Microsoft Pushes 123 Fixes With This Month’s Patch Tuesday

  • Microsoft has released another fixing update for Windows components, plugging 17 critical flaws. 
  • The vulnerabilities concern remote code execution, elevation of privilege, and memory corruption cases.
  • None of the bugs have been noticed on actual attacks in the wild, as they were all discovered in the lab.

Another monthly fixing update for Microsoft Windows has landed, and this time, it squashes a total of 123 bugs. Seventeen of the identified flaws are classified as “critical,” 95 are “important,” and the rest are considered to be of “moderate” criticality. As always, you are advised to apply the available patch as soon as possible, as this is crucial in keeping your system secure. Many of the disclosed vulnerabilities concern remote code execution (RCE) flaws, some have to do with memory corruption, and others are based on local privilege escalation scenarios, so the full spectrum is covered.

Here are the most crucial flaws, as highlighted by the Sophos Labs and the Cisco Talos teams:

CVE-2020-1023, CVE-2020-1024, CVE-2020-1069, CVE-2020-1102: These are all RCE flaws affecting the Microsoft SharePoint web-based collaboration platform. By uploading a specially crafted packet onto the SharePoint server, or by convincing the target to open a malicious file, an attacker could execute code on the victim’s machine or server.

CVE-2020-1062: This is a memory corruption vulnerability affecting the Internet Explorer browser. For its triggering, an attacker would need to lead the victim into visiting a specially crafted web page. This would eventually lead to an RCE scenario.

CVE-2020-1054,CVE-2020-1143, CVE-2020-0915,CVE-2020-0916,CVE-2020-0963,CVE-2020-1141,CVE-2020-1142,CVE-2020-1145, CVE-2020-1135,CVE-2020-1153: These ten flaws affect the Windows Graphic Components, and are leading to local elevation of privilege conditions. There are some prerequisites for them to work, like having access to the Windows graphic session and being able to execute code. Still, a knowledgeable attacker could potentially elevate privileges to SYSTEM.

CVE-2020-1037, CVE-2020-1056, CVE-2020-1059, CVE-2020-1096, CVE-2020-1062, CVE-2020-1092, CVE-2020-1093: These flaws concern the Edge web browser that Microsoft has been pushing for adoption aggressively, and more specifically its ChakraCore JavaScript engine. Some of the identified vulnerabilities are also found in the VB Scripting engine of Internet Explorer 11.

CVE-2020-1084, CVE-2020-1123, CVE-2020-1137, CVE-2020-1081: These four are bugs in Windows services like printing, push notifications, the background intelligent transfer service (BITS) and the connected user experiences and telemetry service. They are not easy to trigger as they would require higher privileges to abuse symbolic links and junctions.

CVE-2020-1103: This is an information disclosure flaw affecting SharePoint. An attacker could exploit it to launch a successful cross-site search assault, potentially obtaining information by running search queries as the logged-in user.

Microsoft hasn’t provided technical details on most of the above, for reasons of security and precaution. In addition, they have specified that all of the fixed bugs were discovered in the lab and that none of them were detected in the wild. Thus, the chances of cyber-criminals knowing about how to exploit the 123 fixed bugs are slim, but no one can rule this out with certainty.

REVIEW OVERVIEW

Recent Articles

Joseph Feiman, WhiteHat Security: We Have to Do More to Protect Election Software Systems

WhiteHat Security, Chief Strategy Officer, Joseph Feiman has been in the business for many years now, and he agreed to speak to us about...

5 Best Adult Addons for Kodi in 2020

These are the best Kodi adult addons you'll find in 2020. Best All-Around Porn Kodi Addon - XXX-O-DUS Best for Watching Full-Length Movies -...

5 Best Kodi Repositories in 2020 – Your Gateway to Hundreds of High-Quality Kodi Addons!

Here's our overview of the best Kodi repositories in 2020. Best All-Around Kodi Repository - Official Kodi Repository Best Third-Party Kodi Repository - TVAddons...