Microsoft’s October 2020 Patches Fix 87 Security Vulnerabilities Threat Alert

Microsoft’s October 2020 Patches Fix 87 Security Vulnerabilities Threat Alert

October 28, 2020 | Adeline Zhang

Overview 

Microsoft released October 2020 security updates on Tuesday which fix 87 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Framework, Azure, Group Policy, Microsoft Dynamics, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft NTFS, Microsoft Office, Microsoft Office SharePoint, Microsoft Windows, Microsoft Windows Codecs Library, PowerShellGet, Visual Studio, Windows COM, Windows Error Reporting, Windows Hyper-V, Windows Installer, Windows Kernel, Windows Media Player, Windows RDP, and Windows Secure Kernel Mode.

Description of Critical and Important Vulnerabilities

This time, Microsoft fixes 11 critical vulnerabilities, 75 important vulnerabilities, and one moderate vulnerability. All users are advised to install updates without delay.

Some critical and important vulnerabilities are described as follows:

  • Windows TCP/IP Remote Code Execution Vulnerability (CVE-2020-16898, Bad Neighbor) 

The  Windows TCP/IP stack  improperly handles  ICMPv6 Router Advertisement  packets that use Option Type 25 (Recursive DNS Server  Option)  and a length field value that is even. An attacker might execute arbitrary code on a remote system by sending maliciously crafted ICMPv6 Router Advertisement packets. In its advisory, Microsoft said this vulnerability might be exploited.

According to Microsoft, the CVSS base score of this critical vulnerability is 9.8:

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16898
  • Microsoft SharePoint Remote Code Execution Vulnerabilities (CVE-2020-16951, CVE-2020-16952) 

These vulnerabilities exist when the software fails to check the source markup of an application package. To exploit these two vulnerabilities, an attacker would need to upload a specially crafted SharePoint application package to an affected version of SharePoint to execute arbitrary code. This can be accomplished by an unprivileged SharePoint user if the server’s configuration allows it.

According to Microsoft, the CVSS base score of this critical vulnerability is 8.6:

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16951
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16952
  • Base3D Remote Code Execution Vulnerability (CVE-2020-17003) 

A remote code execution vulnerability exists when the Base3D rendering engine improperly handles memory.

An attacker who successfully exploited the vulnerability would execute arbitrary code on an affected system.

According to Microsoft, the CVSS base score of this critical vulnerability is 7.8:

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17003
  • Microsoft Outlook Remote Code Execution Vulnerability (CVE-2020-16947) 

The vulnerability exists within the parsing of HTML content in an email. This is because Microsoft Outlook fails to properly validate the length of user-supplied data before copying it to a fixed-length heap-based buffer. An attacker might send a specially crafted e-mail to exploit the vulnerability. The Preview Pane can also be an attack vector here, so the recipient might be affected if he/she views the e-mail (including e-mail preview in the Preview Pane) via Outlook.

An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. In its advisory, Microsoft said this vulnerability was unlikely to be exploited. However, the Zero Day Initiative (ZDI) announced to have a working proof of concept (PoC). Therefore, the vulnerability must be patched as soon as possible.

According to Microsoft, the CVSS base score of this critical vulnerability is 8.1:

       CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16947
  • Windows Hyper-V Remote Code Execution Vulnerability (CVE-2020-16891) 

The vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.

According to Microsoft, the CVSS base score of this critical vulnerability is 8.8:

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16891
  • Microsoft Graphics Components Remote Code Execution Vulnerability (CVE-2020-16923) 

The vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. To exploit the vulnerability, an attacker must create a specially crafted file and convince the target to open the file. This could be achieved through targeted social engineering. Successful exploitation would allow an attacker to execute arbitrary code on the vulnerable system.

According to Microsoft, the CVSS base score of this critical vulnerability is 7.8:

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16923
  • Windows TCP/IP Denial-of-Service Vulnerability (CVE-2020-16899) 

Similar to CVE-2020-16898, CVE-2020-16899 is a vulnerability within the Windows TCP/IP stack. The vulnerability also results from the improper handling of ICMPv6 Router Advertisement packets. Exploitation of this vulnerability requires an attacker to send crafted ICMPv6 Router Advertisement packets which could cause the system to stop responding.

According to Microsoft, the CVSS base score of this important vulnerability is 7.5:

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16899
  • Windows Error Reporting Elevation of Privilege Vulnerability (CVE-2020-16909) 

An elevation of privilege (EoP) vulnerability in Windows Error Reporting (WER) allows attackers to gain greater access to sensitive information and system functionality. This vulnerability is one of the vulnerabilities disclosed before monthly security updates were released.

Although Microsoft said this CVE had not been exploited, a previous report indicated the flaw in WER had been widely used in fileless attacks.

According to Microsoft, the CVSS base score of this important vulnerability is 7.8:

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16909

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2020-17003
ProductKB ArticleSeverityImpactSupersedenceCVSS Score SetRestart Required
3D ViewerRelease Notes Security Update

CriticalRemote Code ExecutionBase: 7.8
Temporal: 7
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Maybe

Statement

This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.

About NSFOCUS

NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.

NSFOCUS works with Fortune Global 500 companies, including four of the world’s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA).

A wholly owned subsidiary of NSFOCUS Technologies Group Co., Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.

Download: