Microsoft November 2020 Patch Tuesday
This month we got patches for 112 vulnerabilities. Of these, 17 are critical and one was previously disclosed and is already being exploited according to Microsoft.
Amongst critical vulnerabilities, there is a CVSSv3 9.8 remote code execution in Windows Network File System (CVE-2020-17051). There are no details regarding the vulnerable component neither how the vulnerability could be exploited. The vulnerability affects virtually all supported Windows versions and is classified by Microsoft as ‘Exploitation More Likely’ which means that an exploit could be created in such a way that an attacker could consistently exploit this vulnerability.
The exploited and already disclosed one is a Windows Kernel Local Elevation of Privilege vulnerability (CVE-2020-17087). This vulnerability has been chained with Google Chrome CVE-2020-15999 to perform privilege escalation and gain administrator access to a system. More details about this vulnerability can be found at [1].
A third vulnerability worth mentioning here is remote code execution (RCE) in Microsoft Sharepoint (CVE-2020-17061). According to the advisory, it requires no user interaction and is classified as ‘Exploitation More Likely’.
See Renato's dashboard for a more detailed breakout: https://patchtuesdaydashboard.com
Description | |||||||
---|---|---|---|---|---|---|---|
CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) |
AV1 Video Extension Remote Code Execution Vulnerability | |||||||
CVE-2020-17105 | No | No | Less Likely | Less Likely | Critical | 7.8 | 6.8 |
Azure DevOps Server and Team Foundation Services Spoofing Vulnerability | |||||||
CVE-2020-1325 | No | No | Less Likely | Less Likely | Important | 5.4 | 4.7 |
Azure Sphere Denial of Service Vulnerability | |||||||
CVE-2020-16986 | No | No | Less Likely | Less Likely | Important | 6.2 | 5.4 |
Azure Sphere Elevation of Privilege Vulnerability | |||||||
CVE-2020-16981 | No | No | Less Likely | Less Likely | Important | 6.1 | 5.3 |
CVE-2020-16988 | No | No | Less Likely | Less Likely | Critical | 6.9 | 6.0 |
CVE-2020-16989 | No | No | Less Likely | Less Likely | Important | 5.4 | 4.7 |
CVE-2020-16992 | No | No | Less Likely | Less Likely | Important | 7.5 | 7.5 |
CVE-2020-16993 | No | No | Less Likely | Less Likely | Important | 5.4 | 4.7 |
Azure Sphere Information Disclosure Vulnerability | |||||||
CVE-2020-16985 | No | No | Less Likely | Less Likely | Important | 6.2 | 5.4 |
CVE-2020-16990 | No | No | Less Likely | Less Likely | Important | 6.2 | 5.4 |
Azure Sphere Tampering Vulnerability | |||||||
CVE-2020-16983 | No | No | Less Likely | Less Likely | Important | 5.7 | 5.0 |
Azure Sphere Unsigned Code Execution Vulnerability | |||||||
CVE-2020-16970 | No | No | Less Likely | Less Likely | Important | 8.1 | 7.1 |
CVE-2020-16982 | No | No | Less Likely | Less Likely | Important | 6.1 | 5.3 |
CVE-2020-16984 | No | No | Less Likely | Less Likely | Important | 6.2 | 5.4 |
CVE-2020-16987 | No | No | Less Likely | Less Likely | Important | 6.2 | 5.4 |
CVE-2020-16991 | No | No | Less Likely | Less Likely | Important | 6.2 | 5.4 |
CVE-2020-16994 | No | No | Less Likely | Less Likely | Important | 6.2 | 5.4 |
Chakra Scripting Engine Memory Corruption Vulnerability | |||||||
CVE-2020-17048 | No | No | Less Likely | Less Likely | Critical | 4.2 | 3.8 |
CVE-2020-17054 | No | No | Less Likely | Less Likely | Important | 4.2 | 3.7 |
DirectX Elevation of Privilege Vulnerability | |||||||
CVE-2020-16998 | No | No | More Likely | More Likely | Important | 7.0 | 6.1 |
HEIF Image Extensions Remote Code Execution Vulnerability | |||||||
CVE-2020-17101 | No | No | Less Likely | Less Likely | Critical | 7.8 | 6.8 |
HEVC Video Extensions Remote Code Execution Vulnerability | |||||||
CVE-2020-17106 | No | No | Less Likely | Less Likely | Critical | 7.8 | 6.8 |
CVE-2020-17107 | No | No | Less Likely | Less Likely | Critical | 7.8 | 6.8 |
CVE-2020-17108 | No | No | Less Likely | Less Likely | Critical | 7.8 | 6.8 |
CVE-2020-17109 | No | No | Less Likely | Less Likely | Critical | 7.8 | 6.8 |
CVE-2020-17110 | No | No | Less Likely | Less Likely | Critical | 7.8 | 6.8 |
Internet Explorer Memory Corruption Vulnerability | |||||||
CVE-2020-17053 | No | No | More Likely | More Likely | Critical | 7.5 | 6.7 |
Kerberos Security Feature Bypass Vulnerability | |||||||
CVE-2020-17049 | No | No | Less Likely | Less Likely | Important | 6.6 | 5.8 |
Microsoft Browser Memory Corruption Vulnerability | |||||||
CVE-2020-17058 | No | No | Less Likely | Less Likely | Critical | 7.5 | 6.7 |
Microsoft Defender for Endpoint Security Feature Bypass Vulnerability | |||||||
CVE-2020-17090 | No | No | Less Likely | Less Likely | Important | 5.3 | 4.6 |
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||||
CVE-2020-17005 | No | No | - | - | Important | 5.4 | 4.7 |
CVE-2020-17006 | No | No | Less Likely | Less Likely | Important | 5.4 | 4.7 |
CVE-2020-17018 | No | No | Less Likely | Less Likely | Important | 5.4 | 4.7 |
CVE-2020-17021 | No | No | Less Likely | Less Likely | Important | 5.4 | 4.7 |
Microsoft Excel Remote Code Execution Vulnerability | |||||||
CVE-2020-17019 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
CVE-2020-17064 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
CVE-2020-17065 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
CVE-2020-17066 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Microsoft Excel Security Feature Bypass Vulnerability | |||||||
CVE-2020-17067 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Microsoft Exchange Server Denial of Service Vulnerability | |||||||
CVE-2020-17085 | No | No | Less Likely | Less Likely | Important | 6.2 | 5.4 |
Microsoft Exchange Server Remote Code Execution Vulnerability | |||||||
CVE-2020-17083 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
CVE-2020-17084 | No | No | Less Likely | Less Likely | Important | 8.5 | 7.4 |
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | |||||||
CVE-2020-17062 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Microsoft Office Online Spoofing Vulnerability | |||||||
CVE-2020-17063 | No | No | Less Likely | Less Likely | Important | 6.8 | 5.9 |
Microsoft Raw Image Extension Information Disclosure Vulnerability | |||||||
CVE-2020-17081 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
Microsoft SharePoint Information Disclosure Vulnerability | |||||||
CVE-2020-16979 | No | No | Less Likely | Less Likely | Important | 5.3 | 4.6 |
CVE-2020-17017 | No | No | Less Likely | Less Likely | Important | 5.3 | 4.6 |
Microsoft SharePoint Remote Code Execution Vulnerability | |||||||
CVE-2020-17061 | No | No | More Likely | More Likely | Important | 8.8 | 7.7 |
Microsoft SharePoint Spoofing Vulnerability | |||||||
CVE-2020-17015 | No | No | Less Likely | Less Likely | Low | 4.3 | 3.8 |
CVE-2020-17016 | No | No | Less Likely | Less Likely | Important | 8.0 | 7.0 |
CVE-2020-17060 | No | No | Less Likely | Less Likely | Important | 5.4 | 4.7 |
Microsoft Teams Remote Code Execution Vulnerability | |||||||
CVE-2020-17091 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Microsoft Word Security Feature Bypass Vulnerability | |||||||
CVE-2020-17020 | No | No | Less Likely | Less Likely | Important | 3.3 | 2.9 |
Raw Image Extension Remote Code Execution Vulnerability | |||||||
CVE-2020-17078 | No | No | Less Likely | Less Likely | Critical | 7.8 | 6.8 |
CVE-2020-17079 | No | No | Less Likely | Less Likely | Critical | 7.8 | 6.8 |
CVE-2020-17082 | No | No | Less Likely | Less Likely | Critical | 7.8 | 6.8 |
CVE-2020-17086 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Remote Desktop Protocol Client Information Disclosure Vulnerability | |||||||
CVE-2020-17000 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
Remote Desktop Protocol Server Information Disclosure Vulnerability | |||||||
CVE-2020-16997 | No | No | Less Likely | Less Likely | Important | 7.7 | 6.7 |
Scripting Engine Memory Corruption Vulnerability | |||||||
CVE-2020-17052 | No | No | More Likely | More Likely | Critical | 7.5 | 6.7 |
Visual Studio Code JSHint Extension Remote Code Execution Vulnerability | |||||||
CVE-2020-17104 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Visual Studio Tampering Vulnerability | |||||||
CVE-2020-17100 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
WebP Image Extensions Information Disclosure Vulnerability | |||||||
CVE-2020-17102 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
Win32k Elevation of Privilege Vulnerability | |||||||
CVE-2020-17010 | No | No | More Likely | More Likely | Important | 7.8 | 6.8 |
CVE-2020-17038 | No | No | More Likely | More Likely | Important | 7.8 | 6.8 |
Win32k Information Disclosure Vulnerability | |||||||
CVE-2020-17013 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
Windows Bind Filter Driver Elevation of Privilege Vulnerability | |||||||
CVE-2020-17012 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Windows Camera Codec Information Disclosure Vulnerability | |||||||
CVE-2020-17113 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
Windows Canonical Display Driver Information Disclosure Vulnerability | |||||||
CVE-2020-17029 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
Windows Client Side Rendering Print Provider Elevation of Privilege Vulnerability | |||||||
CVE-2020-17024 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||||
CVE-2020-17088 | No | No | More Likely | More Likely | Important | 7.8 | 7.2 |
Windows Delivery Optimization Information Disclosure Vulnerability | |||||||
CVE-2020-17071 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
Windows Error Reporting Denial of Service Vulnerability | |||||||
CVE-2020-17046 | No | No | Less Likely | Less Likely | Low | 5.5 | 5.0 |
Windows Error Reporting Elevation of Privilege Vulnerability | |||||||
CVE-2020-17007 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.1 |
Windows Function Discovery SSDP Provider Information Disclosure Vulnerability | |||||||
CVE-2020-17036 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
Windows GDI+ Remote Code Execution Vulnerability | |||||||
CVE-2020-17068 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Windows Graphics Component Information Disclosure Vulnerability | |||||||
CVE-2020-17004 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
Windows Hyper-V Security Feature Bypass Vulnerability | |||||||
CVE-2020-17040 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
Windows Kernel Elevation of Privilege Vulnerability | |||||||
CVE-2020-17035 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Windows Kernel Local Elevation of Privilege Vulnerability | |||||||
CVE-2020-17087 | Yes | Yes | Detected | Detected | Important | 7.8 | 7.2 |
Windows KernelStream Information Disclosure Vulnerability | |||||||
CVE-2020-17045 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
Windows MSCTF Server Information Disclosure Vulnerability | |||||||
CVE-2020-17030 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
Windows NDIS Information Disclosure Vulnerability | |||||||
CVE-2020-17069 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
Windows Network File System Denial of Service Vulnerability | |||||||
CVE-2020-17047 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.7 |
Windows Network File System Information Disclosure Vulnerability | |||||||
CVE-2020-17056 | No | No | More Likely | More Likely | Important | 5.5 | 4.8 |
Windows Network File System Remote Code Execution Vulnerability | |||||||
CVE-2020-17051 | No | No | More Likely | More Likely | Critical | 9.8 | 8.5 |
Windows Port Class Library Elevation of Privilege Vulnerability | |||||||
CVE-2020-17011 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Windows Print Configuration Elevation of Privilege Vulnerability | |||||||
CVE-2020-17041 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Windows Print Spooler Elevation of Privilege Vulnerability | |||||||
CVE-2020-17001 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-17014 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Print Spooler Remote Code Execution Vulnerability | |||||||
CVE-2020-17042 | No | No | Less Likely | Less Likely | Critical | 8.8 | 7.7 |
Windows Remote Access Elevation of Privilege Vulnerability | |||||||
CVE-2020-17055 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
CVE-2020-17025 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
CVE-2020-17026 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
CVE-2020-17027 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
CVE-2020-17028 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
CVE-2020-17031 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
CVE-2020-17032 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
CVE-2020-17033 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
CVE-2020-17034 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
CVE-2020-17043 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
CVE-2020-17044 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Windows Spoofing Vulnerability | |||||||
CVE-2020-1599 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
Windows USO Core Worker Elevation of Privilege Vulnerability | |||||||
CVE-2020-17075 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Windows Update Medic Service Elevation of Privilege Vulnerability | |||||||
CVE-2020-17070 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Windows Update Orchestrator Service Elevation of Privilege Vulnerability | |||||||
CVE-2020-17073 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
CVE-2020-17074 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
CVE-2020-17076 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Windows Update Stack Elevation of Privilege Vulnerability | |||||||
CVE-2020-17077 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Windows WalletService Elevation of Privilege Vulnerability | |||||||
CVE-2020-17037 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
Windows WalletService Information Disclosure Vulnerability | |||||||
CVE-2020-16999 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
Windows Win32k Elevation of Privilege Vulnerability | |||||||
CVE-2020-17057 | No | No | More Likely | More Likely | Important | 7.0 | 6.1 |
References:
[1] https://attackerkb.com/topics/y8mmBHc710/cve-2020-17087-windows-kernel-local-privilege-escalation-0day?referrer=home
--
Renato Marinho
Morphus Labs| LinkedIn|Twitter
Comments
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/cve-2020-17051-remote-kernel-heap-overflow-in-nfsv3-windows-server/
Seems to require the NFS Role to be enabled, and either credentials with write permissions or a share with anonymous write access enabled.
Definitely doesn't seem to be as concerning as the large CVSS score.
Anonymous
Nov 10th 2020
3 years ago
I cannot see it on their "improved" page https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17091
Anonymous
Nov 11th 2020
3 years ago
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-kerberos-authentication-issues-in-oob-update/
Anonymous
Nov 19th 2020
3 years ago