Tag Archives: PatchTuesday

Microsoft Patch Tuesday April 2020: my classification script, confusing RCE in Adobe Type Manager and updates for older vulnerabilities

Easiest task ever?

Making the reviews of Microsoft Patch Tuesday vulnerabilities should be an easy task. All vulnerability data is publicly available. Even better, dozens of reviews have already been written. Just read them, combine and post. Right?

Microsoft Patch Tuesday April 2020: my classification script, confusing RCE in Adobe Type Manager and updates for older vulnerabilities

Not really. In fact it is quite boring and annoying. It may be fun to write about vulnerabilities that were already used in some real attacks. But this is a very small part of all vulnerabilities. What about more than a hundred others? They are like “some vulnerability in some component may be used in some attack (or may be not)”. If you describe each of them, no one will read or listen this.

You must choose what to highlight. And when I am reading the reports from Tenable, Qualys and ZDI, I see that they choose very different groups of vulnerabilities, pretty much randomly.

My classification script

That’s why I created a script that takes Patch Tuesday CVE data from microsoft.com and visualizes it giving me helicopter view on what can be interesting there. With nice grouping by vulnerability type and product, with custom icons for vulnerability types, coloring based on severity, etc.

Continue reading

Microsoft Patch Tuesday February 2020

IMHO, these are the two most interesting vulnerabilities in a recent Microsoft Patch Tuesday February 2020:

  • Mysterious Windows RCE CVE-2020-0662. “To exploit the vulnerability, an attacker who has a domain user account could create a specially crafted request, causing Windows to execute arbitrary code with elevated permissions.” Without needing to directly log in to the affected device!
  • Microsoft Exchange server seizure CVE-2020-0688. By sending a malicious email message the attacker can run commands on a vulnerable Exchange server as the system user (and monitor email communications). “the attacker could completely take control of an Exchange server through a single e-mail”.

There were also RCEs in Remote Desktop (Client and Service), a third attempt to fix RCEs in Internet Explorer, Elevation of Privilege, etc. But all this stuff we see in almost every Patch Tuesday and without fully functional exploits it’s not really interesting. 🙂

Read the full reviews in Tenable and Zero Day Initiative blogs.