Microsoft Patch Tuesday November 2020 security updates released for 112 vulnerabilities in its product line including Windows operating system, Edge browser, and developer tools. Out of these one vulnerability is identified as a zero-day, 17 are classified as critical and 93 are therefore classified as important. The vulnerabilities are in the categories of elevation of privilege, remote code execution, memory corruption vulnerability, spoofing, tampering, and finally denial of service. This realization was made by using their vulnerability management tool.
The actively exploited zero-day (CVE-2020-17087) vulnerability is already disclosed by the security researchers at the end of October 2020. This publicly acknowledged zero-day vulnerability exists in the Windows Kernel. However, a patch management tool can patch this vulnerability.
Zero-day Vulnerability:
Windows Kernel Local Elevation of Privilege Vulnerability | CVE-2020-17087
This zero-day in Windows Kernel could therefore affect all the operating system versions released after Windows 7 including Server distributions. According to the Common Vulnerability Scoring System (CVSS), this actively exploited vulnerability takes a high impact, when the attacker exploits it against the unpatched systems. This leads the victim to be tricked by specially crafted application by the adversary and finally system compromise will be achieved. This active exploit is already disclosed and has proof of concept hence makes the probability even high to perform a successful attack against an unpatched system.
- On successful exploitation, the malicious actor can acquire the admin-level privileges, which led to full system compromise.Therefore the threat actor can extend his footprint to the network hierarchy if exploited against Windows Server Distribution.
Interesting Vulnerabilities:
Windows Network File System Information Disclosure Vulnerability | CVE-2020-17056
Information Disclosure vulnerability can be used against the victim’s networks and systems to enumerate the infrastructure behind the implementation of those devices, which leads to the leakage of confidential information such as password hashes, routing information, ARP table records, and files systems. Likewise, this vulnerability targets the Kernel space (High privileged space only accessed by the system itself) to read the memory regions which are prohibited to unprivileged users.
- On successful exploitation, the attacker can thus access the private network file system without authorization, which leads to an increase in his reachability and the probability of compromising other systems in the same network.
Raw Image Extension Remote Code Execution Vulnerability | CVE-2020-17078
Raw Image Extensions adds native viewing support for images finally captured in raw file formats. This app could therefore go unnoticed if an image viewer installs this app to the user’s system from the trusted Microsoft store on behalf of the user. Remote Code Execution (RCE) Vulnerability therefore allows the untrusted commands to be executed in the victim’s device without authentication.
- On successful exploitation, the adversary can take the full privilege to execute their commands remotely including view, modify, delete the local data, while exploited against admin mode, the attacker can create new users and could be able to modify existing user privileges.
Chakra Scripting Engine Memory Corruption Vulnerability | CVE-2020-17054
Remote Code Execution vulnerability hence exists in the way that the Chakra scripting engine handles objects in memory occupied by Microsoft Edge. This vulnerability is widely known as Chakra Scripting Engine Memory Corruption Vulnerability and hence exists in the various versions of the Chakra Scripting Engine in the past. ChakraCore is the core component behind Microsoft’s default browsers which resides in all windows systems therefore causes the attack vector to affect many users.
- On successful exploitation, the private memory space of the administrator accounts can therefore take control by the adversary which led the attacker to execute commands with the admin privilege including the creation of new users and deletion of existing users.
Microsoft Patch Tuesday November 2020 Bulletin Summary
- Microsoft Windows
- Microsoft Office and Microsoft Office Services and Web Apps
- Internet Explorer
- Microsoft Edge (EdgeHTML-based)
- Microsoft Edge (Chromium-based)
- ChakraCore
- Microsoft Exchange Server
- Microsoft Dynamics
- Microsoft Windows Codecs Library
- Azure Sphere
- Windows Defender
- Microsoft Teams
- Azure SDK
- Azure DevOps
- Visual Studio
- Product: Microsoft Windows
CVEs/Advisory: CVE-2020-1599, CVE-2020-16997, CVE-2020-16998, CVE-2020-16999, CVE-2020-17000, CVE-2020-17001, CVE-2020-17004, CVE-2020-17007, CVE-2020-17010, CVE-2020-17011, CVE-2020-17012
Impact: Elevation of Privilege, Remote Code Execution, Information Disclosure, Denial of Service, Security Feature Bypass, Spoofing.
Severity: Critical
KBs: 4586781, 4586785, 4586786, 4586787, 4586793, 4586808, 4586823, 4586830, 4586834, 4586845
2. Product: Microsoft Office and Microsoft Office Services and Web Apps
CVEs/Advisory: CVE-2020-16979, CVE-2020-17015, CVE-2020-17016, CVE-2020-17017, CVE-2020-17019, CVE-2020-17020, CVE-2020-17060, CVE-2020-17061, CVE-2020-17062, CVE-2020-17063, CVE-2020-17064, CVE-2020-17065, CVE-2020-17066, CVE-2020-17067, CVE-2020-17091
Impact: Remote Code Execution, Information Disclosure, Security Feature Bypass, Spoofing.
Severity: Important
KBs: 4484455, 4484508, 4484520, 4484534, 4486706, 4486713, 4486714, 4486717, 4486718, 4486719, 4486722, 4486723, 4486725, 4486727, 4486730, 4486733, 4486734, 4486737, 4486738, 4486740, 4486743, 4486744
3. Product: Browsers (Internet Explorer, Edge Chromium/HTML Based)
CVEs/Advisory: CVE-2020-17048, CVE-2020-17052, CVE-2020-17053, CVE-2020-17054, CVE-2020-17058
Impact: Remote Code Execution
Severity: Critical
KBs: 4586768, 4586781, 4586785, 4586786, 4586787, 4586793, 4586827, 4586830, 4586834, 4586845
More on Microsoft Bulletin Summary
4. Product: ChakraCore
CVEs/Advisory: CVE-2020-17048
Impact: Remote Code Execution
Severity: Critical
5. Product: Microsoft Exchange Server
CVEs/Advisory: CVE-2020-17083, CVE-2020-17084, CVE-2020-17085
Impact: Remote Code Execution, Denial of Service
Severity: Important
KBs: 4588741
6. Product: Microsoft Dynamics
CVEs/Advisory: CVE-2020-17006, CVE-2020-17005, CVE-2020-17021, CVE-2020-17018, CVE-2020-17018
Impact: Spoofing.
Severity: Important
KBs: 4577009, 4584611, 4584612
7. Product: Microsoft Windows Codecs Library
CVEs/Advisory: CVE-2020-17082, CVE-2020-17079, CVE-2020-17107, CVE-2020-17109, CVE-2020-17110, CVE-2020-17108, CVE-2020-17106, CVE-2020-17105, CVE-2020-17102, CVE-2020-17101, CVE-2020-17081, CVE-2020-17086, CVE-2020-17078
Impact: Remote Code Execution and then Information Disclosure
Severity: Critical
8. Product: Azure (Sphere, SDK, and DevOps)
CVEs/Advisory: CVE-2020-1325, CVE-2020-16970, CVE-2020-16981, CVE-2020-16982, CVE-2020-16983, CVE-2020-16984, CVE-2020-16985, CVE-2020-16986, CVE-2020-16987, CVE-2020-16988, CVE-2020-16989, CVE-2020-16990, CVE-2020-16991, CVE-2020-16992, CVE-2020-16993, CVE-2020-16994
Impact: Remote Code Execution, Information Disclosure, Denial of Service, Spoofing and then Tampering.
Severity: Critical
9. Product: Windows Defender
CVEs/Advisory: CVE-2020-17090
Impact: Security Feature Bypass
Severity: Critical
KBs: 4586785
10. Product: Microsoft Teams
CVEs/Advisory: CVE-2020-17091
Impact: Remote Code Execution
Severity: Important
11. Product: Visual Studio
CVEs/Advisory: CVE-2020-17023, CVE-2020-17100, CVE-2020-17104
Impact: Remote Code Execution, Spoofing and then Tampering
Severity: Important
SanerNow detects these vulnerabilities and hence automatically fixes them by applying security updates. Therefore Download SanerNow and keep your systems updated and secure.