Microsoft Exchange Remote Code Execution Vulnerability (CVE-2020-17144) Threat Alert
January 6, 2021
Overview
Microsoft disclosed a remote code execution vulnerability (CVE-2020-17144) Microsoft Exchange Server 2010 in its latest December security updates, rating the vulnerability as Important.
The vulnerability exists because the program improperly verifies cmdlet parameters. An authenticated attacker could exploit this vulnerability to cause remote code execution.
This vulnerability is similar to CVE-2020-0688 and requires login before being exploited. However, to exploit it does not require a plaintext password but NTHash. In addition to regular mail services and OWA, the EWS interface also provides the necessary methods for exploitation. The functions of the vulnerability are also persistent.
(more…)Microsoft’s December 2020 Patches Fix 58 Security Vulnerabilities Threat Alert
December 23, 2020
Overview
Microsoft released December 2020 security updates on Tuesday which fix 58 vulnerabilities ranging from simple spoofing attacks to remote code execution, including 9 critical vulnerabilities, 47 important vulnerabilities, and two moderate vulnerabilities. All users are advised to install updates without delay.
(more…)Microsoft’s November 2020 Patches Fix 112 Security Vulnerabilities Threat Alert
November 30, 2020
Overview
Microsoft released November 2020 security updates on Tuesday which fix 112 vulnerabilities ranging from simple spoofing attacks to remote code execution, including 17 critical vulnerabilities, 93 important vulnerabilities, and two low vulnerabilities. All users are advised to install updates without delay.
These vulnerabilities affect Azure DevOps, Azure Sphere, Common Log File System Driver, Microsoft Browsers, Microsoft Dynamics, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Teams, Microsoft Windows, Microsoft Windows Codecs Library, Visual Studio, Windows Defender, Windows Kernel, Windows NDIS, Windows Update Stack, and Windows WalletService.
(more…)Microsoft’s October 2020 Patches Fix 87 Security Vulnerabilities Threat Alert
October 28, 2020
Overview
Microsoft released October 2020 security updates on Tuesday which fix 87 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Framework, Azure, Group Policy, Microsoft Dynamics, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft NTFS, Microsoft Office, Microsoft Office SharePoint, Microsoft Windows, Microsoft Windows Codecs Library, PowerShellGet, Visual Studio, Windows COM, Windows Error Reporting, Windows Hyper-V, Windows Installer, Windows Kernel, Windows Media Player, Windows RDP, and Windows Secure Kernel Mode.
(more…)Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2020-16875) Handling Guide
October 7, 2020
Vulnerability Description
Recently, NSFOCUS detected that security personnel disclosed the procedure for exploiting the Microsoft Exchange Server remote code execution vulnerability (CVE-2020-16875) online. The vulnerability was made public by Microsoft in its September 2020 Security Updates. A remote code execution vulnerability exists in the way that Microsoft Exchange Server handles objects in memory. The prerequisite for successfully exploiting the vulnerability is to have user rights that can be authenticated as an Exchange role. An attacker could trigger the vulnerability by sending an email that contains special cmdlet arguments to the affected Exchange server. An attacker who successfully exploited the vulnerability could execute arbitrary code with system privileges on the affected system. Users should take preventive measures as soon as possible.
(more…)Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2020-16875) Threat Alert
September 30, 2020
Overview
Microsoft has fixed a critical vulnerability in its September 2020 Security Updates, which is a remote code execution vulnerability (CVE-2020-16875) in Microsoft Exchange Server. Recently, relevant proof of concept (PoC) has appeared on the Internet.
Due to incorrect verification of cmdlet arguments, an attacker may trigger this vulnerability by sending an email that contains special cmdlet arguments to the affected Exchange server. An attacker who successfully exploited the vulnerability could execute arbitrary code with system privileges on the affected system. It is worth noting that the prerequisite for successfully exploiting the vulnerability is to have user rights that can be authenticated as an Exchange role.
(more…)Microsoft September 2020 Security Updates for Multiple High-Risk Product Vulnerabilities Threat Alert
September 29, 2020
Vulnerability Description
On September 9, 2020, Beijing time, Microsoft released September 2020 Security Updates that fix 129 vulnerabilities ranging from remote code execution to privilege escalation in various products, including Microsoft Windows, Internet Explorer, Microsoft Office, Microsoft Exchange Server, Visual Studio, and ASP.NET.
(more…)Microsoft’s August 2020 Patches Fix 120 Security Vulnerabilities Threat Alert
August 30, 2020
Overview
Microsoft released August 2020 security updates on Tuesday which fix 120 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Framework, ASP.NET, Internet Explorer, Microsoft Dynamics, Microsoft Edge, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Video Control, Microsoft Windows, Microsoft Windows Codecs Library, Netlogon, SQL Server, Visual Studio, Windows AI, Windows COM, Windows Kernel, Windows Media, Windows Media Player, Windows Print Spooler Components, Windows RDP, Windows Registry, Windows Shell, Windows Update Stack, and Windows WalletService.
(more…)Microsoft Windows DNS Server Remote Code Execution Vulnerability SigRed (CVE-2020-1350) Threat Alert
August 11, 2020
Overview
On July 14, 2020 local time, Microsoft addressed a wormable Windows DNS server vulnerability dubbed SigRed (CVE-2020-1350) in its latest monthly patch updates. Once exploited by attackers, the vulnerability could spread between vulnerable computers without user interaction, thereby probably infecting the network of the whole organization.
It is reported that the vulnerability has existed for 17 years and assigns a score of 10 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C).
When a DNS server parses uploaded queries or responds to forwarded requests, the vulnerability could be exploited.
Check Point researchers found that sending DNS responses containing SIG records (greater than 64 KB) could cause a stack-based buffer overflow, further allowing attackers to control a server.
(more…)Microsoft’s July 2020 Patches Fix 124 Security Vulnerabilities Threat Alert
July 25, 2020
Overview
Microsoft released July 2020 security updates on Tuesday that fix 124 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Framework, Azure DevOps, Internet Explorer, Microsoft Edge, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Malware Protection Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft OneDrive, Microsoft Scripting Engine, Microsoft Windows, Open Source Software, Skype for Business, Visual Studio, Windows Hyper-V, Windows IIS, Windows Kernel, Windows Shell, Windows Subsystem for Linux, Windows Update Stack, and Windows WalletService.
(more…)