Microsoft July 2020 Patch Tuesday - Patch Now!
This month we got patches for 123 vulnerabilities. Of these, 17 are critical and 2 were previously disclosed.
Amongst critical vulnerabilities, there is a critical remote code execution (RCE) vulnerability (CVE-2020-1350) affecting Windows DNS Server on multiple Windows Server versions, including 2008, 2012, 2016 and 2019. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account.
The DNS Server vulnerability scores a perfect 10 CVSS and is considered wormable, which means it has the potential to spread via malware vulnerable computers without user interaction. Microsoft advises everyone running DNS servers to apply the security update as soon as possible. For those unable to apply the patch right way, Microsoft recommends the application of a workaround, described on the CVE-2020-1350 vulnerability advisory details. The workarround consists on a registry modification and requires just the service restart - no need to reboot the OS. There is a special guidance for the DNS Server vulnerability including further details about the workaround here: https://support.microsoft.com/en-us/help/4569509/windows-dns-server-remote-code-execution-vulnerability
There is also a critical RCE vulnerability affecting Windows Graphics Device Interface (GDI) (CVE-2020-1435). An attacker could exploit this vulnerability by convincing users to view a specially crafted website or sending them an e-mail attachment with a malicious attachment. The CVSS score for this one is 8.80.
A third RCE worth mentioning in today’s diary affects Hyper-V RemoteFX vGPU (CVE-2020-1036). To exploit this vulnerability, an attacker could run a specially crafted application on a guest operating system, attacking certain third-party video drivers running on the Hyper-V host. This could then cause the host operating system to execute arbitrary code. There is no patch for this vulnerability yet. According to the vulnerability FAQ, If you are running Windows Server 2016 or Windows Server 2019, Microsoft recommends the use of Discrete Device Assignment (DDA) as opposed to RemoteFX vGPU to enable graphics virtualization. For more details, read: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1036
See Renato's dashboard for a more detailed breakout: https://patchtuesdaydashboard.com
Description | |||||||
---|---|---|---|---|---|---|---|
CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) |
.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability | |||||||
CVE-2020-1147 | No | No | More Likely | More Likely | Critical | ||
Azure DevOps Server Cross-site Scripting Vulnerability | |||||||
CVE-2020-1326 | No | No | Less Likely | Less Likely | Important | ||
Bond Denial of Service Vulnerability | |||||||
CVE-2020-1469 | No | No | Less Likely | Less Likely | Important | ||
Connected User Experiences and Telemetry Service Information Disclosure Vulnerability | |||||||
CVE-2020-1386 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
DirectWrite Remote Code Execution Vulnerability | |||||||
CVE-2020-1409 | No | No | Less Likely | Less Likely | Critical | 7.8 | 7.0 |
GDI+ Remote Code Execution Vulnerability | |||||||
CVE-2020-1435 | No | No | Less Likely | Less Likely | Critical | 8.8 | 7.9 |
Group Policy Services Policy Processing Elevation of Privilege Vulnerability | |||||||
CVE-2020-1333 | No | No | Less Likely | Less Likely | Important | 6.7 | 6.0 |
Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability | |||||||
CVE-2020-1032 | No | No | Less Likely | Less Likely | Critical | 8.0 | 7.6 |
CVE-2020-1036 | No | No | Less Likely | Less Likely | Critical | 8.0 | 7.6 |
CVE-2020-1040 | No | No | Less Likely | Less Likely | Critical | 8.0 | 7.6 |
CVE-2020-1041 | No | No | Less Likely | Less Likely | Critical | 8.0 | 7.6 |
CVE-2020-1043 | No | No | Less Likely | Less Likely | Critical | 8.0 | 7.6 |
CVE-2020-1042 | No | No | Less Likely | Less Likely | Critical | 8.0 | 7.6 |
Jet Database Engine Remote Code Execution Vulnerability | |||||||
CVE-2020-1400 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1401 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1407 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
LNK Remote Code Execution Vulnerability | |||||||
CVE-2020-1421 | No | No | Less Likely | Less Likely | Critical | 7.5 | 6.7 |
Local Security Authority Subsystem Service Denial of Service Vulnerability | |||||||
CVE-2020-1267 | No | No | Less Likely | Less Likely | Important | 4.9 | 4.4 |
Microsoft Defender Elevation of Privilege Vulnerability | |||||||
CVE-2020-1461 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Microsoft Edge PDF Information Disclosure Vulnerability | |||||||
CVE-2020-1433 | No | No | Less Likely | Less Likely | Important | 4.3 | 3.9 |
Microsoft Excel Remote Code Execution Vulnerability | |||||||
CVE-2020-1240 | No | No | Less Likely | Less Likely | Important | ||
Microsoft Graphics Component Information Disclosure Vulnerability | |||||||
CVE-2020-1351 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
Microsoft Graphics Components Remote Code Execution Vulnerability | |||||||
CVE-2020-1412 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.7 |
Microsoft Graphics Remote Code Execution Vulnerability | |||||||
CVE-2020-1408 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.9 |
Microsoft Guidance for Enabling Request Smuggling Filter on IIS Servers | |||||||
ADV200008 | No | No | Less Likely | Less Likely | Important | ||
Microsoft Office Elevation of Privilege Vulnerability | |||||||
CVE-2020-1025 | No | No | Less Likely | Less Likely | Critical | ||
Microsoft Office Information Disclosure Vulnerability | |||||||
CVE-2020-1342 | No | No | Less Likely | Less Likely | Important | ||
CVE-2020-1445 | No | No | Less Likely | Less Likely | Important | ||
Microsoft Office Remote Code Execution Vulnerability | |||||||
CVE-2020-1458 | No | No | Less Likely | Less Likely | Important | ||
Microsoft Office SharePoint XSS Vulnerability | |||||||
CVE-2020-1456 | No | No | Less Likely | Less Likely | Important | ||
CVE-2020-1450 | No | No | Less Likely | Less Likely | Important | ||
CVE-2020-1451 | No | No | Less Likely | Less Likely | Important | ||
Microsoft OneDrive Elevation of Privilege Vulnerability | |||||||
CVE-2020-1465 | No | No | Less Likely | Less Likely | Important | ||
Microsoft Outlook Remote Code Execution Vulnerability | |||||||
CVE-2020-1349 | No | No | Less Likely | Less Likely | Critical | ||
Microsoft Project Remote Code Execution Vulnerability | |||||||
CVE-2020-1449 | No | No | Less Likely | Less Likely | Important | ||
Microsoft SharePoint Reflective XSS Vulnerability | |||||||
CVE-2020-1454 | No | No | Less Likely | Less Likely | Important | ||
Microsoft SharePoint Remote Code Execution Vulnerability | |||||||
CVE-2020-1444 | No | No | Less Likely | Less Likely | Important | ||
Microsoft SharePoint Spoofing Vulnerability | |||||||
CVE-2020-1443 | No | No | Less Likely | Less Likely | Important | ||
Microsoft Word Remote Code Execution Vulnerability | |||||||
CVE-2020-1446 | No | No | Less Likely | Less Likely | Important | ||
CVE-2020-1447 | No | No | Less Likely | Less Likely | Important | ||
CVE-2020-1448 | No | No | Less Likely | Less Likely | Important | ||
Office Web Apps XSS Vulnerability | |||||||
CVE-2020-1442 | No | No | Less Likely | Less Likely | Important | ||
PerformancePoint Services Remote Code Execution Vulnerability | |||||||
CVE-2020-1439 | No | No | Less Likely | Less Likely | Critical | ||
Remote Desktop Client Remote Code Execution Vulnerability | |||||||
CVE-2020-1374 | No | No | More Likely | More Likely | Critical | 7.5 | 6.7 |
Skype for Business via Internet Explorer Information Disclosure Vulnerability | |||||||
CVE-2020-1432 | No | No | Less Likely | Less Likely | Important | 2.4 | 2.2 |
Skype for Business via Microsoft Edge (EdgeHTML-based) Information Disclosure Vulnerability | |||||||
CVE-2020-1462 | No | No | Less Likely | Less Likely | Important | 4.3 | 3.9 |
VBScript Remote Code Execution Vulnerability | |||||||
CVE-2020-1403 | No | No | More Likely | More Likely | Critical | 6.4 | 5.8 |
Visual Studio Code ESLint Extention Remote Code Execution Vulnerability | |||||||
CVE-2020-1481 | No | No | Less Likely | Less Likely | Important | ||
Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability | |||||||
CVE-2020-1416 | No | No | Less Likely | Less Likely | Important | ||
Windows ALPC Elevation of Privilege Vulnerability | |||||||
CVE-2020-1396 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows ActiveX Installer Service Elevation of Privilege Vulnerability | |||||||
CVE-2020-1402 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Address Book Remote Code Execution Vulnerability | |||||||
CVE-2020-1410 | No | No | Less Likely | Less Likely | Critical | 7.8 | 7.0 |
Windows Agent Activation Runtime Information Disclosure Vulnerability | |||||||
CVE-2020-1391 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
Windows AppX Deployment Extensions Elevation of Privilege Vulnerability | |||||||
CVE-2020-1431 | No | No | Less Likely | Less Likely | Important | 7.1 | 6.4 |
Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | |||||||
CVE-2020-1359 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1384 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.3 |
Windows COM Server Elevation of Privilege Vulnerability | |||||||
CVE-2020-1375 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Credential Enrollment Manager Service Elevation of Privilege Vulnerability | |||||||
CVE-2020-1368 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Credential Picker Elevation of Privilege Vulnerability | |||||||
CVE-2020-1385 | No | No | Less Likely | Less Likely | Important | 4.5 | 4.1 |
Windows DNS Server Remote Code Execution Vulnerability | |||||||
CVE-2020-1350 | No | No | More Likely | More Likely | Critical | 10.0 | 9.0 |
Windows Diagnostics Hub Elevation of Privilege Vulnerability | |||||||
CVE-2020-1418 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1393 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Elevation of Privilege Vulnerability | |||||||
CVE-2020-1388 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.3 |
CVE-2020-1392 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1394 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1395 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Error Reporting Information Disclosure Vulnerability | |||||||
CVE-2020-1420 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
Windows Error Reporting Manager Elevation of Privilege Vulnerability | |||||||
CVE-2020-1429 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.3 |
Windows Event Logging Service Elevation of Privilege Vulnerability | |||||||
CVE-2020-1365 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1371 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Font Driver Host Remote Code Execution Vulnerability | |||||||
CVE-2020-1355 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Font Library Remote Code Execution Vulnerability | |||||||
CVE-2020-1436 | No | No | Less Likely | Less Likely | Critical | 8.8 | 7.9 |
Windows Function Discovery Service Elevation of Privilege Vulnerability | |||||||
CVE-2020-1085 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows GDI Information Disclosure Vulnerability | |||||||
CVE-2020-1468 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
Windows Graphics Component Elevation of Privilege Vulnerability | |||||||
CVE-2020-1381 | No | No | More Likely | More Likely | Important | 7.8 | 7.0 |
CVE-2020-1382 | No | No | More Likely | More Likely | Important | 7.8 | 7.0 |
Windows Imaging Component Information Disclosure Vulnerability | |||||||
CVE-2020-1397 | No | No | Less Likely | Less Likely | Important | 4.3 | 3.9 |
Windows Kernel Elevation of Privilege Vulnerability | |||||||
CVE-2020-1336 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1411 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Kernel Information Disclosure Vulnerability | |||||||
CVE-2020-1419 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
CVE-2020-1367 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
CVE-2020-1389 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
CVE-2020-1426 | No | No | More Likely | More Likely | Important | 5.5 | 5.0 |
Windows Lockscreen Elevation of Privilege Vulnerability | |||||||
CVE-2020-1398 | No | No | Less Likely | Less Likely | Important | 6.8 | 6.1 |
Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability | |||||||
CVE-2020-1372 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1405 | No | No | Less Likely | Less Likely | Important | 7.1 | 6.4 |
Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability | |||||||
CVE-2020-1330 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
Windows Modules Installer Elevation of Privilege Vulnerability | |||||||
CVE-2020-1346 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Network Connections Service Elevation of Privilege Vulnerability | |||||||
CVE-2020-1373 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1390 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1427 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.3 |
CVE-2020-1428 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.3 |
CVE-2020-1438 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.3 |
Windows Network List Service Elevation of Privilege Vulnerability | |||||||
CVE-2020-1406 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.3 |
Windows Network Location Awareness Service Elevation of Privilege Vulnerability | |||||||
CVE-2020-1437 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.3 |
Windows Picker Platform Elevation of Privilege Vulnerability | |||||||
CVE-2020-1363 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Print Workflow Service Elevation of Privilege Vulnerability | |||||||
CVE-2020-1366 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.3 |
Windows Profile Service Elevation of Privilege Vulnerability | |||||||
CVE-2020-1360 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Push Notification Service Elevation of Privilege Vulnerability | |||||||
CVE-2020-1387 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.3 |
Windows Resource Policy Information Disclosure Vulnerability | |||||||
CVE-2020-1358 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
Windows Runtime Elevation of Privilege Vulnerability | |||||||
CVE-2020-1422 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1353 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1370 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1399 | No | No | More Likely | More Likely | Important | 7.8 | 7.0 |
CVE-2020-1404 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1413 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1414 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1415 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1249 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows SharedStream Library Elevation of Privilege Vulnerability | |||||||
CVE-2020-1463 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Storage Services Elevation of Privilege Vulnerability | |||||||
CVE-2020-1347 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Subsystem for Linux Elevation of Privilege Vulnerability | |||||||
CVE-2020-1423 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Sync Host Service Elevation of Privilege Vulnerability | |||||||
CVE-2020-1434 | No | No | Less Likely | Less Likely | Important | 4.5 | 4.1 |
Windows System Events Broker Elevation of Privilege Vulnerability | |||||||
CVE-2020-1357 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows UPnP Device Host Elevation of Privilege Vulnerability | |||||||
CVE-2020-1354 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1430 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows USO Core Worker Elevation of Privilege Vulnerability | |||||||
CVE-2020-1352 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Update Stack Elevation of Privilege Vulnerability | |||||||
CVE-2020-1424 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows WalletService Denial of Service Vulnerability | |||||||
CVE-2020-1364 | No | No | Less Likely | Less Likely | Important | 7.1 | 6.4 |
Windows WalletService Elevation of Privilege Vulnerability | |||||||
CVE-2020-1344 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1362 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1369 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows WalletService Information Disclosure Vulnerability | |||||||
CVE-2020-1361 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
Windows iSCSI Target Service Elevation of Privilege Vulnerability | |||||||
CVE-2020-1356 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
--
Renato Marinho
Morphus Labs| LinkedIn|Twitter
Comments