Microsoft Security Bulletin Summary for September 2020

Microsoft has released September Patch Tuesday security updates with a total release of 129 vulnerabilities, In which 23 are classified as Critical with Remote Code Execution(RCE) 105 are classified as important and 1 is classified as moderate that reside in the Microsoft Windows, Microsoft Exchange Server, Internet Explorer (IE), Microsoft Edge (EdgeHTML-based and Chromium-based in IE Mode), ChakraCore, Visual Studio, Microsoft OneDrive, etc.

No zero-day vulnerabilities are reported and the bugs being patched were not publicly known or under active attack at the time of release.


Interesting Vulnerabilities :

Visual Studio Remote Code Execution Vulnerability | CVE-2020-16874 :
A Remote Code Execution(RCE) Vulnerability exists in Visual Studio, Manipulation with an unknown input leads to memory corruption. This vulnerability exists in multiple versions of Visual Studio dating back to 2012. To exploit the same, An Attacker has to convince the user to open a specially crafted file using an affected version of the software.

  • Successful exploitation of the vulnerability could run arbitrary code in the context of the current user and gain the ability to install programs; view, change, or delete data; or create new accounts with full user rights. Users with administrative rights are highly impacted as compared to users having fewer rights.

Microsoft Exchange Server Remote Code Execution Vulnerability | CVE-2020-16875 :
A Remote Code Execution(RCE) vulnerability exists in Microsoft Exchange Server when it fails to properly validate cmdlet arguments. To exploit the vulnerability, an attacker can send a specially crafted email to the vulnerable Microsoft Exchange Server which will lead to memory corruption. Exploitation requires an authenticated user in a certain Exchange role to be compromised.

  • Successful exploitation of the vulnerability could allow an attacker to execute code as SYSTEM. It is likely to see this one in the wild soon.

Microsoft SharePoint Remote Code Execution Vulnerability | CVE-2020-1210 :
A Remote Code Execution(RCE) vulnerability exists in Microsoft SharePoint due to failure to check the source markup of an application package. To exploit this vulnerability, an attacker needs to be able to upload a SharePoint Application package to a vulnerable SharePoint.

  • Successful exploitation of the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint Server farm account.

GDI+ Remote Code Execution Vulnerability | CVE-2020-1285 :
A Remote Code Execution(RCE) vulnerability exists in Windows Graphic Device Interface due to failure in handling the objects in memory. There are two attack scenarios by which vulnerability can be exploited.

  • In a web-based attack scenario, An attacker can host a website that is specially designed to exploit this vulnerability and then convince users to visit the website. An attacker can not force a user to view an attacker-controlled site. Instead, An attacker has to trick the user to take action by getting them to open an email attachment or click a link.
  • In a file-sharing attack scenario, An attacker has to trick a user to open a specially crafted file designed to exploit the vulnerability.
  • Successful exploitation of the vulnerability could run arbitrary code and gains the ability to install programs; view, change, or delete data; or create new accounts with full user rights.

Microsoft Windows Codecs Library Remote Code Execution Vulnerability | CVE-2020-1129 :
A Remote Code Execution(RCE) Vulnerability exists in Microsoft Windows Codecs Library which is used by multiple applications and can affect a wide range of programs. The flaw exists within the parsing of HEVC streams, A crafted HEVC stream in a file can trigger an overflow of a fixed-length stack-based buffer. To exploit the vulnerability, An attacker has to trick the affected user to view a specially crafted image.

  • Successful exploitation of the vulnerability could run the code on the affected system and could also obtain the information to further compromise the target.

Microsoft Security Bulletin Summary for September 2020:

  • Microsoft Windows
  • Microsoft Edge (EdgeHTML-based)
  • Microsoft ChakraCore
  • Internet Explorer
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Visual Studio
  • Microsoft Dynamics
  • Microsoft Exchange Server
  • SQL Server
  • ASP.NET

Product: Microsoft Windows
CVEs/Advisory: CVE-2020-0908, CVE-2020-0922, CVE-2020-0997, CVE-2020-1129, CVE-2020-1252, CVE-2020-1285, CVE-2020-1319, CVE-2020-1508, CVE-2020-1593
Impact: Denial of Service, Elevation of Privilege, Information Disclosure, Remote Code Execution, Security Feature Bypass, Spoofing
Severity: Critical
KBs: 4570333, 4571756, 4574727, 4577015, 4577032, 4577038, 4577041, 4577048, 4577049, 4577066, 4577071


Product: Microsoft Edge (EdgeHTML-based)
CVEs/Advisory: CVE-2020-0878, CVE-2020-1057, CVE-2020-1172
Impact: Elevation of Privilege, Remote Code Execution, Spoofing, Information Disclosure
Severity: Critical
KBs: 4570333,4571756,4574727,4577015,4577032,4577041,4577049


Product: ChakraCore
CVEs/Advisory: CVE-2020-0878, CVE-2020-1057, CVE-2020-1172
Impact: Remote Code Execution
Severity: Critical


Product: Internet Explorer
CVEs/Advisory: CVE-2020-0878
Impact: Remote Code Execution
Severity: Critical
KBs: 4570333, 4571756, 4574727, 4577010, 4577015, 4577032, 4577041, 4577049, 4577051, 4577066


Product: Microsoft Office and Apps
CVEs/Advisory: CVE-2020-1200, CVE-2020-1210, CVE-2020-1452, CVE-2020-1453, CVE-2020-1460, CVE-2020-1576, CVE-2020-1595
Impact: Information Disclosure, Remote Code Execution, Spoofing
Severity: Critical
KBs: 3101523, 4484480, 4484488, 4484504, 4484505, 4484506, 4484512, 4484515, 4484525, 4486664, 4486667


Product: Visual Studio Code
CVEs/Advisory: CVE-2020-16881
Impact: Remote Code Execution
Severity: Important


Product: Microsoft Dynamics
CVEs/Advisory: CVE-2020-16862, CVE-2020-16857, CVE-2020-16860
Impact: Spoofing
Severity: Critical
KBs: 4574742


Product: ASP .NET
CVEs/Advisory: CVE-2020-1045
Impact: Security Feature Bypass
Severity: Important


Product: SQL Server
CVEs/Advisory: CVE-2020-1044
Impact: Security Feature Bypass
Severity: Moderate


Product: Microsoft Exchange Server
CVEs/Advisory: CVE-2020-16875
Impact: Remote Code Execution
Severity: Critical
KBs: 4577352


SanerNow detects this vulnerability and automatically fixes it by applying security updates. Download SanerNow and keep your systems updated and secure.


 

Subscribe For Latest Updates

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.
Summary
Author
Publisher Name
SecPod Technologies
Publisher Logo

Leave a Reply

Your email address will not be published. Required fields are marked *