Remote Code Execution - Microsoft Exchange (CVE-2020-17144) - Critical [705] 1. Remote Code Execution - Microsoft Exchange (CVE-2020-17144) - Critical [705]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 1.0 | 18 | Exploitation in the wild is mentioned at Vulners (AttackerKB object), AttackerKB |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.8 | 14 | Microsoft Exchange |
| CVSS Base Score | 0.8 | 10 | NVD Vulnerability Severity Rating is High |
qualys: Microsoft patched five Remote Code Execution vulnerabilities in Exchange (CVE-2020-17141, CVE-2020-17142, CVE-2020-17144, CVE-2020-17117, CVE-2020-17132), which would allow an attacker to run code as system by sending a malicious email. Microsoft does rank them as “Exploitation Less Likely,” but due to the open attack vector, these patches should be prioritized on all Exchange Servers.
tenable: CVE-2020-17117, CVE-2020-17132, CVE-2020-17141, CVE-2020-17142 and CVE-2020-17144 are remote code execution (RCE) vulnerabilities in Microsoft Exchange. All of these have been labeled by Microsoft as “Exploitation Less Likely” with the exception of CVE-2020-17144, which has been labeled as “Exploitation More Likely.”
rapid7: While there are a total of six vulnerabilities from Microsoft Exchange Server this month, two of them garner a CVSS score of 9.1 (CVE-2020-17132, CVE-2020-17142) and one is noted by Microsoft has having a higher chance of exploitability (CVE-2020-17144). These three warrant an additional examination and may be grounds for prioritizing patching.
rapid7: In contrast, CVE-2020-17144 which is another remote code execution vulnerability also stemming from improper validation for cmdlet arguments, this one only affects Exchange Server 2010 SP3 and does require additional user interaction to successfully execute. This is extra interesting as Microsoft Exchange Server 2010 passed end of life back on October 22, 2020. The introduction of this post-EOL patch for Microsoft Exchange Server 2010 coupled with Microsoft noting this vulnerability to be more likely exploitable does suggest prioritizing this patch a bit earlier.
2. Remote Code Execution - Windows NTFS (CVE-2020-17096) - High [500]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.8 | 10 | NVD Vulnerability Severity Rating is High |
qualys: While listed as Important, there is a RCE vulnerability (CVE-2020-17096) in Microsoft Windows. A local attacker could exploit this vulnerability to elevate the attacker’s privileges or a remote attacker with SMBv2 access to affected system could send malicious requests over the network.
tenable: CVE-2020-17096 is an RCE in Windows NT File System (NTFS), the file system used in Microsoft Windows and Microsoft Windows Server. No user interaction is required to exploit this vulnerability. Depending on the attacker’s position, there are a few avenues for exploitation. For an attacker that has already established a local position on the vulnerable system, executing a malicious application that exploits the flaw would result in an elevation of privileges. Alternatively, a remote attacker could exploit the flaw by sending malicious requests to a vulnerable system, so long as they could access it over the Server Message Block version 2 protocol (SMBv2). Successful exploitation in this context would grant the attacker arbitrary code execution.
3. Remote Code Execution - Microsoft Exchange (CVE-2020-17132) - High [475]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.8 | 14 | Microsoft Exchange |
| CVSS Base Score | 0.9 | 10 | NVD Vulnerability Severity Rating is Critical |
qualys: Microsoft patched five Remote Code Execution vulnerabilities in Exchange (CVE-2020-17141, CVE-2020-17142, CVE-2020-17144, CVE-2020-17117, CVE-2020-17132), which would allow an attacker to run code as system by sending a malicious email. Microsoft does rank them as “Exploitation Less Likely,” but due to the open attack vector, these patches should be prioritized on all Exchange Servers.
tenable: CVE-2020-17117, CVE-2020-17132, CVE-2020-17141, CVE-2020-17142 and CVE-2020-17144 are remote code execution (RCE) vulnerabilities in Microsoft Exchange. All of these have been labeled by Microsoft as “Exploitation Less Likely” with the exception of CVE-2020-17144, which has been labeled as “Exploitation More Likely.”
tenable: CVE-2020-17132 is credited to Steven Seeley, a researcher at Source Incite, who is frequently acknowledged for his disclosure of vulnerabilities during Patch Tuesday.
tenable: In September’s Patch Tuesday release, Seeley was credited with discovering CVE-2020-16875, which he intended to blog about until he discovered a patch bypass for the flaw. Seeley has now confirmed that CVE-2020-17132 addresses this patch bypass.
tenable: CVE-2020-17132 patches the patch bypass apparently https://t.co/BKw0IKSFoB
tenable: CVE-2020-17132 patches the patch bypass apparently https://t.co/BKw0IKSFoB — ϻг_ϻε (@steventseeley) December 8, 2020
rapid7: While there are a total of six vulnerabilities from Microsoft Exchange Server this month, two of them garner a CVSS score of 9.1 (CVE-2020-17132, CVE-2020-17142) and one is noted by Microsoft has having a higher chance of exploitability (CVE-2020-17144). These three warrant an additional examination and may be grounds for prioritizing patching.
rapid7: There is currently suspicion that CVE-2020-17132 helps address the patch bypass of CVE-2020-16875 (CVSS 8.4) from September 2020. As well, both CVE-2020-17132 and CVE-2020-17142 are remote code execution vulnerabilities occurring due to improper validation of cmdlet arguments that affect all supported (as of writing) versions of Microsoft Exchange. One important note to consider is while these vulnerabilities have received a CVSS score of 9.1 and do not require additional user interaction, an attacker must be in an authenticated role in order to exploit this vulnerability.
zdi: CVE-2020-17132 - Microsoft Exchange Remote Code Execution Vulnerability. This is one of several Exchange code execution bugs, and it is credited to three different researchers. This implies the bug was somewhat easy to find, and other researchers are likely to find the root cause, too. Microsoft doesn’t provide an attack scenario here but does note that the attacker needs be authenticated. This indicates that if you take over someone’s mailbox, you can take over the entire Exchange server. With all of the other Exchange bugs, definitely prioritize your Exchange test and deployment.
4. Remote Code Execution - Microsoft Exchange (CVE-2020-17142) - High [475]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.8 | 14 | Microsoft Exchange |
| CVSS Base Score | 0.9 | 10 | NVD Vulnerability Severity Rating is Critical |
qualys: Microsoft patched five Remote Code Execution vulnerabilities in Exchange (CVE-2020-17141, CVE-2020-17142, CVE-2020-17144, CVE-2020-17117, CVE-2020-17132), which would allow an attacker to run code as system by sending a malicious email. Microsoft does rank them as “Exploitation Less Likely,” but due to the open attack vector, these patches should be prioritized on all Exchange Servers.
tenable: CVE-2020-17117, CVE-2020-17132, CVE-2020-17141, CVE-2020-17142 and CVE-2020-17144 are remote code execution (RCE) vulnerabilities in Microsoft Exchange. All of these have been labeled by Microsoft as “Exploitation Less Likely” with the exception of CVE-2020-17144, which has been labeled as “Exploitation More Likely.”
rapid7: While there are a total of six vulnerabilities from Microsoft Exchange Server this month, two of them garner a CVSS score of 9.1 (CVE-2020-17132, CVE-2020-17142) and one is noted by Microsoft has having a higher chance of exploitability (CVE-2020-17144). These three warrant an additional examination and may be grounds for prioritizing patching.
rapid7: There is currently suspicion that CVE-2020-17132 helps address the patch bypass of CVE-2020-16875 (CVSS 8.4) from September 2020. As well, both CVE-2020-17132 and CVE-2020-17142 are remote code execution vulnerabilities occurring due to improper validation of cmdlet arguments that affect all supported (as of writing) versions of Microsoft Exchange. One important note to consider is while these vulnerabilities have received a CVSS score of 9.1 and do not require additional user interaction, an attacker must be in an authenticated role in order to exploit this vulnerability.
5. 
Security Feature Bypass - Windows Overlay Filter (CVE-2020-17139) - High [466]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.9 | 15 | Security Feature Bypass |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
6. Remote Code Execution - Microsoft Exchange (CVE-2020-17141) - High [462]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.8 | 14 | Microsoft Exchange |
| CVSS Base Score | 0.8 | 10 | NVD Vulnerability Severity Rating is High |
qualys: Microsoft patched five Remote Code Execution vulnerabilities in Exchange (CVE-2020-17141, CVE-2020-17142, CVE-2020-17144, CVE-2020-17117, CVE-2020-17132), which would allow an attacker to run code as system by sending a malicious email. Microsoft does rank them as “Exploitation Less Likely,” but due to the open attack vector, these patches should be prioritized on all Exchange Servers.
tenable: CVE-2020-17117, CVE-2020-17132, CVE-2020-17141, CVE-2020-17142 and CVE-2020-17144 are remote code execution (RCE) vulnerabilities in Microsoft Exchange. All of these have been labeled by Microsoft as “Exploitation Less Likely” with the exception of CVE-2020-17144, which has been labeled as “Exploitation More Likely.”
7. Security Feature Bypass - Kerberos (CVE-2020-16996) - High [452]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.9 | 15 | Security Feature Bypass |
| Vulnerable Product is Common | 1.0 | 14 | Kerberos |
| CVSS Base Score | 0.6 | 10 | NVD Vulnerability Severity Rating is Medium |
zdi: CVE-2020-16996 - Kerberos Security Feature Bypass Vulnerability. This patch corrects a security feature bypass (SFB) bug in Kerberos, but thanks to Microsoft’s decision to remove executive summaries and only provide a CVSS score, we don’t know what specific features are being bypassed. We do know this impacts Kerberos Resource-Based Constrained Delegation (RBCD), as Microsoft has released guidance on managing the deployment of RBCD/Protected User changes in a new KB article. This likely helps to protect against RBCD attacks such as the one detailed here. This patch adds the NonForwardableDelegation registry key to enable protection on Active Directory domain controller servers. This will be enforced in a future update in February.
8. Security Feature Bypass - Windows Lock Screen (CVE-2020-17099) - High [452]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.9 | 15 | Security Feature Bypass |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.6 | 10 | NVD Vulnerability Severity Rating is Medium |
qualys: An important vulnerability is patched by Microsoft (CVE-2020-17099) where an attacker with physical access to the target system could perform actions on a locked system, thereby executing code from Windows lock screen in the context of the active user session. This patch should be prioritized across all Windows devices.
9. Remote Code Execution - Microsoft Exchange (CVE-2020-17117) - High [448]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.8 | 14 | Microsoft Exchange |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
qualys: Microsoft patched five Remote Code Execution vulnerabilities in Exchange (CVE-2020-17141, CVE-2020-17142, CVE-2020-17144, CVE-2020-17117, CVE-2020-17132), which would allow an attacker to run code as system by sending a malicious email. Microsoft does rank them as “Exploitation Less Likely,” but due to the open attack vector, these patches should be prioritized on all Exchange Servers.
tenable: CVE-2020-17117, CVE-2020-17132, CVE-2020-17141, CVE-2020-17142 and CVE-2020-17144 are remote code execution (RCE) vulnerabilities in Microsoft Exchange. All of these have been labeled by Microsoft as “Exploitation Less Likely” with the exception of CVE-2020-17144, which has been labeled as “Exploitation More Likely.”
10. Remote Code Execution - Hyper-V (CVE-2020-17095) - High [437]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.6 | 14 | Hyper-V |
| CVSS Base Score | 0.9 | 10 | NVD Vulnerability Severity Rating is Critical |
qualys: Microsoft also patched an RCE vulnerability in Hyper-V (CVE-2020-17095) which allows an attacker to run malicious programs on Hyper-V virtual machine to execute arbitrary code on the host system when it fails to properly validate vSMB packet data. This should be prioritized on all Hyper-V systems.
zdi: CVE-2020-17095 - Hyper-V Remote Code Execution Vulnerability. This patch corrects a bug that could allow an attacker to escalate privileges from code execution in a Hyper-V guest to code execution on the Hyper-V host by passing invalid vSMB packet data. It appears that no special permissions are needed on the guest OS to exploit this vulnerability. This bug also has the highest CVSS score (8.5) for the release. However, if Microsoft is wrong about the attack complexity, this could rate as high as 9.9.
11. Remote Code Execution - Microsoft SharePoint (CVE-2020-17118) - High [437]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.6 | 14 | SharePoint |
| CVSS Base Score | 0.9 | 10 | NVD Vulnerability Severity Rating is Critical |
qualys: Microsoft patched two RCEs (CVE-2020-17121 and CVE-2020-17118) in SharePoint. CVE-2020-17121 allows an authenticated attacker to gain access to create a site and execute code remotely within the kernel. Because of this, it is highly recommended to prioritize these patches across all SharePoint deployments.
tenable: CVE-2020-17118 and CVE-2020-17121 are RCE vulnerabilities in Microsoft SharePoint, which are labeled as “Exploitation More Likely” by Microsoft.
12. Remote Code Execution - Microsoft Excel (CVE-2020-17122) - High [429]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.7 | 14 | MS Office product |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
tenable: CVE-2020-17122, CVE-2020-17123, CVE-2020-17125, CVE-2020-17127, CVE-2020-17128 and CVE-2020-17129 are RCE vulnerabilities in Microsoft Excel. All six of these vulnerabilities were assigned a CVSSv3 score of 7.8 and labeled as “Exploitation Less Likely” by Microsoft.
13. Remote Code Execution - Microsoft Excel (CVE-2020-17123) - High [429]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.7 | 14 | MS Office product |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
tenable: CVE-2020-17122, CVE-2020-17123, CVE-2020-17125, CVE-2020-17127, CVE-2020-17128 and CVE-2020-17129 are RCE vulnerabilities in Microsoft Excel. All six of these vulnerabilities were assigned a CVSSv3 score of 7.8 and labeled as “Exploitation Less Likely” by Microsoft.
tenable: Details about CVE-2020-17123, which is credited to Marcin Noga of Cisco Talos Intelligence Group, have been published on the Talos blog. According to their description, the CVE-2020-17123 is a use-after-free vulnerability in Microsoft Excel. Exploitation of this flaw requires an attacker to socially engineer their victim into opening a malicious XLS file, either via email or hosting the file on a website and convincing the user to download and open it. Successful exploitation would result in remote code execution in the context of the current user. If the user has administrative privileges, it would result in a full system compromise.
tenable: While there are no further details for the five remaining Excel vulnerabilities, if they echo CVE-2020-17123 and past Excel flaws, the attack vector could be similar, requiring a user to open a malicious XLS file either via email or by convincing them to download and execute the file from a website. However, Microsoft notes that the Outlook Preview Pane is not affected by these vulnerabilities, which means a victim would need to open the XLS file directly to trigger the exploit.
14. Remote Code Execution - Microsoft Excel (CVE-2020-17125) - High [429]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.7 | 14 | MS Office product |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
tenable: CVE-2020-17122, CVE-2020-17123, CVE-2020-17125, CVE-2020-17127, CVE-2020-17128 and CVE-2020-17129 are RCE vulnerabilities in Microsoft Excel. All six of these vulnerabilities were assigned a CVSSv3 score of 7.8 and labeled as “Exploitation Less Likely” by Microsoft.
15. Remote Code Execution - Microsoft Excel (CVE-2020-17127) - High [429]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.7 | 14 | MS Office product |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
tenable: CVE-2020-17122, CVE-2020-17123, CVE-2020-17125, CVE-2020-17127, CVE-2020-17128 and CVE-2020-17129 are RCE vulnerabilities in Microsoft Excel. All six of these vulnerabilities were assigned a CVSSv3 score of 7.8 and labeled as “Exploitation Less Likely” by Microsoft.
16. Remote Code Execution - Microsoft Excel (CVE-2020-17128) - High [429]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.7 | 14 | MS Office product |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
tenable: CVE-2020-17122, CVE-2020-17123, CVE-2020-17125, CVE-2020-17127, CVE-2020-17128 and CVE-2020-17129 are RCE vulnerabilities in Microsoft Excel. All six of these vulnerabilities were assigned a CVSSv3 score of 7.8 and labeled as “Exploitation Less Likely” by Microsoft.
17. Remote Code Execution - Microsoft Excel (CVE-2020-17129) - High [429]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.7 | 14 | MS Office product |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
tenable: CVE-2020-17122, CVE-2020-17123, CVE-2020-17125, CVE-2020-17127, CVE-2020-17128 and CVE-2020-17129 are RCE vulnerabilities in Microsoft Excel. All six of these vulnerabilities were assigned a CVSSv3 score of 7.8 and labeled as “Exploitation Less Likely” by Microsoft.
18. Remote Code Execution - Microsoft SharePoint (CVE-2020-17121) - High [424]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.6 | 14 | SharePoint |
| CVSS Base Score | 0.8 | 10 | NVD Vulnerability Severity Rating is High |
qualys: Microsoft patched two RCEs (CVE-2020-17121 and CVE-2020-17118) in SharePoint. CVE-2020-17121 allows an authenticated attacker to gain access to create a site and execute code remotely within the kernel. Because of this, it is highly recommended to prioritize these patches across all SharePoint deployments.
tenable: CVE-2020-17118 and CVE-2020-17121 are RCE vulnerabilities in Microsoft SharePoint, which are labeled as “Exploitation More Likely” by Microsoft.
tenable: For CVE-2020-17121, Microsoft notes that the attack is network-based and, provided the targeted user has the required privileges, an attacker could gain access to SharePoint to craft a site and in turn remotely execute arbitrary code within the kernel.
tenable: The Zero Day Initiative (ZDI) is credited with reporting CVE-2020-17121 and offers additional details about the vulnerability in their summary blog. They note that exploitation would allow the execution of arbitrary .NET code in the context of the SharePoint Web Application service account. In SharePoint’s default configuration, it allows authenticated users to create sites with the required permissions to launch the attack which lines up with Microsoft’s FAQ.
zdi: CVE-2020-17121 - Microsoft SharePoint Remote Code Execution Vulnerability. Originally reported through the ZDI program, this patch corrects a bug that could allow an authenticated user to execute arbitrary .NET code on an affected server in the context of the SharePoint Web Application service account. In its default configuration, authenticated SharePoint users are able to create sites that provide all of the necessary permissions that are prerequisites for launching an attack. Similar bugs patched earlier this year received quite a bit of attention. We suspect this one will, too.
19. Remote Code Execution - Microsoft Dynamics 365 for Finance and Operations (on-premises) (CVE-2020-17152) - High [424]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.6 | 14 | Microsoft Dynamics 365 |
| CVSS Base Score | 0.8 | 10 | NVD Vulnerability Severity Rating is High |
20. Remote Code Execution - Microsoft Dynamics 365 for Finance and Operations (on-premises) (CVE-2020-17158) - High [424]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.6 | 14 | Microsoft Dynamics 365 |
| CVSS Base Score | 0.8 | 10 | NVD Vulnerability Severity Rating is High |
21. Remote Code Execution - Visual Studio Code Remote Development Extension (CVE-2020-17148) - High [410]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.6 | 14 | Visual Studio |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
22. Remote Code Execution - Visual Studio Code (CVE-2020-17150) - High [410]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.6 | 14 | Visual Studio |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
23. Remote Code Execution - Visual Studio (CVE-2020-17156) - High [410]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.6 | 14 | Visual Studio |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
24. Remote Code Execution - Visual Studio Code Java Extension Pack (CVE-2020-17159) - High [410]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.6 | 14 | Visual Studio |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
25. Security Feature Bypass - Microsoft Excel (CVE-2020-17130) - Medium [395]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.9 | 15 | Security Feature Bypass |
| Vulnerable Product is Common | 0.7 | 14 | MS Office product |
| CVSS Base Score | 0.6 | 10 | NVD Vulnerability Severity Rating is Medium |
26. 
Elevation of Privilege - Windows Backup Engine (CVE-2020-16958) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
27. Elevation of Privilege - Windows Backup Engine (CVE-2020-16959) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
28. Elevation of Privilege - Windows Backup Engine (CVE-2020-16960) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
29. Elevation of Privilege - Windows Backup Engine (CVE-2020-16961) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
30. Elevation of Privilege - Windows Backup Engine (CVE-2020-16962) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
31. Elevation of Privilege - Windows Backup Engine (CVE-2020-16963) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
32. Elevation of Privilege - Windows Backup Engine (CVE-2020-16964) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
33. Elevation of Privilege - Windows Network Connections Service (CVE-2020-17092) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
34. Elevation of Privilege - Windows Digital Media Receiver (CVE-2020-17097) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
35. Elevation of Privilege - Windows Cloud Files Mini Filter Driver (CVE-2020-17103) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
36. Elevation of Privilege - Windows Cloud Files Mini Filter Driver (CVE-2020-17134) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
37. Elevation of Privilege - Windows Cloud Files Mini Filter Driver (CVE-2020-17136) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
38. Security Feature Bypass - Azure SDK for Java (CVE-2020-16971) - Medium [379]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.9 | 15 | Security Feature Bypass |
| Vulnerable Product is Common | 0.4 | 14 | Azure Sphere |
| CVSS Base Score | 0.9 | 10 | NVD Vulnerability Severity Rating is Critical |
39. Security Feature Bypass - Azure SDK for C (CVE-2020-17002) - Medium [379]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.9 | 15 | Security Feature Bypass |
| Vulnerable Product is Common | 0.4 | 14 | Azure Sphere |
| CVSS Base Score | 0.9 | 10 | NVD Vulnerability Severity Rating is Critical |
40. Elevation of Privilege - DirectX Graphics Kernel (CVE-2020-17137) - Medium [366]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.9 | 14 | DirectX |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
41. 
Information Disclosure - Windows SMB (CVE-2020-17140) - Medium [351]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.6 | 10 | NVD Vulnerability Severity Rating is Medium |
42. 
Memory Corruption - Chakra Scripting Engine (CVE-2020-17131) - Medium [348]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.6 | 15 | Memory Corruption |
| Vulnerable Product is Common | 0.7 | 14 | MS Internet Browser |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
43. Information Disclosure - Microsoft Exchange (CVE-2020-17143) - Medium [340]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 0.8 | 14 | Microsoft Exchange |
| CVSS Base Score | 0.8 | 10 | NVD Vulnerability Severity Rating is High |
44. Information Disclosure - Windows Error Reporting (CVE-2020-17094) - Medium [337]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
45. Information Disclosure - Windows GDI+ (CVE-2020-17098) - Medium [337]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
46. Information Disclosure - Windows Error Reporting (CVE-2020-17138) - Medium [337]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
47. Elevation of Privilege - Microsoft SharePoint (CVE-2020-17089) - Medium [322]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.6 | 14 | SharePoint |
| CVSS Base Score | 0.8 | 10 | NVD Vulnerability Severity Rating is High |
48. Remote Code Execution - Microsoft PowerPoint (CVE-2020-17124) - Medium [316]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.1 | 14 | Other less common product |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
49. Information Disclosure - Microsoft Outlook (CVE-2020-17119) - Medium [308]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 0.7 | 14 | MS Office product |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
50. 
Spoofing - Microsoft SharePoint (CVE-2020-17115) - Medium [302]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Spoofing |
| Vulnerable Product is Common | 0.6 | 14 | SharePoint |
| CVSS Base Score | 0.8 | 10 | NVD Vulnerability Severity Rating is High |
51. Information Disclosure - Microsoft Excel (CVE-2020-17126) - Medium [281]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 0.7 | 14 | MS Office product |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
52. Information Disclosure - Microsoft SharePoint (CVE-2020-17120) - Medium [275]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 0.6 | 14 | SharePoint |
| CVSS Base Score | 0.6 | 10 | NVD Vulnerability Severity Rating is Medium |
53. Spoofing - Azure DevOps Server (CVE-2020-17135) - Medium [224]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Spoofing |
| Vulnerable Product is Common | 0.4 | 14 | Azure Sphere |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
54. Spoofing - Azure DevOps Server and Team Foundation Services (CVE-2020-17145) - Medium [224]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Spoofing |
| Vulnerable Product is Common | 0.4 | 14 | Azure Sphere |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
55. Information Disclosure - Microsoft Dynamics Business Central/NAV (CVE-2020-17133) - Low [181]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 0.1 | 14 | Other less common product |
| CVSS Base Score | 0.6 | 10 | NVD Vulnerability Severity Rating is Medium |
56. Spoofing - Microsoft Edge for Android (CVE-2020-17153) - Low [181]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Spoofing |
| Vulnerable Product is Common | 0.1 | 14 | Other less common product |
| CVSS Base Score | 0.6 | 10 | NVD Vulnerability Severity Rating is Medium |
57. 
Cross Site Scripting - Dynamics CRM Webclient (CVE-2020-17147) - Low [167]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Cross Site Scripting |
| Vulnerable Product is Common | 0.1 | 14 | Other less common product |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
Remote Code Execution (1)qualys: Microsoft patched five Remote Code Execution vulnerabilities in Exchange (CVE-2020-17141, CVE-2020-17142, CVE-2020-17144, CVE-2020-17117, CVE-2020-17132), which would allow an attacker to run code as system by sending a malicious email. Microsoft does rank them as “Exploitation Less Likely,” but due to the open attack vector, these patches should be prioritized on all Exchange Servers.
tenable: CVE-2020-17117, CVE-2020-17132, CVE-2020-17141, CVE-2020-17142 and CVE-2020-17144 are remote code execution (RCE) vulnerabilities in Microsoft Exchange. All of these have been labeled by Microsoft as “Exploitation Less Likely” with the exception of CVE-2020-17144, which has been labeled as “Exploitation More Likely.”
rapid7: While there are a total of six vulnerabilities from Microsoft Exchange Server this month, two of them garner a CVSS score of 9.1 (CVE-2020-17132, CVE-2020-17142) and one is noted by Microsoft has having a higher chance of exploitability (CVE-2020-17144). These three warrant an additional examination and may be grounds for prioritizing patching.
rapid7: In contrast, CVE-2020-17144 which is another remote code execution vulnerability also stemming from improper validation for cmdlet arguments, this one only affects Exchange Server 2010 SP3 and does require additional user interaction to successfully execute. This is extra interesting as Microsoft Exchange Server 2010 passed end of life back on October 22, 2020. The introduction of this post-EOL patch for Microsoft Exchange Server 2010 coupled with Microsoft noting this vulnerability to be more likely exploitable does suggest prioritizing this patch a bit earlier.
Remote Code Execution (21)qualys: While listed as Important, there is a RCE vulnerability (CVE-2020-17096) in Microsoft Windows. A local attacker could exploit this vulnerability to elevate the attacker’s privileges or a remote attacker with SMBv2 access to affected system could send malicious requests over the network.
tenable: CVE-2020-17096 is an RCE in Windows NT File System (NTFS), the file system used in Microsoft Windows and Microsoft Windows Server. No user interaction is required to exploit this vulnerability. Depending on the attacker’s position, there are a few avenues for exploitation. For an attacker that has already established a local position on the vulnerable system, executing a malicious application that exploits the flaw would result in an elevation of privileges. Alternatively, a remote attacker could exploit the flaw by sending malicious requests to a vulnerable system, so long as they could access it over the Server Message Block version 2 protocol (SMBv2). Successful exploitation in this context would grant the attacker arbitrary code execution.
qualys: Microsoft patched five Remote Code Execution vulnerabilities in Exchange (CVE-2020-17141, CVE-2020-17142, CVE-2020-17144, CVE-2020-17117, CVE-2020-17132), which would allow an attacker to run code as system by sending a malicious email. Microsoft does rank them as “Exploitation Less Likely,” but due to the open attack vector, these patches should be prioritized on all Exchange Servers.
tenable: CVE-2020-17117, CVE-2020-17132, CVE-2020-17141, CVE-2020-17142 and CVE-2020-17144 are remote code execution (RCE) vulnerabilities in Microsoft Exchange. All of these have been labeled by Microsoft as “Exploitation Less Likely” with the exception of CVE-2020-17144, which has been labeled as “Exploitation More Likely.”
tenable: CVE-2020-17132 is credited to Steven Seeley, a researcher at Source Incite, who is frequently acknowledged for his disclosure of vulnerabilities during Patch Tuesday.
tenable: In September’s Patch Tuesday release, Seeley was credited with discovering CVE-2020-16875, which he intended to blog about until he discovered a patch bypass for the flaw. Seeley has now confirmed that CVE-2020-17132 addresses this patch bypass.
tenable: CVE-2020-17132 patches the patch bypass apparently https://t.co/BKw0IKSFoB
tenable: CVE-2020-17132 patches the patch bypass apparently https://t.co/BKw0IKSFoB — ϻг_ϻε (@steventseeley) December 8, 2020
rapid7: While there are a total of six vulnerabilities from Microsoft Exchange Server this month, two of them garner a CVSS score of 9.1 (CVE-2020-17132, CVE-2020-17142) and one is noted by Microsoft has having a higher chance of exploitability (CVE-2020-17144). These three warrant an additional examination and may be grounds for prioritizing patching.
rapid7: There is currently suspicion that CVE-2020-17132 helps address the patch bypass of CVE-2020-16875 (CVSS 8.4) from September 2020. As well, both CVE-2020-17132 and CVE-2020-17142 are remote code execution vulnerabilities occurring due to improper validation of cmdlet arguments that affect all supported (as of writing) versions of Microsoft Exchange. One important note to consider is while these vulnerabilities have received a CVSS score of 9.1 and do not require additional user interaction, an attacker must be in an authenticated role in order to exploit this vulnerability.
zdi: CVE-2020-17132 - Microsoft Exchange Remote Code Execution Vulnerability. This is one of several Exchange code execution bugs, and it is credited to three different researchers. This implies the bug was somewhat easy to find, and other researchers are likely to find the root cause, too. Microsoft doesn’t provide an attack scenario here but does note that the attacker needs be authenticated. This indicates that if you take over someone’s mailbox, you can take over the entire Exchange server. With all of the other Exchange bugs, definitely prioritize your Exchange test and deployment.
qualys: Microsoft also patched an RCE vulnerability in Hyper-V (CVE-2020-17095) which allows an attacker to run malicious programs on Hyper-V virtual machine to execute arbitrary code on the host system when it fails to properly validate vSMB packet data. This should be prioritized on all Hyper-V systems.
zdi: CVE-2020-17095 - Hyper-V Remote Code Execution Vulnerability. This patch corrects a bug that could allow an attacker to escalate privileges from code execution in a Hyper-V guest to code execution on the Hyper-V host by passing invalid vSMB packet data. It appears that no special permissions are needed on the guest OS to exploit this vulnerability. This bug also has the highest CVSS score (8.5) for the release. However, if Microsoft is wrong about the attack complexity, this could rate as high as 9.9.
qualys: Microsoft patched two RCEs (CVE-2020-17121 and CVE-2020-17118) in SharePoint. CVE-2020-17121 allows an authenticated attacker to gain access to create a site and execute code remotely within the kernel. Because of this, it is highly recommended to prioritize these patches across all SharePoint deployments.
tenable: CVE-2020-17118 and CVE-2020-17121 are RCE vulnerabilities in Microsoft SharePoint, which are labeled as “Exploitation More Likely” by Microsoft.
tenable: For CVE-2020-17121, Microsoft notes that the attack is network-based and, provided the targeted user has the required privileges, an attacker could gain access to SharePoint to craft a site and in turn remotely execute arbitrary code within the kernel.
tenable: The Zero Day Initiative (ZDI) is credited with reporting CVE-2020-17121 and offers additional details about the vulnerability in their summary blog. They note that exploitation would allow the execution of arbitrary .NET code in the context of the SharePoint Web Application service account. In SharePoint’s default configuration, it allows authenticated users to create sites with the required permissions to launch the attack which lines up with Microsoft’s FAQ.
zdi: CVE-2020-17121 - Microsoft SharePoint Remote Code Execution Vulnerability. Originally reported through the ZDI program, this patch corrects a bug that could allow an authenticated user to execute arbitrary .NET code on an affected server in the context of the SharePoint Web Application service account. In its default configuration, authenticated SharePoint users are able to create sites that provide all of the necessary permissions that are prerequisites for launching an attack. Similar bugs patched earlier this year received quite a bit of attention. We suspect this one will, too.
tenable: CVE-2020-17122, CVE-2020-17123, CVE-2020-17125, CVE-2020-17127, CVE-2020-17128 and CVE-2020-17129 are RCE vulnerabilities in Microsoft Excel. All six of these vulnerabilities were assigned a CVSSv3 score of 7.8 and labeled as “Exploitation Less Likely” by Microsoft.
tenable: Details about CVE-2020-17123, which is credited to Marcin Noga of Cisco Talos Intelligence Group, have been published on the Talos blog. According to their description, the CVE-2020-17123 is a use-after-free vulnerability in Microsoft Excel. Exploitation of this flaw requires an attacker to socially engineer their victim into opening a malicious XLS file, either via email or hosting the file on a website and convincing the user to download and open it. Successful exploitation would result in remote code execution in the context of the current user. If the user has administrative privileges, it would result in a full system compromise.
tenable: While there are no further details for the five remaining Excel vulnerabilities, if they echo CVE-2020-17123 and past Excel flaws, the attack vector could be similar, requiring a user to open a malicious XLS file either via email or by convincing them to download and execute the file from a website. However, Microsoft notes that the Outlook Preview Pane is not affected by these vulnerabilities, which means a victim would need to open the XLS file directly to trigger the exploit.
Security Feature Bypass (6)zdi: CVE-2020-16996 - Kerberos Security Feature Bypass Vulnerability. This patch corrects a security feature bypass (SFB) bug in Kerberos, but thanks to Microsoft’s decision to remove executive summaries and only provide a CVSS score, we don’t know what specific features are being bypassed. We do know this impacts Kerberos Resource-Based Constrained Delegation (RBCD), as Microsoft has released guidance on managing the deployment of RBCD/Protected User changes in a new KB article. This likely helps to protect against RBCD attacks such as the one detailed here. This patch adds the NonForwardableDelegation registry key to enable protection on Active Directory domain controller servers. This will be enforced in a future update in February.
qualys: An important vulnerability is patched by Microsoft (CVE-2020-17099) where an attacker with physical access to the target system could perform actions on a locked system, thereby executing code from Windows lock screen in the context of the active user session. This patch should be prioritized across all Windows devices.
Elevation of Privilege (14)Information Disclosure (9)Memory Corruption (1)Spoofing (4)Cross Site Scripting (1)