows CDP User Components Elevation of Privilege Vulnerability
CVE-2020-1549 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1550 No No Less Likely Less Likely Important 7.8 7.0
Windows CSC Service Elevation of Privilege Vulnerability
CVE-2020-1489 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1513 No No Less Likely Less Likely Important 7.8 7.0
Windows Custom Protocol Engine Elevation of Privilege Vulnerability
CVE-2020-1527 No No Less Likely Less Likely Important 7.8 7.0
Windows Elevation of Privilege Vulnerability
CVE-2020-1565 No No Less Likely Less Likely Important    
Windows File Server Resource Management Service Elevation of Privilege Vulnerability
CVE-2020-1517 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1518 No No Less Likely Less Likely Important 7.8 7.0
Windows Font Driver Host Remote Code Execution Vulnerability
CVE-2020-1520 No No Less Likely Less Likely Important 7.8 7.0
Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability
CVE-2020-1579 No No Less Likely Less Likely Important 7.8 7.0
Windows GDI Elevation of Privilege Vulnerability
CVE-2020-1529 No No More Likely More Likely Important 7.8 7.0
CVE-2020-1480 No No More Likely More Likely Important 7.8 7.0
Windows Hard Link Elevation of Privilege Vulnerability
CVE-2020-1467 No No Less Likely Less Likely Important 7.8 7.0
Windows Image Acquisition Service Information Disclosure Vulnerability
CVE-2020-1474 No No Less Likely Less Likely Important 5.5 5.0
CVE-2020-1485 No No Less Likely Less Likely Important 5.0 4.5
Windows Kernel Elevation of Privilege Vulnerability
CVE-2020-1417 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1486 No No Less Likely Less Likely Important    
CVE-2020-1566 No No More Likely More Likely Important    
Windows Kernel Information Disclosure Vulnerability
CVE-2020-1578 No No More Likely More Likely Important 5.5 5.0
Windows Media Remote Code Execution Vulnerability
CVE-2020-1339 No No Less Likely Less Likely Critical 7.3 6.6
Windows Network Connection Broker Elevation of Privilege Vulnerability
CVE-2020-1526 No No Less Likely Less Likely Important 7.8 7.0
Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2020-1337 No No Less Likely Less Likely Important 7.8 7.0
Windows RRAS Service Information Disclosure Vulnerability
CVE-2020-1383 No No Less Likely Less Likely Important 5.5 5.0
Windows Radio Manager API Elevation of Privilege Vulnerability
CVE-2020-1528 No No Less Likely Less Likely Important 7.8 7.0
Windows Registry Elevation of Privilege Vulnerability
CVE-2020-1377 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1378 No No Less Likely Less Likely Important 7.8 7.0
Windows Remote Access Elevation of Privilege Vulnerability
CVE-2020-1530 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1537 No No Less Likely Less Likely Important 7.8 7.0
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
CVE-2020-1466 No No - - Important 7.5 6.7
Windows Runtime Elevation of Privilege Vulnerability
CVE-2020-1553 No No Less Likely Less Likely Important 7.8 7.0
Windows Server Resource Management Service Elevation of Privilege Vulnerability
CVE-2020-1475 No No Less Likely Less Likely Important 7.0 6.3
Windows Setup Elevation of Privilege Vulnerability
CVE-2020-1571 No No Less Likely Less Likely Important 7.8 7.0
Windows Speech Runtime Elevation of Privilege Vulnerability
CVE-2020-1521 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1522 No No Less Likely Less Likely Important 7.8 7.0
Windows Speech Shell Components Elevation of Privilege Vulnerability
CVE-2020-1524 No No Less Likely Less Likely Important 7.8 7.0
Windows Spoofing Vulnerability
CVE-2020-1464 Yes Yes Detected Detected Important 5.3 5.1
Windows State Repository Service Information Disclosure Vulnerability
CVE-2020-1512 No No Less Likely Less Likely Important 5.5 5.0
Windows Storage Service Elevation of Privilege Vulnerability
CVE-2020-1490 No No Less Likely Less Likely Important 7.0 6.3
Windows Telephony Server Elevation of Privilege Vulnerability
CVE-2020-1515 No No Less Likely Less Likely Important 7.8 7.0
Windows UPnP Device Host Elevation of Privilege Vulnerability
CVE-2020-1519 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1538 No No Less Likely Less Likely Important 7.8 7.0
Windows WaasMedic Service Information Disclosure Vulnerability
CVE-2020-1548 No No Less Likely Less Likely Important 7.8 7.0
Windows WalletService Elevation of Privilege Vulnerability
CVE-2020-1533 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1556 No No Less Likely Less Likely Important    
Windows Work Folder Service Elevation of Privilege Vulnerability
CVE-2020-1552 No No Less Likely Less Likely Important    
Windows Work Folders Service Elevation of Privilege Vulnerability
CVE-2020-1470 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1516 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1484 No No Less Likely Less Likely Important 7.8 7.0
Windows dnsrslvr.dll Elevation of Privilege Vulnerability
CVE-2020-1584 No No More Likely More Likely Important 7.8 7.0

--
Renato Marinho
Morphus Labs| LinkedIn|Twitter

 Renato

62 Posts
ISC Handler
Aug 11th 2020
Thread locked Subscribe Aug 11th 2020
6 months ago
Did you intend the "yes"es under exploited to be green or red?
CVE-2020-1380 No Yes
CVE-2020-1464 Yes Yes
 Anonymous
Quote Aug 11th 2020
6 months ago
It should be 'red'. It seems we had a problem with the table generation.

It's fixed now.

Thanks for the heads up.
 Renato

62 Posts
ISC Handler
Quote Aug 11th 2020
6 months ago
CVSS for https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472
is now 10
 beamer

12 Posts
Quote Aug 12th 2020
6 months ago

Sign Up for Free or Log In to start participating in the conversation!