Critical Patches Issued for Microsoft Products, August 11, 2020

ITS ADVISORY NUMBER: 

2020-113 - UPDATED

DATE(S) ISSUED: 

Tuesday, August 11, 2020

DATE UPDATED: 

Monday, September 21, 2020

SUBJECT: 

Critical Patches Issued for Microsoft Products, August 11, 2020

OVERVIEW: 

Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

ORIGINAL THREAT INTELLIGENCE:

There are no reports of these vulnerabilities being exploited in the wild.

August 13 - UPDATED THREAT INTELLIGENCE:

Critical vulnerability CVE-2020-1380 included in this roll up addresses a vulnerability in the way that the scripting engine handles objects in memory in Internet Explorer. Successful exploitation of this vulnerability could allow an attacker to gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. Microsoft has confirmed CVE-2020-1380 is being actively exploited in the wild.

September 15 - UPDATED THREAT INTELLIGENCE:

Critical vulnerability CVE-2020-1472 remediated in this roll up addresses a vulnerability in Microsoft's Netlogon authentication process which enables authentication bypass within a domain environment. Secura has released a publicly available Proof-Of-Concept for this vulnerability.

September 21 - UPDATED THREAT INTELLIGENCE:

The Cybersecurity and Infrastructure Security Agency (CISA) has released Emergency Directive (ED) 20-04 addressing critical vulnerability CVE-2020-1472 affecting the Microsoft Windows Netlogon Remote Protocol. An unauthenticated attacker with network access to a domain controller could exploit this vulnerability to compromise all Active Directory identity services.

ED 20-04 applies to Executive Branch departments and agencies; however, CISA strongly recommends state and local governments, the private sector, and others patch this critical vulnerability as soon as possible. For more information, review the resources found at the links provided in the "September 21 - UPDATED REFERENCES" section of this advisory.

SYSTEMS AFFECTED: 

  • Microsoft Windows
  • Microsoft Edge (EdgeHTML-based)
  • Microsoft Edge (Chromium-based) in IE Mode
  • Microsoft ChakraCore
  • Internet Explorer
  • Microsoft Scripting Engine
  • SQL Server
  • Microsoft JET Database Engine
  • .NET Framework
  • ASP .NET Core
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Microsoft Windows Codecs Library
  • Microsoft Dynamics

RISK:

Government:

Large and medium government entities: High

Small government entities: Medium

Business:

Large and medium business entities: High

Small business entities: Medium

Home Users: Low

 

DESCRIPTION: 

Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution.

A full list of all vulnerabilities can be found at the links provided in reference portion of this advisory.

Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

ACTIONS: 

  • After appropriate testing, immediately apply updates provided by Microsoft to vulnerable systems.
  • Run all software as a non-privileged user (one without administrative rights) to diminish the effects of a successful attack.
  • Remind all users not to visit untrusted websites or follow links provided by unknown or untrusted sources.
  • Inform and educate users regarding threats posed by hypertext links contained in emails or attachments especially from untrusted sources.
  • Apply the Principle of Least Privilege to all systems and services.

REFERENCES: 

Microsoft:
https://portal.msrc.microsoft.com/en-us/security-guidance
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedet...

August 13 - UPDATED REFERENCES:
US-CERT:
https://us-cert.cisa.gov/ncas/current-activity/2020/08/11/microsoft-addr...

September 15 - UPDATED REFERENCES:
Github:
https://github.com/SecuraBV/CVE-2020-1472

Secura:
https://www.secura.com/blog/zero-logon

September 21 - UPDATED REFERENCES:
CISA:
https://cyber.dhs.gov/ed/20-04/

US-CERT:
https://us-cert.cisa.gov/ncas/current-activity/2020/09/14/exploit-netlog...

Carnegie Mellon University:
https://www.kb.cert.org/vuls/id/490028

Microsoft:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2...
https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-chang...