Overview
Microsoft released December 2020 security updates on Tuesday which fix 58 vulnerabilities ranging from simple spoofing attacks to remote code execution, including 9 critical vulnerabilities, 47 important vulnerabilities, and two moderate vulnerabilities. All users are advised to install updates without delay.
These vulnerabilities affect Azure DevOps, Azure SDK, Azure Sphere, Microsoft Dynamics, Microsoft Edge, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft Office, Microsoft Office SharePoint, Microsoft Windows, Microsoft Windows DNS, Visual Studio, Windows Backup Engine, Windows Error Reporting, Windows Hyper-V, Windows Lock Screen, Windows Media, and Windows SMB.
Description of Critical and Important Vulnerabilities
Some critical and important vulnerabilities are described as follows:
- Microsoft Exchange Remote Code Execution Vulnerabilities (CVE-2020-17132, CVE-2020-17142)
The vulnerabilities occur due to improper validation of cmdlet arguments. An authenticated attacker could exploit these vulnerabilities to remotely execute code without user interaction.
According to Microsoft, the CVSS base score of these critical vulnerabilities is 3.0 9.1/8.2:
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
- Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2020-17121)
The vulnerability allows an authenticated attacker to execute arbitrary .NET code on the SharePoint Web application server. In its default configuration, authenticated SharePoint users can create sites that provide the necessary permissions which happen to be a prerequisite for launching an attack.
According to Microsoft, the CVSS base score of this critical vulnerability is 3.0 8.8/7.7:
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
- Hyper-V Remote Code Execution Vulnerability (CVE-2020-17095)
An attacker who can execute crafted software on the Hyper-V client machine may execute arbitrary code on the Hyper-V host machine by sending vSMB packets to the Hyper-V host machine.
According to Microsoft, the CVSS base score of this critical vulnerability is 3.0 8.5/7.4:
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
- Microsoft Exchange 2010 Remote Code Execution Vulnerability (CVE-2020-17144)
The vulnerability occurs due to improper validation of cmdlet arguments. It allows authenticated attackers to remotely execute code.
According to Microsoft, the CVSS base score of this important vulnerability is 3.0 8.4/7.6:
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
- Windows NTFS Remote Code Execution Vulnerability (CVE-2020-17096)
Local attackers could exploit this vulnerability to escalate privileges by running crafted applications. Remote attackers with SMBv2 access to a vulnerable system could send crafted requests over a network to exploit this vulnerability and execute code on the target system.
According to Microsoft, the CVSS base score of this important vulnerability is 3.0 7.5/6.5:
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Statement
This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.
About NSFOCUS
NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.
NSFOCUS works with Fortune Global 500 companies, including four of the world’s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA).
A wholly owned subsidiary of NSFOCUS Technologies Group Co., Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.
Download: