microsoft-patch-tuesday-november-2020

Microsoft has rolled out November Patch Tuesday security updates for 112 vulnerabilities in its product line including Windows operating system, Edge browser, and developer tools. Out of these one vulnerability is identified as a zero-day17 are classified as critical and 93 are classified as important. The vulnerabilities are in the categories of elevation of privilege, remote code execution, memory corruption vulnerability, spoofing, tampering, and denial of service.

The actively exploited zero-day (CVE-2020-17087) vulnerability is already disclosed by the security researchers at the end of October 2020. This publicly acknowledged zero-day vulnerability exists in the Windows Kernel.


Zero-day Vulnerability

Windows Kernel Local Elevation of Privilege Vulnerability | CVE-2020-17087

This zero-day in Windows Kernel could affect all the operating system versions released after Windows 7 including Server distributions. According to the Common Vulnerability Scoring System (CVSS), this actively exploited vulnerability takes a high impact, when the attacker exploits it against the unpatched systems. Which leads the victim to be tricked by specially crafted application by the adversary and system compromise will be achieved. This active exploit is already disclosed and has proof of concept which makes the probability even high to perform a successful attack against an unpatched system.

  • On successful exploitation, the malicious actor can acquire the admin-level privileges, which led to full system compromise. The threat actor can extend his footprint to the network hierarchy if exploited against Windows Server Distribution.

Interesting Vulnerabilities

Windows Network File System Information Disclosure Vulnerability | CVE-2020-17056

Information Disclosure vulnerability can be used against the victim’s networks and systems to enumerate the infrastructure behind the implementation of those devices, which leads to the leakage of confidential information such as password hashes, routing information, ARP table records, and files systems. Likewise, this vulnerability targets the Kernel space (High privileged space only accessed by the system itself) to read the memory regions which are prohibited to the unprivileged users.

  • On successful exploitation, the attacker can access the private network file system without authorization, which leads to an increase in his reachability and the probability of compromising other systems in the same network.

Raw Image Extension Remote Code Execution Vulnerability | CVE-2020-17078

Raw Image Extensions adds native viewing support for images captured in raw file formats. This app could go unnoticed if an image viewer installs this app to the user’s system from the trusted Microsoft store on behalf of the user. Remote Code Execution (RCE) Vulnerability allows the untrusted commands to be executed in the victim’s device without authentication.

  • On successful exploitation, the adversary can take the full privilege to execute their commands remotely including view, modify, delete the local data, while exploited against admin mode, the attacker can create new users and could be able to modify existing user privileges.

Chakra Scripting Engine Memory Corruption Vulnerability | CVE-2020-17054

Remote Code Execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory occupied by Microsoft Edge. This vulnerability is widely known as Chakra Scripting Engine Memory Corruption Vulnerability and exists in the various versions of the Chakra Scripting Engine in the past. ChakraCore is the core component behind Microsoft’s default browsers which resides in all windows systems causes the attack vector to affect many users.

  • On successful exploitation, the private memory space of the administrator accounts can take control by the adversary which led the attacker to execute commands with the admin privilege including the creation of new users and deletion of existing users.

Microsoft Security Bulletin Summary for November 2020

  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Internet Explorer
  • Microsoft Edge (EdgeHTML-based)
  • Microsoft Edge (Chromium-based)
  • ChakraCore
  • Microsoft Exchange Server
  • Microsoft Dynamics
  • Microsoft Windows Codecs Library
  • Azure Sphere
  • Windows Defender
  • Microsoft Teams
  • Azure SDK
  • Azure DevOps
  • Visual Studio

Product: Microsoft Windows
CVEs/Advisory: CVE-2020-1599, CVE-2020-16997, CVE-2020-16998, CVE-2020-16999, CVE-2020-17000, CVE-2020-17001, CVE-2020-17004, CVE-2020-17007, CVE-2020-17010, CVE-2020-17011, CVE-2020-17012
Impact: Elevation of Privilege, Remote Code Execution, Information Disclosure, Denial of Service, Security Feature Bypass, Spoofing.
Severity: Critical
KBs: 4586781, 4586785, 4586786, 4586787, 4586793, 4586808, 4586823, 4586830, 4586834, 4586845


Product: Microsoft Office and Microsoft Office Services and Web Apps
CVEs/Advisory: CVE-2020-16979, CVE-2020-17015, CVE-2020-17016, CVE-2020-17017, CVE-2020-17019, CVE-2020-17020, CVE-2020-17060, CVE-2020-17061, CVE-2020-17062, CVE-2020-17063, CVE-2020-17064, CVE-2020-17065, CVE-2020-17066, CVE-2020-17067, CVE-2020-17091
Impact: Remote Code Execution, Information Disclosure, Security Feature Bypass, Spoofing.
Severity: Important
KBs: 4484455, 4484508, 4484520, 4484534, 4486706, 4486713, 4486714, 4486717, 4486718, 4486719, 4486722, 4486723, 4486725, 4486727, 4486730, 4486733, 4486734, 4486737, 4486738, 4486740, 4486743, 4486744


Product: Browsers (Internet Explorer, Edge Chromium/HTML Based)
CVEs/Advisory: CVE-2020-17048, CVE-2020-17052, CVE-2020-17053, CVE-2020-17054, CVE-2020-17058
Impact: Remote Code Execution
Severity: Critical
KBs: 4586768, 4586781, 4586785, 4586786, 4586787, 4586793, 4586827, 4586830, 4586834, 4586845


Product: ChakraCore
CVEs/Advisory: CVE-2020-17048
Impact: Remote Code Execution
Severity: Critical


Product: Microsoft Exchange Server
CVEs/Advisory: CVE-2020-17083, CVE-2020-17084, CVE-2020-17085
Impact: Remote Code Execution, Denial of Service
Severity: Important
KBs: 4588741


Product: Microsoft Dynamics
CVEs/Advisory: CVE-2020-17006, CVE-2020-17005, CVE-2020-17021, CVE-2020-17018, CVE-2020-17018
Impact: Spoofing.
Severity: Important
KBs: 4577009, 4584611, 4584612


Product: Microsoft Windows Codecs Library
CVEs/Advisory: CVE-2020-17082, CVE-2020-17079, CVE-2020-17107, CVE-2020-17109, CVE-2020-17110, CVE-2020-17108, CVE-2020-17106, CVE-2020-17105, CVE-2020-17102, CVE-2020-17101, CVE-2020-17081, CVE-2020-17086, CVE-2020-17078
Impact: Remote Code Execution, Information Disclosure
Severity: Critical


Product: Azure (Sphere, SDK, and DevOps)
CVEs/Advisory: CVE-2020-1325, CVE-2020-16970, CVE-2020-16981, CVE-2020-16982, CVE-2020-16983, CVE-2020-16984, CVE-2020-16985, CVE-2020-16986, CVE-2020-16987, CVE-2020-16988, CVE-2020-16989, CVE-2020-16990, CVE-2020-16991, CVE-2020-16992, CVE-2020-16993, CVE-2020-16994
Impact: Remote Code Execution, Information Disclosure, Denial of Service, Spoofing, Tampering.
Severity: Critical


Product: Windows Defender
CVEs/Advisory: CVE-2020-17090
Impact: Security Feature Bypass
Severity: Critical
KBs: 4586785


Product: Microsoft Teams
CVEs/Advisory: CVE-2020-17091
Impact: Remote Code Execution
Severity: Important


Product: Visual Studio
CVEs/Advisory: CVE-2020-17023, CVE-2020-17100, CVE-2020-17104
Impact: Remote Code Execution, Spoofing, Tampering
Severity: Important


SanerNow detects these vulnerabilities and automatically fixes them by applying security updates. Download SanerNow and keep your systems updated and secure.

Summary
Article Name
Patch Tuesday: Microsoft Security Bulletin Summary for November 2020
Author
Publisher Name
SecPod Technologies
Publisher Logo

Subscribe For More Posts Like This

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.

Leave a Reply

Your email address will not be published. Required fields are marked *