Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Microsoft September 2020 Patch Tuesday SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft September 2020 Patch Tuesday

This month we got patches for 129 vulnerabilities. Of these, 23 are critical and none of them was previously disclosed or is being exploited according to Microsoft.

Amongst the critical ones, there is a remote code execution (RCE) vulnerability in Microsoft SharePoint (CVE-2020-1210) with a CVSS score of 9.9 (the highest this month). The vulnerability exists when the software fails to check the source markup of an application package. To exploit this vulnerability, an attacker has to upload a specially crafted SharePoint application package to a vulnerable SharePoint.

There is also an RCE in Microsoft Exchange (CVE-2020-16875), with a CVSS score of 9.1. To exploit this vulnerability, an attacker has to send a specially crafted e-mail to a vulnerable Exchange Server. An attacker who successfully exploits this vulnerability could run arbitrary code in the context of System user.

A third vulnerability worth mentioning is an RCE affecting Active Directory (CVE-2020-0761) when integrated with DNS (ADIDNS). An authenticated attacker could run arbitrary code in the context of Local System account if successfully exploits this vulnerability. To exploit the vulnerability, an authenticated attacker could send malicious requests to an Active Directory integrated DNS (ADIDNS) server. The CVSS score for this vulnerability is 8.8.

See Renato's dashboard for a more detailed breakout: https://patchtuesdaydashboard.com

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
ADFS Spoofing Vulnerability
CVE-2020-0837 No No Less Likely Less Likely Important 5.0 4.5
Active Directory Information Disclosure Vulnerability
CVE-2020-0664 No No More Likely More Likely Important 6.5 5.9
CVE-2020-0856 No No More Likely More Likely Important 6.5 5.9
Active Directory Remote Code Execution Vulnerability
CVE-2020-0718 No No Less Likely Less Likely Important 8.8 7.9
CVE-2020-0761 No No Less Likely Less Likely Important 8.8 7.9
Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
CVE-2020-1590 No No Less Likely Less Likely Important 5.5 5.0
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
CVE-2020-1130 No No Less Likely Less Likely Important 6.6 5.9
CVE-2020-1133 No No Less Likely Less Likely Important 5.5 5.0
DirectX Elevation of Privilege Vulnerability
CVE-2020-1053 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1308 No No More Likely More Likely Important 7.0 6.3
GDI+ Remote Code Execution Vulnerability
CVE-2020-1285 No No Less Likely Less Likely Critical 8.4 7.6
Group Policy Elevation of Privilege Vulnerability
CVE-2020-1013 No No Less Likely Less Likely Important 7.5 6.7
Internet Explorer Browser Helper Object (BHO) Memory Corruption Vulnerability
CVE-2020-16884 No No Less Likely Less Likely Important 4.2 3.8
Jet Database Engine Remote Code Execution Vulnerability
CVE-2020-1039 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1074 No No Less Likely Less Likely Important 7.8 7.0
Microsoft ASP.NET Core Security Feature Bypass Vulnerability
CVE-2020-1045 No No Less Likely Less Likely Important 7.5 6.7
Microsoft Browser Memory Corruption Vulnerability
CVE-2020-0878 No No Less Likely Less Likely Critical 4.2 3.8
Microsoft COM for Windows Elevation of Privilege Vulnerability
CVE-2020-1507 No No Less Likely Less Likely Important 7.9 7.1
Microsoft COM for Windows Remote Code Execution Vulnerability
CVE-2020-0922 No No Less Likely Less Likely Critical 8.8 7.9
Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
CVE-2020-16858 No No Less Likely Less Likely Important 5.4 4.9
CVE-2020-16859 No No Less Likely Less Likely Important 5.4 4.9
CVE-2020-16861 No No Less Likely Less Likely Important 5.4 4.9
CVE-2020-16864 No No Less Likely Less Likely Important 5.4 4.9
CVE-2020-16872 No No Less Likely Less Likely Important 7.6 6.8
CVE-2020-16878 No No Less Likely Less Likely Important 5.4 4.9
CVE-2020-16871 No No Less Likely Less Likely Important 5.4 4.9
Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
CVE-2020-16860 No No Less Likely Less Likely Important 6.8 6.1
CVE-2020-16862 No No Less Likely Less Likely Critical 7.1 6.4
Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
CVE-2020-16857 No No - - Critical 7.1 6.4
Microsoft Excel Information Disclosure Vulnerability
CVE-2020-1224 No No Less Likely Less Likely Important 5.5 5.0
Microsoft Excel Remote Code Execution Vulnerability
CVE-2020-1193 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1332 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1335 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1594 No No Less Likely Less Likely Important 7.8 7.0
Microsoft Exchange Memory Corruption Vulnerability
CVE-2020-16875 No No Less Likely Less Likely Critical 9.1 8.2
Microsoft Graphics Component Information Disclosure Vulnerability
CVE-2020-0921 No No Less Likely Less Likely Important 5.5 5.0
CVE-2020-1083 No No Less Likely Less Likely Important 5.5 5.0
Microsoft Office Information Disclosure Vulnerability
CVE-2020-16855 No No Less Likely Less Likely Important 5.5 5.0
Microsoft Office SharePoint XSS Vulnerability
CVE-2020-1345 No No Less Likely Less Likely Important 7.4 6.7
CVE-2020-1575 No No Less Likely Less Likely Important 5.4 4.9
CVE-2020-1198 No No - - Important 7.4 6.7
CVE-2020-1227 No No - - Important 5.4 4.9
CVE-2020-1482 No No Less Likely Less Likely Important 6.3 5.7
CVE-2020-1514 No No Less Likely Less Likely Important 5.4 4.9
Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2020-1452 No No Less Likely Less Likely Critical 8.6 7.7
CVE-2020-1453 No No Less Likely Less Likely Critical 8.6 7.7
CVE-2020-1576 No No Less Likely Less Likely Critical 8.5 7.6
CVE-2020-1200 No No Less Likely Less Likely Critical 8.6 7.7
CVE-2020-1210 No No Less Likely Less Likely Critical 9.9 8.9
CVE-2020-1595 No No Less Likely Less Likely Critical 9.9 8.9
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2020-1460 No No Less Likely Less Likely Critical 8.6 7.7
Microsoft SharePoint Server Tampering Vulnerability
CVE-2020-1440 No No Less Likely Less Likely Important 6.3 5.7
CVE-2020-1523 No No Less Likely Less Likely Important 8.9 8.0
Microsoft SharePoint Spoofing Vulnerability
CVE-2020-1205 No No Less Likely Less Likely Important 4.6 4.2
Microsoft Store Runtime Elevation of Privilege Vulnerability
CVE-2020-0766 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1146 No No Less Likely Less Likely Important 6.6 5.9
Microsoft Windows Codecs Library Remote Code Execution Vulnerability
CVE-2020-1129 No No Less Likely Less Likely Critical 8.8 7.9
CVE-2020-1319 No No Less Likely Less Likely Critical 7.3 6.6
Microsoft Word Remote Code Execution Vulnerability
CVE-2020-1218 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1338 No No Less Likely Less Likely Important 7.8 7.0
Microsoft splwow64 Elevation of Privilege Vulnerability
CVE-2020-0790 No No Less Likely Less Likely Important 7.8 7.0
Microsoft splwow64 Information Disclosure Vulnerability
CVE-2020-0875 No No Less Likely Less Likely Important 5.5 5.0
NTFS Elevation of Privilege Vulnerability
CVE-2020-0838 No No Less Likely Less Likely Important 7.8 7.0
OneDrive for Windows Elevation of Privilege Vulnerability
CVE-2020-16851 No No Less Likely Less Likely Important 7.1 6.4
CVE-2020-16852 No No Less Likely Less Likely Important 7.1 6.4
CVE-2020-16853 No No Less Likely Less Likely Important 7.1 6.4
Projected Filesystem Information Disclosure Vulnerability
CVE-2020-16879 No No Less Likely Less Likely Important 5.5 5.0
Projected Filesystem Security Feature Bypass Vulnerability
CVE-2020-0805 No No Less Likely Less Likely Important 5.3 4.8
SQL Server Reporting Services Security Feature Bypass Vulnerability
CVE-2020-1044 No No Less Likely Less Likely Moderate 4.3 3.9
Scripting Engine Memory Corruption Vulnerability
CVE-2020-1057 No No Less Likely Less Likely Critical 4.2 3.8
CVE-2020-1172 No No Less Likely Less Likely Critical 4.2 3.8
CVE-2020-1180 No No Less Likely Less Likely Important 4.2 3.8
Shell infrastructure component Elevation of Privilege Vulnerability
CVE-2020-0870 No No Less Likely Less Likely Important 7.8 7.0
TLS Information Disclosure Vulnerability
CVE-2020-1596 No No Less Likely Less Likely Important 5.4 4.9
Visual Studio JSON Remote Code Execution Vulnerability
CVE-2020-16881 No No Less Likely Less Likely Important 7.8 7.0
Visual Studio Remote Code Execution Vulnerability
CVE-2020-16856 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-16874 No No Less Likely Less Likely Critical 7.8 7.0
Win32k Elevation of Privilege Vulnerability
CVE-2020-1245 No No More Likely More Likely Important 7.0 6.3
Win32k Information Disclosure Vulnerability
CVE-2020-0941 No No More Likely More Likely Important 5.5 5.0
CVE-2020-1250 No No Less Likely Less Likely Important 5.5 5.0
WinINet API Elevation of Privilege Vulnerability
CVE-2020-1012 No No Less Likely Less Likely Important 8.8 7.9
Windows Camera Codec Pack Remote Code Execution Vulnerability
CVE-2020-0997 No No Less Likely Less Likely Critical 7.8 7.0
Windows CloudExperienceHost Elevation of Privilege Vulnerability
CVE-2020-1471 No No Less Likely Less Likely Important 6.1 5.5
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2020-1115 No No More Likely More Likely Important 7.8 7.0
Windows Cryptographic Catalog Services Elevation of Privilege Vulnerability
CVE-2020-0782 No No Less Likely Less Likely Important 7.8 7.0
Windows DHCP Server Information Disclosure Vulnerability
CVE-2020-1031 No No Less Likely Less Likely Important 7.5 6.7
Windows DNS Denial of Service Vulnerability
CVE-2020-0836 No No Less Likely Less Likely Important 7.5 6.7
CVE-2020-1228 No No Less Likely Less Likely Important 7.5 6.7
Windows Defender Application Control Security Feature Bypass Vulnerability
CVE-2020-0951 No No Less Likely Less Likely Important 6.7 6.0
Windows Elevation of Privilege Vulnerability
CVE-2020-1376 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1052 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1159 No No Less Likely Less Likely Important 5.3 4.8
Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability
CVE-2020-0912 No No Less Likely Less Likely Important 7.0 6.3
Windows Function Discovery Service Elevation of Privilege Vulnerability
CVE-2020-1491 No No Less Likely Less Likely Important 7.8 7.0
Windows GDI Information Disclosure Vulnerability
CVE-2020-1256 No No Less Likely Less Likely Important 5.5 5.0
Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2020-0998 No No Less Likely Less Likely Important 7.8 7.0
Windows Graphics Component Information Disclosure Vulnerability
CVE-2020-1091 No No Less Likely Less Likely Important 6.5 5.9
CVE-2020-1097 No No Less Likely Less Likely Important 6.5 5.9
Windows Hyper-V Denial of Service Vulnerability
CVE-2020-0890 No No Less Likely Less Likely Important 6.5 5.9
CVE-2020-0904 No No Less Likely Less Likely Important 6.5 5.9
Windows Information Disclosure Vulnerability
CVE-2020-1119 No No Less Likely Less Likely Important 5.5 5.0
Windows InstallService Elevation of Privilege Vulnerability
CVE-2020-1532 No No Less Likely Less Likely Important 7.8 7.0
Windows Kernel Elevation of Privilege Vulnerability
CVE-2020-1034 No No Less Likely Less Likely Important 6.8 6.1
Windows Kernel Information Disclosure Vulnerability
CVE-2020-1589 No No Less Likely Less Likely Important 4.4 4.0
CVE-2020-1592 No No Less Likely Less Likely Important 5.1 4.6
CVE-2020-0928 No No Less Likely Less Likely Important 5.5 5.0
CVE-2020-1033 No No Less Likely Less Likely Important 4.0 3.6
CVE-2020-16854 No No Less Likely Less Likely Important 5.5 5.0
Windows Language Pack Installer Elevation of Privilege Vulnerability
CVE-2020-1122 No No Less Likely Less Likely Important 5.5 5.0
Windows Media Audio Decoder Remote Code Execution Vulnerability
CVE-2020-1508 No No Less Likely Less Likely Critical 7.6 6.8
CVE-2020-1593 No No Less Likely Less Likely Critical 7.6 6.8
Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability
CVE-2020-0989 No No Less Likely Less Likely Important 5.5 5.0
Windows Modules Installer Elevation of Privilege Vulnerability
CVE-2020-0911 No No Less Likely Less Likely Important 7.8 7.0
Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2020-1030 No No Less Likely Less Likely Important 7.8 7.0
Windows RSoP Service Application Elevation of Privilege Vulnerability
CVE-2020-0648 No No Less Likely Less Likely Important 7.8 7.0
Windows Remote Code Execution Vulnerability
CVE-2020-1252 No No Less Likely Less Likely Critical 7.8 7.0
Windows Routing Utilities Denial of Service
CVE-2020-1038 No No Less Likely Less Likely Important 5.5 5.0
Windows Runtime Elevation of Privilege Vulnerability
CVE-2020-1169 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1303 No No Less Likely Less Likely Important 5.5 5.0
Windows Shell Infrastructure Component Elevation of Privilege Vulnerability
CVE-2020-1098 No No Less Likely Less Likely Important 7.8 7.0
Windows Start-Up Application Elevation of Privilege Vulnerability
CVE-2020-1506 No No Less Likely Less Likely Important 6.1 5.5
Windows State Repository Service Information Disclosure Vulnerability
CVE-2020-0914 No No Less Likely Less Likely Important 5.5 5.0
Windows Storage Services Elevation of Privilege Vulnerability
CVE-2020-1559 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0886 No No Less Likely Less Likely Important 7.8 7.0
Windows Text Service Module Remote Code Execution Vulnerability
CVE-2020-0908 No No Less Likely Less Likely Critical 7.5 6.7
Windows UPnP Service Elevation of Privilege Vulnerability
CVE-2020-1598 No No Less Likely Less Likely Important 6.1 5.5
Windows Win32k Elevation of Privilege Vulnerability
CVE-2020-1152 No No More Likely More Likely Important 5.8 5.2
Windows dnsrslvr.dll Elevation of Privilege Vulnerability
CVE-2020-0839 No No Less Likely Less Likely Important 7.8 7.0
Xamarin.Forms Spoofing Vulnerability
CVE-2020-16873 No No Less Likely Less Likely Important 4.7 4.4

--
Renato Marinho
Morphus Labs| LinkedIn|Twitter

 Renato

63 Posts
ISC Handler
Sep 8th 2020
Thread locked Subscribe Sep 8th 2020
7 months ago

Sign Up for Free or Log In to start participating in the conversation!