바로가기

Security Alert



Alert: – Microsoft Products Critical Patches, issued – September 08, 2020 2020-09-18

Background:
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. This months security s include patches to fix a total of 129 new security vulnerabilities in Windows operating systems and related software, include 23 critical vulnerabilities—all leading to remote code execution attacks—and 105 classified as important, and 1 is moderate in severity, mostly leading to privilege escalation and spoofing attacks.
CVE                   Title                                         Severity          Type
CVE-2020-1285   GDI+ Remote Code Execution Vulnerability       Critical       RCE
CVE-2020-0878   Microsoft Browser Memory Corruption Vulnerability       Critical       RCE
CVE-2020-0922   Microsoft COM for Windows Remote Code Execution Vulnerability       Critical       RCE
CVE-2020-16862   Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability Critical       RCE
CVE-2020-1453   Microsoft SharePoint Remote Code Execution Vulnerability Critical       RCE
CVE-2020-1576   Microsoft SharePoint Remote Code Execution Vulnerability Critical       RCE
CVE-2020-1595   Microsoft SharePoint Remote Code Execution Vulnerability Critical       RCE
CVE-2020-1460   Microsoft SharePoint Server Remote Code Execution Vulnerability Critical       RCE
CVE-2020-1129   Microsoft Windows Codecs Library Remote Code Execution Vulnerability       Critical       RCE
CVE-2020-1319   Microsoft Windows Codecs Library Remote Code Execution Vulnerability       Critical       RCE
CVE-2020-1057   Scripting Engine Memory Corruption Vulnerability       Critical       RCE
CVE-2020-1172   Scripting Engine Memory Corruption Vulnerability       Critical       RCE
CVE-2020-16874   Visual Studio Remote Code Execution Vulnerability       Critical       RCE
CVE-2020-0997   Windows Camera Codec Pack Remote Code Execution Vulnerability       Critical       RCE
CVE-2020-16884   Internet Explorer Browser Helper Object (BHO) Memory Corruption Vulnerability       Important       RCE
CVE-2020-1039   Jet Database Engine Remote Code Execution Vulnerability       Important       RCE
CVE-2020-1074   Jet Database Engine Remote Code Execution Vulnerability       Important       RCE
CVE-2020-1045     Microsoft ASP.NET Core Security Feature Bypass Vulnerability       Important       SFB
CVE-2020-1345   Microsoft Office SharePoint XSS Vulnerability       Important       XSS
CVE-2020-1482   Microsoft Office SharePoint XSS Vulnerability       Important       XSS
CVE-2020-1514   Microsoft Office SharePoint XSS Vulnerability       Important       XSS
CVE-2020-1575   Microsoft Office SharePoint XSS Vulnerability       Important       XSS
CVE-2020-1440   Microsoft SharePoint Server Tampering Vulnerability       Important       Tampering
CVE-2020-1523   Microsoft SharePoint Server Tampering Vulnerability       Important       Tampering
CVE-2020-1205   Microsoft SharePoint Spoofing Vulnerability       Important       Spoofing
CVE-2020-0790   Microsoft splwow64 Elevation of Privilege Vulnerability       Important       EoP
CVE-2020-0875   Microsoft splwow64 Information Disclosure Vulnerability       Important       Info
CVE-2020-0766   Microsoft Store Runtime Elevation of Privilege Vulnerability       Important       EoP
CVE-2020-1146   Microsoft Store Runtime Elevation of Privilege Vulnerability       Important       EoP
CVE-2020-1218   Microsoft Word Remote Code Execution Vulnerability       Important       RCE
CVE-2020-1338   Microsoft Word Remote Code Execution Vulnerability       Important       RCE
CVE-2020-0838   NTFS Elevation of Privilege Vulnerability       Important       EoP
CVE-2020-16851   OneDrive for Windows Elevation of Privilege Vulnerability       Important       EoP
CVE-2020-16852   OneDrive for Windows Elevation of Privilege Vulnerability       Important       EoP
CVE-2020-1031   Windows DHCP Server Information Disclosure Vulnerability       Important       Info
CVE-2020-0836   Windows DNS Denial of Service Vulnerability       Important       DoS
CVE-2020-1228   Windows DNS Denial of Service Vulnerability       Important       DoS
CVE-2020-0839   Windows dnsrslvr.dll Elevation of Privilege Vulnerability       Important       EoP
CVE-2020-0912   Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability       Important       EoP
CVE-2020-1256   Windows GDI Information Disclosure Vulnerability       Important       Info
CVE-2020-0998   Windows Graphics Component Elevation of Privilege Vulnerability       Important       EoP
CVE-2020-1091   Windows Graphics Component Information Disclosure Vulnerability       Important       Info
CVE-2020-1097   Windows Graphics Component Information Disclosure Vulnerability       Important       Info
CVE-2020-0890   Windows Hyper-V Denial of Service Vulnerability       Important       DoS
CVE-2020-1169   Windows Runtime Elevation of Privilege Vulnerability       Important       EoP
CVE-2020-1303   Windows Runtime Elevation of Privilege Vulnerability       Important       EoP
Microsoft has confirmed that all these zero-day critical vulnerabilities are being actively exploited in the wild and it’s realized that these days of covid-19 pandemic, cyber actors are actively targeting unpatched systems with the proof of concept (PoC)

In a nutshell, your Windows computer can be hacked if you:
• Play a video file
• Listen to audio
• Browser a website using Internet Explorer
• Edit an HTML page
• Read a PDF document
• Receive an email message
Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs view, change, or data or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights

Vulnerable or affected systems:
• Microsoft Windows
• Microsoft Edge (EdgeHTML-based)
• Microsoft Edge (Chromium-based)
• Microsoft ChakraCore
• Internet Explorer
• SQL Server
• Microsoft JET Database Engine
• Microsoft Office and Microsoft Office Services and Web Apps
• Microsoft Dynamics
• Microsoft Visual Studio 2015, 2017, 2019
• Microsoft Exchange Server
• Microsoft SQL Server
• ASP.NET
• Microsoft OneDrive
• Azure DevOps

Solution (Recommendations):

Rw-CSIRT is strongly recommending users and IT administrators to to:
• Apply the latest security patches as soon as possible to prevent malware and attackers from exploiting and gain complete remote control over their vulnerable computers. (For installing the latest security s, once connected to internet Windows users can click on the Start Menu > Settings > Update & Security > Windows Update, or by ing Check for Windows s)
• Run all software as a non-privileged user (one without administrative rights) to diminish the effects of a successful attack. Do not run software “as Administrator” option if not necessary.
• Remind all users not to visit untrusted websites or follow links provided by unknown or untrusted sources.
• Inform and educate users regarding threats posed by hypertext links contained in emails or attachments especially from untrusted sources
• Apply the Principle of Least Privilege to all systems and services.

Affected users should: contact NCSA/RW-CSIRT: Call 4045 or write to security@risa.gov.rw

The reference of a full list of all vulnerabilities can be found at the links below::
https://portal.msrc.microsoft.com/en-us/security-guidance
https://thehackernews.com/2020/09/patch-tuesday-september.html
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Sep
- Previous Alert – New Exim Mail Transfer Agent Vulnerability
- Next Alert: – Medical Advisory on OpenClinic GA Software Vulnerabilities.
list