Skip to content ↓ | Skip to navigation ↓

Tripwire‘s September 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Apple, and various Linux distributions.

Up first on the patch priority list this month is a very high priority vulnerability, which is called “Zerologon” and identified by CVE-2020-1472. It is an elevation of privilege vulnerability that exists due to a flaw in a cryptographic authentication mechanism used by the Netlogon Remote Protocol (MS-NRPC). During the August patch Tuesday patch release, Microsoft released patches for affected operating systems. Note that the recently released Metasploit module targets the Windows operating system. However, various versions of Samba, i.e. within the open source ecosystem, could be vulnerable to this attack (refer to the bugzilla link below) and open source proof-of-concepts are available via Github. Linux vendors such as Fedora, SuSe, and Ubuntu have released advisories and patches for their versions of Samba.

Links for more information:
https://github.com/rapid7/metasploit-framework/pull/14151
https://www.secura.com/blog/zero-logon
https://bugzilla.samba.org/show_bug.cgi?id=14497

Linux Vendor Advisories:
https://admin.fedoraproject.org/updates/FEDORA-2020-77c15664b0
https://admin.fedoraproject.org/updates/FEDORA-2020-0be2776ed3
https://admin.fedoraproject.org/updates/FEDORA-2020-bda96ea273
https://www.suse.com/security/cve/CVE-2020-1472
http://www.ubuntu.com/usn/usn-4510-2
http://www.ubuntu.com/usn/usn-4510-1

Next on the list are two more vulnerabilities that have been recently included within the Metasploit Framework. First is a patch for Microsoft Exchange server (CVE-2020-16875). It is a remote code execution vulnerability that exists due to improper validation of cmdlet arguments. In particular, the vulnerability is a result of improper validation of user-supplied template data when creating a DLP policy. An attacker who successfully exploits the vulnerability can run arbitrary code in the context of the SYSTEM user. More details can be found at https://github.com/rapid7/metasploit-framework/pull/14126. Second is a patch for macOS (CVE-2020-9839). For this patch, a race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Note: The new Metasploit module targets macOS versions <= 10.15.4. Metasploit details can be found at: https://github.com/rapid7/metasploit-framework/pull/13992.

Up next on the patch priority list this month are patches for Microsoft Scripting Engine, Internet Explorer, and Microsoft Browser. These patches resolve 6 vulnerabilities, including elevation of privilege and memory corruption vulnerabilities.

Next on the list are patches for Microsoft Word and Excel, which resolve 7 vulnerabilities including information disclosure and remote code execution vulnerabilities.

Next this month are patches that affect components of the Windows operating systems. These patches resolve more than 70 vulnerabilities, including denial of service, elevation of privilege, information disclosure, remote code execution, and memory corruption vulnerabilities. These vulnerabilities affect Connected User Experiences and Telemetry Service, core Windows, Jet Database Engine, Media, GDI, Shell, Print Spooler, RSoP Service Application, State Repository Service, Storage Services, Diagnostics Hub, Codecs Library, Camera Code, and others.

Up next is are patches for Visual Studio that resolve two remote code execution vulnerabilities.

Finally, administrators should focus on server-side patches. This is a big month for Microsoft servers, which includes patches for Active Directory, Active Directory Federation Services, Windows DNS, Hyper-V, SharePoint, Dynamics, and Windows DHCP. These patches These patches resolve over 30 issues, including cross-site scripting, information disclosure, elevation of privilege, remote code execution, tampering, and spoofing vulnerabilities.

BULLETIN

CVE

Exploit Framework – Metasploit: Zerologon – HIGH PRIORITY PATCH

CVE-2020-1472

Exploit Framework – Metasploit: Microsoft Exchange Server

CVE-2020-16875

Exploit Framework – Metasploit: macOS

CVE-2020-9839

Internet Explorer

CVE-2020-1012, CVE-2020-1506

Microsoft Scripting Engine

CVE-2020-1172, CVE-2020-1057, CVE-2020-1180

Microsoft Browsers

CVE-2020-0878

Microsoft Office

CVE-2020-1224, CVE-2020-1594, CVE-2020-1193, CVE-2020-1335, CVE-2020-1332, CVE-2020-1218, CVE-2020-1338

Microsoft Windows I

CVE-2020-0838, CVE-2020-1115, CVE-2020-1590, CVE-2020-1013, CVE-2020-1507, CVE-2020-0922, CVE-2020-0766, CVE-2020-1146, CVE-2020-0790, CVE-2020-0875, CVE-2020-16879,CVE-2020-0805, CVE-2020-1596, CVE-2020-1471, CVE-2020-0782, CVE-2020-0951, CVE-2020-1159, CVE-2020-1052, CVE-2020-1376, CVE-2020-0912, CVE-2020-1491, CVE-2020-1119, CVE-2020-1532, CVE-2020-1122, CVE-2020-1508, CVE-2020-1593, CVE-2020-0989, CVE-2020-0911, CVE-2020-0648, CVE-2020-1252, CVE-2020-1038

Microsoft Windows II

CVE-2020-1169, CVE-2020-1303, CVE-2020-1098, CVE-2020-0914, CVE-2020-1559, CVE-2020-0886, CVE-2020-0908, CVE-2020-1598, CVE-2020-1130, CVE-2020-1133, CVE-2020-1030, CVE-2020-1129, CVE-2020-1319, CVE-2020-0997, CVE-2020-1074, CVE-2020-1039, CVE-2020-1053, CVE-2020-1308, CVE-2020-1285, CVE-2020-1083, CVE-2020-0921, CVE-2020-1245, CVE-2020-1250, CVE-2020-1256, CVE-2020-0998, CVE-2020-1097, CVE-2020-1091, CVE-2020-1152, CVE-2020-0941, CVE-2020-1034, CVE-2020-0928, CVE-2020-1589, CVE-2020-1592, CVE-2020-1033, CVE-2020-16854,CVE-2020-0870

Visual Studio

CVE-2020-16874, CVE-2020-16856

Active Directory

CVE-2020-0856, CVE-2020-0664, CVE-2020-0761, CVE-2020-0718

Active Directory Federation Services

CVE-2020-0837

Microsoft Windows DNS

CVE-2020-0836, CVE-2020-1228, CVE-2020-0839

Windows Hyper-V

CVE-2020-0904, CVE-2020-0890

Microsoft Office SharePoint

CVE-2020-1345, CVE-2020-1482, CVE-2020-1575, CVE-2020-1227, CVE-2020-1198, CVE-2020-1514, CVE-2020-1210, CVE-2020-1200, CVE-2020-1576, CVE-2020-1595, CVE-2020-1453, CVE-2020-1452, CVE-2020-1460, CVE-2020-1440, CVE-2020-1523, CVE-2020-1205

Microsoft Dynamics

CVE-2020-16872, CVE-2020-16871, CVE-2020-16878, CVE-2020-16861, CVE-2020-16864, CVE-2020-16858, CVE-2020-16859, CVE-2020-16860, CVE-2020-16862

Windows DHCP Server

CVE-2020-1031