Microsoft has rolled out November Patch Tuesday security updates for 112 vulnerabilities in its product line including Windows operating system, Edge browser, and developer tools. Out of these one vulnerability is identified as a zero-day, 17 are classified as critical and 93 are classified as important. The vulnerabilities are in the categories of elevation of privilege, remote code execution, memory corruption vulnerability, spoofing, tampering, and denial of service.
The actively exploited zero-day (CVE-2020-17087) vulnerability is already disclosed by the security researchers at the end of October 2020. This publicly acknowledged zero-day vulnerability exists in the Windows Kernel.
Windows Kernel Local Elevation of Privilege Vulnerability | CVE-2020-17087
This zero-day in Windows Kernel could affect all the operating system versions released after Windows 7 including Server distributions. According to the Common Vulnerability Scoring System (CVSS), this actively exploited vulnerability takes a high impact, when the attacker exploits it against the unpatched systems. Which leads the victim to be tricked by specially crafted application by the adversary and system compromise will be achieved. This active exploit is already disclosed and has proof of concept which makes the probability even high to perform a successful attack against an unpatched system.
- On successful exploitation, the malicious actor can acquire the admin-level privileges, which led to full system compromise. The threat actor can extend his footprint to the network hierarchy if exploited against Windows Server Distribution.
Windows Network File System Information Disclosure Vulnerability | CVE-2020-17056
Information Disclosure vulnerability can be used against the victim’s networks and systems to enumerate the infrastructure behind the implementation of those devices, which leads to the leakage of confidential information such as password hashes, routing information, ARP table records, and files systems. Likewise, this vulnerability targets the Kernel space (High privileged space only accessed by the system itself) to read the memory regions which are prohibited to the unprivileged users.
- On successful exploitation, the attacker can access the private network file system without authorization, which leads to an increase in his reachability and the probability of compromising other systems in the same network.
Raw Image Extension Remote Code Execution Vulnerability | CVE-2020-17078
Raw Image Extensions adds native viewing support for images captured in raw file formats. This app could go unnoticed if an image viewer installs this app to the user’s system from the trusted Microsoft store on behalf of the user. Remote Code Execution (RCE) Vulnerability allows the untrusted commands to be executed in the victim’s device without authentication.
- On successful exploitation, the adversary can take the full privilege to execute their commands remotely including view, modify, delete the local data, while exploited against admin mode, the attacker can create new users and could be able to modify existing user privileges.
Chakra Scripting Engine Memory Corruption Vulnerability | CVE-2020-17054
Remote Code Execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory occupied by Microsoft Edge. This vulnerability is widely known as Chakra Scripting Engine Memory Corruption Vulnerability and exists in the various versions of the Chakra Scripting Engine in the past. ChakraCore is the core component behind Microsoft’s default browsers which resides in all windows systems causes the attack vector to affect many users.
- On successful exploitation, the private memory space of the administrator accounts can take control by the adversary which led the attacker to execute commands with the admin privilege including the creation of new users and deletion of existing users.
Microsoft Security Bulletin Summary for November 2020
- Microsoft Windows
- Microsoft Office and Microsoft Office Services and Web Apps
- Internet Explorer
- Microsoft Edge (EdgeHTML-based)
- Microsoft Edge (Chromium-based)
- Microsoft Exchange Server
- Microsoft Dynamics
- Microsoft Windows Codecs Library
- Azure Sphere
- Windows Defender
- Microsoft Teams
- Azure SDK
- Azure DevOps
- Visual Studio
Product: Microsoft Windows
CVEs/Advisory: CVE-2020-1599, CVE-2020-16997, CVE-2020-16998, CVE-2020-16999, CVE-2020-17000, CVE-2020-17001, CVE-2020-17004, CVE-2020-17007, CVE-2020-17010, CVE-2020-17011, CVE-2020-17012
Impact: Elevation of Privilege, Remote Code Execution, Information Disclosure, Denial of Service, Security Feature Bypass, Spoofing.
KBs: 4586781, 4586785, 4586786, 4586787, 4586793, 4586808, 4586823, 4586830, 4586834, 4586845
Product: Microsoft Office and Microsoft Office Services and Web Apps
CVEs/Advisory: CVE-2020-16979, CVE-2020-17015, CVE-2020-17016, CVE-2020-17017, CVE-2020-17019, CVE-2020-17020, CVE-2020-17060, CVE-2020-17061, CVE-2020-17062, CVE-2020-17063, CVE-2020-17064, CVE-2020-17065, CVE-2020-17066, CVE-2020-17067, CVE-2020-17091
Impact: Remote Code Execution, Information Disclosure, Security Feature Bypass, Spoofing.
KBs: 4484455, 4484508, 4484520, 4484534, 4486706, 4486713, 4486714, 4486717, 4486718, 4486719, 4486722, 4486723, 4486725, 4486727, 4486730, 4486733, 4486734, 4486737, 4486738, 4486740, 4486743, 4486744
Product: Browsers (Internet Explorer, Edge Chromium/HTML Based)
CVEs/Advisory: CVE-2020-17048, CVE-2020-17052, CVE-2020-17053, CVE-2020-17054, CVE-2020-17058
Impact: Remote Code Execution
KBs: 4586768, 4586781, 4586785, 4586786, 4586787, 4586793, 4586827, 4586830, 4586834, 4586845
Impact: Remote Code Execution
Product: Microsoft Windows Codecs Library
CVEs/Advisory: CVE-2020-17082, CVE-2020-17079, CVE-2020-17107, CVE-2020-17109, CVE-2020-17110, CVE-2020-17108, CVE-2020-17106, CVE-2020-17105, CVE-2020-17102, CVE-2020-17101, CVE-2020-17081, CVE-2020-17086, CVE-2020-17078
Impact: Remote Code Execution, Information Disclosure
Product: Azure (Sphere, SDK, and DevOps)
CVEs/Advisory: CVE-2020-1325, CVE-2020-16970, CVE-2020-16981, CVE-2020-16982, CVE-2020-16983, CVE-2020-16984, CVE-2020-16985, CVE-2020-16986, CVE-2020-16987, CVE-2020-16988, CVE-2020-16989, CVE-2020-16990, CVE-2020-16991, CVE-2020-16992, CVE-2020-16993, CVE-2020-16994
Impact: Remote Code Execution, Information Disclosure, Denial of Service, Spoofing, Tampering.
Product: Microsoft Teams
Impact: Remote Code Execution