Microsoft Security Bulletin December 2020 has rolled out December Patch Tuesday security updates for 58 vulnerabilities in its product line, including Windows operating system, Edge browser, Microsoft Office and services, and developer tools. Out of these 9 are classified as critical, while 46 of them have been classified as important. The vulnerabilities are categorized under remote code execution, security feature bypass, spoofing, tampering, and denial of service.
A partially fixed vulnerability exists in Active Directory’s Kerberos security feature, which requires an enhanced windows server update planned for February 2021. There is no zero-day exploit this month.
Hyper-V Remote Code Execution Vulnerability | CVE-2020-17095
Remote Code Execution (RCE) Vulnerability allows the untrusted commands to be executed in the victim’s device without authentication. This vulnerability exists in Microsoft Windows Operating System’s Hyper-V native hardware virtualization application. Attackers can create a specially crafted malware targeting the Hyper-V guest operating system that might execute arbitrary code in the host operating system if the windows fail to validate the vSMB data packets.
- On successful exploitation, an attacker can execute malicious commands remotely with high privileges, including view, modify, delete the local data. While exploited against admin mode, the attacker can create new users and could be able to modify existing user privileges.
Microsoft Exchange Information Disclosure Vulnerability | CVE-2020-17143
Information Disclosure vulnerability can be used against the victim’s networks and systems to enumerate the infrastructure behind the implementation of those devices, which leads to the leakage of confidential information such as password hashes, routing information, ARP table records, and files systems. Likewise, this vulnerability targets the Microsoft Exchange Mail Server. A remote attacker can send malicious requests to the server, which tricks the server into responding with internal information that must be restricted within the server’s local environment.
- On successful exploitation, an attacker can access sensitive information such as server version and installed patches without authorization, which leads to an increase in the chances of compromising other systems in the same network.
Kerberos Security Feature Bypass Vulnerability | CVE-2020-16996
A Security Feature Bypass (SFB) Vulnerability exists in the Kerberos network authentication protocol. This vulnerability only exists in the systems which implemented Protected Users and Resource-Based Constrained Delegation (RBCD) in the Windows Active Directory Domain. This vulnerability is not completely fixed and requires future enhanced windows server updates.
- On successful exploitation, an attacker can bypass the security feature by adding a fake user into the domain and evade the authentication phase by adding the user to the protected user list and perform malicious activities inside the shared domain.
Microsoft SharePoint Remote Code Execution Vulnerability | CVE-2020-17121
A Remote Code Execution (RCE) vulnerability exists in Microsoft SharePoint, allowing arbitrary code execution on the affected servers. An authenticated user can execute a malicious .NET code in the server using a SharePoint Web Application service account.
- On successful exploitation, an attacker can execute specially crafted code on the restricted server. This could lead to an increase in the extent of attack surface further to compromise other systems.
Microsoft Security Bulletin Summary for December 2020
- Microsoft Windows
- Microsoft Edge (EdgeHTML-based)
- Microsoft Edge for Android
- Microsoft Office and Microsoft Office Services and Web Apps
- Microsoft Exchange Server
- Azure DevOps
- Microsoft Dynamics
- Visual Studio
- Azure SDK
- Azure Sphere
Product: Microsoft Windows
CVEs/Advisory: ADV200013, CVE-2020-17136, CVE-2020-16996, CVE-2020-17138, CVE-2020-17092, CVE-2020-17139, CVE-2020-17103, CVE-2020-17137, CVE-2020-17098 , CVE-2020-16960, CVE-2020-16958 , CVE-2020-16959, CVE-2020-16961 , CVE-2020-16964, CVE-2020-16963, CVE-2020-16962, CVE-2020-17094, CVE-2020-17095, CVE-2020-17099, CVE-2020-17097, CVE-2020-17096, CVE-2020-17140
Impact: Elevation of Privilege, Remote Code Execution, Information Disclosure, Denial of Service, Security Feature Bypass, Spoofing.
KBs: 4586781, 4586785, 4586786, 4586787, 4586793, 4586808, 4586823, 4586830, 4586834, 4586845, 4592438, 4592440, 4592446, 4592449, 4592464, 4592468, 4592484, 4592495, 4592497, 4593226
Product: Microsoft Office and Microsoft Office Services and Web Apps
CVEs: CVE-2020-17130, CVE-2020-17128, CVE-2020-17129 , CVE-2020-17124, CVE-2020-17123, CVE-2020-17119, CVE-2020-17125, CVE-2020-17127, CVE-2020-17126, CVE-2020-17122, CVE-2020-17115, CVE-2020-17120, CVE-2020-17121, CVE-2020-17118, CVE-2020-17089
Impact: Elevation of Privilege, Remote Code Execution, Information Disclosure, Security Feature Bypass, Spoofing.
KBs: 4493138, 4493139, 4493140, 4493148, 4493149
Product: Microsoft Exchange Server
CVEs: CVE-2020-17117, CVE-2020-17132, CVE-2020-17141, CVE-2020-17142, CVE-2020-17143, CVE-2020-17144
Impact: Remote Code Execution, Information Disclosure, Denial of Service.
KBs: 4593465, 4593466, 4593467
Product: Azure Sphere
Impact: Security Feature Bypass, Tampering.
Product: Microsoft Dynamics
CVEs: CVE-2020-17133, CVE-2020-17147, CVE-2020-17152, CVE-2020-17158
Impact: Remote Code Execution, Information Disclosure, Spoofing.
KBs: 4583556, 4584611, 4584612, 4595459, 4595462
Product: Developer Tools (Azure DevOps, Azure SDK, and Visual Studio)
CVEs: CVE-2020-17145, CVE-2020-17135, CVE-2020-17002, CVE-2020-16971, CVE-2020-17148, CVE-2020-17159, CVE-2020-17156, CVE-2020-17150
Impact: Remote Code Execution, Security Feature Bypass, Spoofing, Tampering.