On this Tuesday, Microsoft has released patches for 129 security bugs. The Patch includes 105 important bugs for severity, 23 critical flaws and one moderate bug.
Microsoft said that none are publicly known or under active exploitation. According to researchers, CVE-2020-16875 is the most severe issue in the bunch. This is a memory-corruption problem in Microsoft Exchange that allows remote code-execution just by sending an email to a target.
With Running arbitrary code attackers can gain the access to create new accounts, modify and remove data, and install programs.
In an analysis on Tuesday, researcher at Trend Micro’s Zero-Day Initiative (ZDI), Dustin Childs stated that this patch fixes the vulnerability which allows attackers to execute code at SYSTEM just by sending a simple craft email to the affected exchange server.
Dustin also said, we have seen that previously patched exchange CVE-2020-0688 was used on a large scale and hopes this will also be used in the wild. This should be your top authority.
Product marketing manager at Automox, Justin Knapp, added that exchange servers 2016 and 2019 are affected by this vulnerability. The Microsoft exchange widely used across business users indicates that this patch should be prioritized high on the list.
Another serious vulnerability exists in sharepoint which should be prioritized is CVE-2020-1210. It exists due to a failure to check the application package’s source markup.
Satnam Narang, staff research engineer at Tenable, said in a email, “To use this vulnerability, an attacker would need to upload a SharePoint application package to a vulnerable SharePoint website”
Seven RCE bugs are being fixed in SharePoint and only one of them needs authentication.
Another critical RCE vulnerability (rated 8.5 in the security scale) in Windows Graphic Device Interface mentioned by Krapp. He also said, It appears because of the way GDI handles objects in memory, providing both web-based and file sharing attack scenarios that could make multiple options for attackers to gain access to a system.
“In the case of a web based attack, an attacker needs to build a website designed to use the vulnerability and then be convinced to open the website.
Since there is no way to force users to check the attacker controlled content, the attackers would need to convince users to take action. Attackers typically send them an email with attachment or link.
Whereas in the case of file sharing, the attackers get them to open a specially created file to activate the vulnerability.