Hexafusion Blog

October 2020 Patch Tuesday: Microsoft fixes potentially wormable Windows TCP/IP RCE flaw

patch-tuesday-2020-10-14-111253 Patch Tuesday

Microsoft has plugged 87 security holes, including critical ones in the Windows TCP/IP stack and Microsoft Outlook and Microsoft 365 Apps for Enterprise

Microsoft has released patches for 87 CVE-numbered flaws in a variety of its offerings: 11 critical, 75 important, and one of moderate severity. None of the fixed vulnerabilities are currently being exploited, though six of them were previously publicly known.

 

Microsoft’s updates

Trend Micro Zero Day Initiative’s Dustin Childs has singled out a few that should be addressed quickly:

CVE-2020-16898 – A Windows TCP/IP vulnerability that could be remotely exploited by sending a specially crafted ICMPv6 router advertisement to an affected Windows server or client and could allow code execution. Researchers at McAfee have dubbed the flaw “Bad Neighbor” because it is located within an ICMPv6 Neighbor Discovery “Protocol”, and say that it “could be made wormable”.

“The only good news is that Microsoft’s internal security team unearthed the vulnerabilities, meaning PoC code likely won’t surface until someone reverse engineers the patch and discovers the source of these vulnerabilities,” noted Nicholas Colyer, Senior Product Marketing Manager at Automox.

CVE-2020-16947 – A remote code execution flaw affecting Microsoft Outlook and Microsoft 365 Apps for Enterprise. The flaw can be triggered by a specially crafted file that a target user is convinced/tricked into opening, but also by the user previewing the file via the Preview Pane (i.e., the user does not have to open the email with the attached file in order for the exploit to work).

CVE-2020-16909 – A bug in the Windows Error Reporting (WER) component that could be used by an authenticated attacker to execute arbitrary code with escalated privileges. “Although this CVE is not listed as being publicly exploited, bugs in this component have been reported as being used in the wild in fileless attacks. Regardless, this and the other bugs in the WER component being fixed this month should not be ignored,” Childs pointed out.

Animesh Jain, Vulnerability Signatures Product Manager at Qualys, advises prioritizing Windows Camera Codec, GDI+, Browser, Hyper-V, Outlook, Media Foundation and Graphics components vulnerabilities for workstations.

She also recommends admins to apply the Sharepoint Server updates to patch two RCEs (CVE-2020-16951 and CVE-2020-16952)

Exploitation of these vulnerabilities requires that a user (authenticated attacker) uploads a specially crafted SharePoint application package to an affected version of SharePoint, Microsoft explained, but if they succeed, they could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm.

 

Source: https://www.helpnetsecurity.com/2020/10/13/october-2020-patch-tuesday/

Looking to Improve Your Technology Skills? Look to...
Where Is Your Business Going Next?

By accepting you will be accessing a service provided by a third-party external to https://hexafusion.com/

Customer Login

News & Updates

Hexafusion is proud to announce the launch of our new website at www.hexafusion.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our services for ...

Contact us

Learn more about what Hexafusion can do for your business.

Hexafusion
1008 Cambie Street
Vancouver, British Columbia V6B6J7