Microsoft Security Bulletin December 2020 has rolled out December Patch Tuesday security updates for 58 vulnerabilities in its product line, including Windows operating system, Edge browser, Microsoft Office and services, and developer tools. Out of these 9 are classified as critical, while 46 of them have been classified as important. The vulnerabilities are categorized under remote code execution, security feature bypass, spoofing, tampering, and denial of service. This came to realization using their vulnerability management tool.
A partially fixed vulnerability exists in Active Directory’s Kerberos security feature, which requires an enhanced windows server update planned for February 2021. A auto patching solution can do this. There is no zero-day exploit this month.
Interesting Vulnerabilities
Hyper-V Remote Code Execution Vulnerability | CVE-2020-17095
Remote Code Execution (RCE) Vulnerability allows the untrusted commands to be executed in the victim’s device without authentication. This vulnerability exists in Microsoft Windows Operating System’s Hyper-V native hardware virtualization application. Attackers can create a specially crafted malware targeting the Hyper-V guest operating system that might execute arbitrary code in the host operating system therefore if the windows fail to validate the vSMB data packets.
- On successful exploitation, an attacker can execute malicious commands remotely with high privileges, including view, modify, delete the local data. While exploited against admin mode, the attacker can create new users and could be able to modify existing user privileges.
Microsoft Exchange Information Disclosure Vulnerability | CVE-2020-17143
Information Disclosure vulnerability can be used against the victim’s networks and systems to enumerate the infrastructure behind the implementation of those devices, which leads to the leakage of confidential information such as password hashes, routing information, ARP table records, and files systems. Likewise, this vulnerability targets the Microsoft Exchange Mail Server. A remote attacker can send malicious requests to the server, which tricks the server into responding with internal information therefore that must be restricted within the server’s local environment.
- On successful exploitation, an attacker can access sensitive information such as server version and installed patches without authorization, which leads to an increase in the chances of compromising other systems in the same network.
Kerberos Security Feature Bypass Vulnerability | CVE-2020-16996
A Security Feature Bypass (SFB) Vulnerability exists in the Kerberos network authentication protocol. This vulnerability only exists in the systems which implemented Protected Users and Resource-Based Constrained Delegation (RBCD) in the Windows Active Directory Domain. This vulnerability is not completely fixed and therefore requires future enhanced windows server updates.
- On successful exploitation, an attacker can bypass the security feature by adding a fake user into the domain and evade the authentication phase by adding the user to the protected user list and hence perform malicious activities inside the shared domain.
Microsoft SharePoint Remote Code Execution Vulnerability | CVE-2020-17121
A Remote Code Execution (RCE) vulnerability exists in Microsoft SharePoint, hence allowing arbitrary code execution on the affected servers. Additionally an authenticated user can execute a malicious .NET code in the server using a SharePoint Web Application service account.
- On successful exploitation, an attacker can therefore execute specially crafted code on the restricted server. This could lead to an increase in the extent of attack surface further to compromise other systems.
Microsoft Security Bulletin Summary for December 2020
- Microsoft Windows
- Microsoft Edge (EdgeHTML-based)
- Microsoft Edge for Android
- ChakraCore
- Microsoft Office and Microsoft Office Services and Web Apps
- Microsoft Exchange Server
- Azure DevOps
- Microsoft Dynamics
- Visual Studio
- Azure SDK
- Azure Sphere
Product: Microsoft Windows
CVEs/Advisory: ADV200013, CVE-2020-17136, CVE-2020-16996, CVE-2020-17138, CVE-2020-17092, CVE-2020-17139, CVE-2020-17103, CVE-2020-17137, CVE-2020-17098 , CVE-2020-16960, CVE-2020-16958 , CVE-2020-16959, CVE-2020-16961 , CVE-2020-16964, CVE-2020-16963, CVE-2020-16962, CVE-2020-17094, CVE-2020-17095, CVE-2020-17099, CVE-2020-17097, CVE-2020-17096, CVE-2020-17140
Impact: Elevation of Privilege, Remote Code Execution, Information Disclosure, Denial of Service, Security Feature Bypass, Spoofing.
Severity: Critical
KBs: 4586781, 4586785, 4586786, 4586787, 4586793, 4586808, 4586823, 4586830, 4586834, 4586845, 4592438, 4592440, 4592446, 4592449, 4592464, 4592468, 4592484, 4592495, 4592497, 4593226
Product: Browsers (Edge HTML Based, Edge Android, and ChakraCore)
CVEs: CVE-2020-17131, CVE-2020-17153
Impact: Remote Code Execution, Spoofing.
Severity: Critical
KBs: 4592440, 4592449
Product: Microsoft Office and Microsoft Office Services and Web Apps
CVEs: CVE-2020-17130, CVE-2020-17128, CVE-2020-17129 , CVE-2020-17124, CVE-2020-17123, CVE-2020-17119, CVE-2020-17125, CVE-2020-17127, CVE-2020-17126, CVE-2020-17122, CVE-2020-17115, CVE-2020-17120, CVE-2020-17121, CVE-2020-17118, CVE-2020-17089
Impact: Elevation of Privilege, Remote Code Execution, Information Disclosure, Security Feature Bypass, Spoofing.
Severity: Critical
KBs: 4493138, 4493139, 4493140, 4493148, 4493149
Product: Microsoft Exchange Server
CVEs: CVE-2020-17117, CVE-2020-17132, CVE-2020-17141, CVE-2020-17142, CVE-2020-17143, CVE-2020-17144
Impact: Remote Code Execution, Information Disclosure, Denial of Service.
Severity: Critical
KBs: 4593465, 4593466, 4593467
Product: Azure Sphere
CVEs: CVE-2020-17160
Impact: Security Feature Bypass, Tampering.
Severity: Critical
Product: Microsoft Dynamics
CVEs: CVE-2020-17133, CVE-2020-17147, CVE-2020-17152, CVE-2020-17158
Impact: Remote Code Execution, Information Disclosure, Spoofing.
Severity: Critical
KBs: 4583556, 4584611, 4584612, 4595459, 4595462
Product: Developer Tools (Azure DevOps, Azure SDK, and Visual Studio)
CVEs: CVE-2020-17145, CVE-2020-17135, CVE-2020-17002, CVE-2020-16971, CVE-2020-17148, CVE-2020-17159, CVE-2020-17156, CVE-2020-17150
Impact: Remote Code Execution, Security Feature Bypass, Spoofing, Tampering.
Severity: Important
SanerNow detects these vulnerabilities and hence automatically fixes them by applying security updates. Therefore download SanerNow and keep your systems updated and secure.