Security Feature Bypass - Kerberos KDC (CVE-2020-17049) - Critical [709] 1. Security Feature Bypass - Kerberos KDC (CVE-2020-17049) - Critical [709]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 1.0 | 18 | Exploitation in the wild is mentioned at Vulners (AttackerKB object), AttackerKB |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.9 | 15 | Security Feature Bypass |
| Vulnerable Product is Common | 1.0 | 14 | Kerberos |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
zdi: As someone who has written many bulletins myself, I understand the repetitive nature of these descriptions. I have literally forgotten how many kernel EoP bugs I have written up - and they were all almost identical. However, there are those outlier cases where a description does matter. Two examples are above. Another example is CVE-2020-17049. What security feature in Kerberos is being bypassed? What is the likelihood? As a network defender, I have defenses to mitigate risks beyond just applying security patches. Should I employ those other technologies while the patches roll out? Until I have some idea of the answers to those questions, I can’t accurately assess the risk to my network from this or any of the other bugs with outstanding questions. Hopefully, Microsoft will decide to re-add the executive summaries in future releases.
2. 
Elevation of Privilege - Windows Kernel Local (CVE-2020-17087) - Critical [628]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 1.0 | 18 | Exploitation in the wild is mentioned at Vulners (AttackerKB object), AttackerKB, Microsoft |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
qualys: While listed as Important, there is an Actively Attacked vulnerability (CVE-2020-17087) in Microsoft Windows. This privilege escalation vulnerability was publicly disclosed by Google in late October. According to Google’s Project Zero security researchers Mateusz Jurczyk and Sergei Glazunov, the bug allows an attacker to escalate their privileges in Windows. This patch should be prioritized across all Windows devices.
tenable: CVE-2020-17087 is an elevation of privilege vulnerability in the Windows kernel Cryptography Driver, cng.sys, that was exploited in the wild as part of a vulnerability chain with CVE-2020-15999, a buffer overflow vulnerability in the FreeType 2 library used by Google Chrome. CVE-2020-17087 was used to escape Google Chrome’s sandbox in order to elevate privileges on the exploited system. This is the second vulnerability chain involving a Google Chrome vulnerability and a Windows elevation of privilege vulnerability exploited in the last year.
tenable: Chaining vulnerabilities is an important tactic for threat actors. While both CVE-2020-15999 and CVE-2020-17087 were exploited in the wild as zero-days, the Cybersecurity and Infrastructure Security Agency (CISA) published a joint advisory with the FBI last month that highlighted threat actors chaining unpatched vulnerabilities to gain initial access into a target environment and elevate privileges. Now that Google and Microsoft have patched these flaws, it is imperative for organizations to ensure they’ve applied these patches before threat actors begin to leverage them more broadly.
rapid7: Microsoft CVE-2020-17087: Windows Kernel Local Elevation of Privilege Vulnerability. Coming as no surprise to anyone, the previously disclosed CVE-2020-17087 zero-day affecting all supported versions of Windows has a patch this month. It is with this same patch that over half of the additional vulnerabilities detailed this month can be remediated, so definitely have your patching cycles ready. CVE-2020-17087 is a buffer overflow vulnerability behind the Windows Kernel Cryptography Driver that gave local attackers the ability to escalate privileges. Luckily, as seen via Rapid7's AttackerKB analysis "exploitability is at least somewhat more limited than it might appear at first glance." This does not diminish the need to prioritize Operating System patching because of the next vulnerability up for discussion: CVE-2020-17051.
zdi: CVE-2020-17087 - Windows Kernel Local Elevation of Privilege Vulnerability. This privilege escalation bug was publicly disclosed by Google in late October. They noted it was combined with a Chrome bug to escape the browser sandbox and execute code on the target system. While not explicitly stated, the language used makes it seem the exploit is not yet widespread. However, considering there is a full analysis of the bug weeks before the patch, it will likely be incorporated into other exploits quickly.
3. Elevation of Privilege - Windows Print Spooler (CVE-2020-17001) - Critical [614]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 1.0 | 17 | Public exploit is found at Vulners (Microsoft Windows Local Spooler Bypass) |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
tenable: Interestingly enough, this month brought a patch to CVE-2020-17001, an elevation of privilege flaw in the Windows Print Spooler reported to Microsoft by James Forshaw of Google’s Project Zero team. According to the details from Project Zero, this is a bypass of the patch for CVE-2020-1337. The vulnerability disclosure provides a proof-of-concept (PoC) and although the vulnerability received only a CVSSv3 score of 7.8, this vulnerability could be used in a chained attack scenario as evident by the abuse of CVE-2020-1337.
4. 
Remote Code Execution - Windows Network File System (CVE-2020-17051) - High [513]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.9 | 10 | NVD Vulnerability Severity Rating is Critical |
qualys: Microsoft fixed a vulnerability in Network File System (NFS) (CVE-2020-17051). This CVE received a CVSS score of 9.8 with low attack complexity without any user interaction. This has a potential of wormable and should be prioritized.
qualys: Can we get an active unauthenticated separate check for CVE-2020-17051?
tenable: CVE-2020-17051 is a critical remote code execution (RCE) vulnerability affecting the Windows Network File System (NFS). NFS is a file system protocol used for file sharing across multiple operating systems on a network. According to the limited information provided by Microsoft, the vulnerability appears to impact all supported versions of Windows and can be exploited without authentication or user interaction based on the CVSSv3 score of 9.8. In a blog post by McAfee, there is speculation about combining CVE-2020-17051 with CVE-2020-17056, a remote kernel data read vulnerability in NFS, in order to bypass address space layout randomization (ASLR), which could increase the probability of a remote exploit. Additionally, the blog post notes that it’s possible for CVE-2020-17051 to be wormable, assuming NFS has been configured to allow for anonymous write access. With Microsoft labeling this vulnerability as “Exploitation More Likely” under its Exploitability Index, we suggest that the organizations prioritize patches for both of these CVEs.
rapid7: Microsoft CVE-2020-17087: Windows Kernel Local Elevation of Privilege Vulnerability. Coming as no surprise to anyone, the previously disclosed CVE-2020-17087 zero-day affecting all supported versions of Windows has a patch this month. It is with this same patch that over half of the additional vulnerabilities detailed this month can be remediated, so definitely have your patching cycles ready. CVE-2020-17087 is a buffer overflow vulnerability behind the Windows Kernel Cryptography Driver that gave local attackers the ability to escalate privileges. Luckily, as seen via Rapid7's AttackerKB analysis "exploitability is at least somewhat more limited than it might appear at first glance." This does not diminish the need to prioritize Operating System patching because of the next vulnerability up for discussion: CVE-2020-17051.
rapid7: Microsoft CVE-2020-17051: Windows Network File System Remote Code Execution. CVE-2020-17051 is this month's highest severity vulnerability sitting at CVSS 9.8. Microsoft describes CVE-2020-17051 as a Remote Code Execution vulnerability affecting Windows Network File System. At the time of writing, information regarding this vulnerability is light but Microsoft has noted that it has low attack complexity and does not require user interaction to exploit. This is aptly represented by the high CVSS score. At this point, this vulnerability is not known to be exploited in the wild.
zdi: CVE-2020-17051 - Windows Network File System Remote Code Execution Vulnerability. With no description to work from, we need to rely on the CVSS to provide clues about the real risk from this bug. At a 9.8, it’s about as critical as a bug can get. Considering this is listed as no user interaction with low attack complexity, and considering NFS is a network service, you should treat this as wormable until we learn otherwise.
5. Remote Code Execution - Windows Print Spooler (CVE-2020-17042) - High [500]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.8 | 10 | NVD Vulnerability Severity Rating is High |
qualys: Microsoft also patched a Remote Code Execution vulnerability in Print Spooler (CVE-2020-17042), which would lead to elevation of privileges. The exploit requires user interaction but has a low attack complexity which makes it more likely to be compromised. This patch should be prioritized.
tenable: CVE-2020-17042 is an RCE vulnerability in the Windows Print Spooler. Despite receiving an Exploitability Index rating of “Exploitation Less Likely,” this vulnerability should be high up on any organization's patch priority list as it received a CVSSv3 score of 8.8. Although Microsoft does not provide any details on the flaw or conditions to exploit, it’s important to consider past flaws in the Windows Print Spooler. In August, CVE-2020-1337 was patched by Microsoft shortly after being discussed in presentations at both the Black Hat USA and DEF CON conferences. The presentations, A Decade After Stuxnet's Printer Vulnerability: Printing is Still the Stairway to Heaven from SafeBreach Labs discusses how a flaw in the Windows Print Spooler could be chained with additional vulnerabilities to compromise a host and further propagate across a network. With interest in the print spooler as an attack vector from security researchers, we anticipate to see further information on this in the near future.
6. Security Feature Bypass - Windows Hyper-V (CVE-2020-17040) - High [493]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.9 | 15 | Security Feature Bypass |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.9 | 10 | NVD Vulnerability Severity Rating is Critical |
zdi: CVE-2020-17040 - Windows Hyper-V Security Feature Bypass Vulnerability. Here’s another bug that could be helped by a description. It’s not clear which security feature in Hyper-V is being bypassed or how an attacker can abuse it. Again, the attack complexity is low, authentication is not required, and there is no user interaction. Additional details are needed to accurately judge the risk from this bug, but the title and CVSS values alone put this bug on everyone’s radar.
7. Remote Code Execution - Windows GDI+ (CVE-2020-17068) - High [486]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
8. Security Feature Bypass - Microsoft Defender for Endpoint (CVE-2020-17090) - High [474]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.9 | 15 | Security Feature Bypass |
| Vulnerable Product is Common | 0.9 | 14 | Microsoft Defender |
| CVSS Base Score | 0.9 | 10 | NVD Vulnerability Severity Rating is Critical |
9. Remote Code Execution - Microsoft Exchange Server (CVE-2020-17084) - High [462]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.8 | 14 | Microsoft Exchange |
| CVSS Base Score | 0.8 | 10 | NVD Vulnerability Severity Rating is High |
tenable: CVE-2020-17083 and CVE-2020-17084 are both RCE flaws within Microsoft Exchange Server. CVE-2020-17083 is scored as a CVSSv3 5.5 while CVE-2020-17084has a CVSSv3 score of 8.5. While both flaws are labeled as “Exploitation Less Likely,” from reviewing the CVSS score, it’s likely these vulnerabilities could be exploited by enticing a user to open a crafted email. The vulnerabilities are credited to Steven Seeley of Source Incite. While unconfirmed, it’s likely that these fixes are related to a bypass Seeley found for CVE-2020-16875. Seeley has noted on Twitter that the CVSS score for CVE-2020-17083 is incorrect and should be 8.5.
zdi: CVE-2020-17084 - Microsoft Exchange Server Remote Code Execution Vulnerability. This patch corrects a code execution bug in Exchange that was reported by Pwn2Own Miami winner Steven Seeley. With no details provided by Microsoft, we can only assume this is the bypass of CVE-2020-16875 he had previously mentioned. It is very likely he will his publish the details of these bugs soon. Microsoft rates this as Important, but I would treat it as Critical, especially since people seem to find it hard to patch Exchange at all.
10. Remote Code Execution - Microsoft Excel (CVE-2020-17019) - High [429]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.7 | 14 | MS Office product |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
tenable: CVE-2020-17019, CVE-2020-17064, CVE-2020-17065, and CVE-2020-17066 are RCE flaws within Microsoft Excel. Each of these flaws received a CVSSv3 score of 7.8. The CVSS metrics call out that user interaction is required in order to exploit the flaws, however this is a common scenario for Microsoft Office related flaws. We speculate that the path to exploitation requires that a user open a crafted file with an affected version of Microsoft Excel. These vulnerabilities are likely to be exploited in phishing attacks. Despite a lower exploitation probability, these updates are important to apply.
11. Remote Code Execution - Microsoft Office Access Connectivity Engine (CVE-2020-17062) - High [429]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.7 | 14 | MS Office product |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
12. Remote Code Execution - Microsoft Excel (CVE-2020-17064) - High [429]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.7 | 14 | MS Office product |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
tenable: CVE-2020-17019, CVE-2020-17064, CVE-2020-17065, and CVE-2020-17066 are RCE flaws within Microsoft Excel. Each of these flaws received a CVSSv3 score of 7.8. The CVSS metrics call out that user interaction is required in order to exploit the flaws, however this is a common scenario for Microsoft Office related flaws. We speculate that the path to exploitation requires that a user open a crafted file with an affected version of Microsoft Excel. These vulnerabilities are likely to be exploited in phishing attacks. Despite a lower exploitation probability, these updates are important to apply.
13. Remote Code Execution - Microsoft Excel (CVE-2020-17065) - High [429]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.7 | 14 | MS Office product |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
tenable: CVE-2020-17019, CVE-2020-17064, CVE-2020-17065, and CVE-2020-17066 are RCE flaws within Microsoft Excel. Each of these flaws received a CVSSv3 score of 7.8. The CVSS metrics call out that user interaction is required in order to exploit the flaws, however this is a common scenario for Microsoft Office related flaws. We speculate that the path to exploitation requires that a user open a crafted file with an affected version of Microsoft Excel. These vulnerabilities are likely to be exploited in phishing attacks. Despite a lower exploitation probability, these updates are important to apply.
14. Remote Code Execution - Microsoft Excel (CVE-2020-17066) - High [429]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.7 | 14 | MS Office product |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
tenable: CVE-2020-17019, CVE-2020-17064, CVE-2020-17065, and CVE-2020-17066 are RCE flaws within Microsoft Excel. Each of these flaws received a CVSSv3 score of 7.8. The CVSS metrics call out that user interaction is required in order to exploit the flaws, however this is a common scenario for Microsoft Office related flaws. We speculate that the path to exploitation requires that a user open a crafted file with an affected version of Microsoft Excel. These vulnerabilities are likely to be exploited in phishing attacks. Despite a lower exploitation probability, these updates are important to apply.
15. Remote Code Execution - Microsoft Teams (CVE-2020-17091) - High [429]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.7 | 14 | MS Office product |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
tenable: CVE-2020-17091 is a RCE vulnerability in Microsoft Teams, a platform used by businesses, small teams and schools for collaboration and distance learning. The vulnerability is credited to Matt Austin, director of security research at Contrast Security. In November 2019, Austin tweeted that he discovered a “one click RCE” in Microsoft Teams that he submitted to Microsoft on September 1, 2018 that was still an open case one year later.
tenable: It is unclear if CVE-2020-17091 is the same vulnerability, but since it is credited to the researcher, we surmise this might be the case.
16. 
Denial of Service - Windows Network File System (CVE-2020-17047) - High [425]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.7 | 15 | Denial of Service |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
17. Remote Code Execution - Microsoft SharePoint (CVE-2020-17061) - High [424]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.6 | 14 | SharePoint |
| CVSS Base Score | 0.8 | 10 | NVD Vulnerability Severity Rating is High |
qualys: Microsoft patched six vulnerabilities in SharePoint, and one of them could lead to Remote Code Execution (CVE-2020-17061). Three of these vulnerabilities (CVE-2020-17016, CVE-2020-17015, CVE-2020-17060) involve spoofing vulnerabilities, and two (CVE-2020-16979, CVE-2020-17017) involve information disclosure vulnerabilities. The remaining one (CVE-2020-17061) is a remote code execution vulnerability. Because of this, it is highly recommended to prioritize these patches across all SharePoint deployments.
tenable: CVE-2020-17061 is a RCE vulnerability in Microsoft SharePoint. A remote attacker could exploit this vulnerability to gain code execution privileges on the SharePoint server. According to the advisory, an attacker requires low level privileges in order to exploit the vulnerability.
tenable: In September and October, we saw a stream of patches for SharePoint RCE vulnerabilities. SharePoint is an attractive target for both researchers and threat actors. One of the most notable SharePoint vulnerabilities, CVE-2019-0604 has been actively exploited for well over a year now. While CVE-2020-17061 is not as severe as CVE-2019-0604, the regularity with which we’re seeing patches for SharePoint vulnerabilities should serve as a reminder for defenders to ensure they’re patching SharePoint regularly to reduce the potential attack surface for their organization.
18. Remote Code Execution - Microsoft Exchange Server (CVE-2020-17083) - High [421]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.8 | 14 | Microsoft Exchange |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
tenable: CVE-2020-17083 and CVE-2020-17084 are both RCE flaws within Microsoft Exchange Server. CVE-2020-17083 is scored as a CVSSv3 5.5 while CVE-2020-17084has a CVSSv3 score of 8.5. While both flaws are labeled as “Exploitation Less Likely,” from reviewing the CVSS score, it’s likely these vulnerabilities could be exploited by enticing a user to open a crafted email. The vulnerabilities are credited to Steven Seeley of Source Incite. While unconfirmed, it’s likely that these fixes are related to a bypass Seeley found for CVE-2020-16875. Seeley has noted on Twitter that the CVSS score for CVE-2020-17083 is incorrect and should be 8.5.
19. Remote Code Execution - Visual Studio Code JSHint Extension (CVE-2020-17104) - High [410]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.6 | 14 | Visual Studio |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
20. Security Feature Bypass - Microsoft Excel (CVE-2020-17067) - High [409]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.9 | 15 | Security Feature Bypass |
| Vulnerable Product is Common | 0.7 | 14 | MS Office product |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
21. Denial of Service - Windows Error Reporting (CVE-2020-17046) - Medium [398]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.7 | 15 | Denial of Service |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
22. Remote Code Execution - Azure Sphere (CVE-2020-16970) - Medium [386]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.4 | 14 | Azure Sphere |
| CVSS Base Score | 0.8 | 10 | NVD Vulnerability Severity Rating is High |
23. Elevation of Privilege - Windows Error Reporting (CVE-2020-17007) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
24. Elevation of Privilege - Windows Kernel (CVE-2020-17010) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
25. Elevation of Privilege - Windows Port Class Library (CVE-2020-17011) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
26. Elevation of Privilege - Windows Bind Filter Driver (CVE-2020-17012) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
zdi: There are a total of 37 elevation of privilege (EoP) bugs getting fixes this month. In most of these cases, an attacker would need to log in to a target system then run a specially crafted program to escalate privileges. There are a couple of exceptions, such as CVE-2020-17012. IN this case, the specific flaw exists within the bindflt.sys driver. A crafted request with an IOCTL of 0x220000 can perform remapping of directories. This was reported through the ZDI program, so we do have a good understanding of this bug.
27. Elevation of Privilege - Windows Print Spooler (CVE-2020-17014) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
28. Elevation of Privilege - Windows Client Side Rendering Print Provider (CVE-2020-17024) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
29. Elevation of Privilege - Windows Remote Access (CVE-2020-17025) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
30. Elevation of Privilege - Windows Remote Access (CVE-2020-17026) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
31. Elevation of Privilege - Windows Remote Access (CVE-2020-17027) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
32. Elevation of Privilege - Windows Remote Access (CVE-2020-17028) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
33. Elevation of Privilege - Windows Remote Access (CVE-2020-17031) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
34. Elevation of Privilege - Windows Remote Access (CVE-2020-17032) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
35. Elevation of Privilege - Windows Remote Access (CVE-2020-17033) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
36. Elevation of Privilege - Windows Remote Access (CVE-2020-17034) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
37. Elevation of Privilege - Windows Kernel (CVE-2020-17035) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
38. Elevation of Privilege - Windows WalletService (CVE-2020-17037) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
39. Elevation of Privilege - Windows Kernel (CVE-2020-17038) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
40. Elevation of Privilege - Windows Print Configuration (CVE-2020-17041) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
41. Elevation of Privilege - Windows Remote Access (CVE-2020-17043) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
42. Elevation of Privilege - Windows Remote Access (CVE-2020-17044) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
43. Elevation of Privilege - Windows Remote Access (CVE-2020-17055) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
44. Elevation of Privilege - Windows Win32k (CVE-2020-17057) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
45. Elevation of Privilege - Windows Update Medic Service (CVE-2020-17070) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
46. Elevation of Privilege - Windows Update Orchestrator Service (CVE-2020-17073) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
47. Elevation of Privilege - Windows Update Orchestrator Service (CVE-2020-17074) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
48. Elevation of Privilege - Windows USO Core Worker (CVE-2020-17075) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
49. Elevation of Privilege - Windows Update Orchestrator Service (CVE-2020-17076) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
50. Elevation of Privilege - Windows Update Stack (CVE-2020-17077) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
51. Elevation of Privilege - Windows Common Log File System Driver (CVE-2020-17088) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
52. Security Feature Bypass - Microsoft Word (CVE-2020-17020) - Medium [382]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.9 | 15 | Security Feature Bypass |
| Vulnerable Product is Common | 0.7 | 14 | MS Office product |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
53. Remote Code Execution - Azure Sphere (CVE-2020-16984) - Medium [372]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.4 | 14 | Azure Sphere |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
54. Remote Code Execution - Azure Sphere (CVE-2020-16987) - Medium [372]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.4 | 14 | Azure Sphere |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
55. Elevation of Privilege - DirectX (CVE-2020-16998) - Medium [366]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.9 | 14 | DirectX |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
56. 
Memory Corruption - Chakra Scripting Engine (CVE-2020-17048) - Medium [362]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.6 | 15 | Memory Corruption |
| Vulnerable Product is Common | 0.7 | 14 | MS Internet Browser |
| CVSS Base Score | 0.8 | 10 | NVD Vulnerability Severity Rating is High |
rapid7: While it feels like it's been a while, browser vulnerabilities are still a thing, and this month brought along five vulnerabilities affecting Internet Explorer and Edge browsers (EdgeHTML-based). CVE-2020-17048, CVE-2020-17052, CVE-2020-17053, CVE-2020-17054, and CVE-2020-17058 are all Remote Code Execution vulnerabilities potentially affecting Internet Explorer and/or Microsoft Edge (again, non-Chromium).
57. Memory Corruption - Scripting Engine (CVE-2020-17052) - Medium [362]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.6 | 15 | Memory Corruption |
| Vulnerable Product is Common | 0.7 | 14 | MS Internet Browser |
| CVSS Base Score | 0.8 | 10 | NVD Vulnerability Severity Rating is High |
rapid7: While it feels like it's been a while, browser vulnerabilities are still a thing, and this month brought along five vulnerabilities affecting Internet Explorer and Edge browsers (EdgeHTML-based). CVE-2020-17048, CVE-2020-17052, CVE-2020-17053, CVE-2020-17054, and CVE-2020-17058 are all Remote Code Execution vulnerabilities potentially affecting Internet Explorer and/or Microsoft Edge (again, non-Chromium).
58. Remote Code Execution - Azure Sphere (CVE-2020-16982) - Medium [359]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.4 | 14 | Azure Sphere |
| CVSS Base Score | 0.6 | 10 | NVD Vulnerability Severity Rating is Medium |
59. Memory Corruption - Internet Explorer (CVE-2020-17053) - Medium [348]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.6 | 15 | Memory Corruption |
| Vulnerable Product is Common | 0.7 | 14 | MS Internet Browser |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
rapid7: While it feels like it's been a while, browser vulnerabilities are still a thing, and this month brought along five vulnerabilities affecting Internet Explorer and Edge browsers (EdgeHTML-based). CVE-2020-17048, CVE-2020-17052, CVE-2020-17053, CVE-2020-17054, and CVE-2020-17058 are all Remote Code Execution vulnerabilities potentially affecting Internet Explorer and/or Microsoft Edge (again, non-Chromium).
60. Memory Corruption - Chakra Scripting Engine (CVE-2020-17054) - Medium [348]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.6 | 15 | Memory Corruption |
| Vulnerable Product is Common | 0.7 | 14 | MS Internet Browser |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
rapid7: While it feels like it's been a while, browser vulnerabilities are still a thing, and this month brought along five vulnerabilities affecting Internet Explorer and Edge browsers (EdgeHTML-based). CVE-2020-17048, CVE-2020-17052, CVE-2020-17053, CVE-2020-17054, and CVE-2020-17058 are all Remote Code Execution vulnerabilities potentially affecting Internet Explorer and/or Microsoft Edge (again, non-Chromium).
61. Memory Corruption - Microsoft Browser (CVE-2020-17058) - Medium [348]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.6 | 15 | Memory Corruption |
| Vulnerable Product is Common | 0.7 | 14 | MS Internet Browser |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
rapid7: While it feels like it's been a while, browser vulnerabilities are still a thing, and this month brought along five vulnerabilities affecting Internet Explorer and Edge browsers (EdgeHTML-based). CVE-2020-17048, CVE-2020-17052, CVE-2020-17053, CVE-2020-17054, and CVE-2020-17058 are all Remote Code Execution vulnerabilities potentially affecting Internet Explorer and/or Microsoft Edge (again, non-Chromium).
62. Denial of Service - Microsoft Exchange Server (CVE-2020-17085) - Medium [347]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.7 | 15 | Denial of Service |
| Vulnerable Product is Common | 0.8 | 14 | Microsoft Exchange |
| CVSS Base Score | 0.4 | 10 | NVD Vulnerability Severity Rating is Medium |
63. Remote Code Execution - Azure Sphere (CVE-2020-16991) - Medium [345]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.4 | 14 | Azure Sphere |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
64. Remote Code Execution - Azure Sphere (CVE-2020-16994) - Medium [345]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.4 | 14 | Azure Sphere |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
65. Remote Code Execution - Raw Image Extension (CVE-2020-17078) - Medium [343]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.1 | 14 | Other less common product |
| CVSS Base Score | 0.9 | 10 | NVD Vulnerability Severity Rating is Critical |
66. Remote Code Execution - Raw Image Extension (CVE-2020-17079) - Medium [343]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.1 | 14 | Other less common product |
| CVSS Base Score | 0.9 | 10 | NVD Vulnerability Severity Rating is Critical |
67. Remote Code Execution - Raw Image Extension (CVE-2020-17082) - Medium [343]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.1 | 14 | Other less common product |
| CVSS Base Score | 0.9 | 10 | NVD Vulnerability Severity Rating is Critical |
68. Remote Code Execution - Raw Image Extension (CVE-2020-17086) - Medium [343]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.1 | 14 | Other less common product |
| CVSS Base Score | 0.9 | 10 | NVD Vulnerability Severity Rating is Critical |
69. Remote Code Execution - AV1 Video Extension (CVE-2020-17105) - Medium [343]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.1 | 14 | Other less common product |
| CVSS Base Score | 0.9 | 10 | NVD Vulnerability Severity Rating is Critical |
70. 
Spoofing - Windows (CVE-2020-1599) - Medium [337]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Spoofing |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
tenable: CVE-2020-17087 is an elevation of privilege vulnerability in the Windows kernel Cryptography Driver, cng.sys, that was exploited in the wild as part of a vulnerability chain with CVE-2020-15999, a buffer overflow vulnerability in the FreeType 2 library used by Google Chrome. CVE-2020-17087 was used to escape Google Chrome’s sandbox in order to elevate privileges on the exploited system. This is the second vulnerability chain involving a Google Chrome vulnerability and a Windows elevation of privilege vulnerability exploited in the last year.
tenable: Chaining vulnerabilities is an important tactic for threat actors. While both CVE-2020-15999 and CVE-2020-17087 were exploited in the wild as zero-days, the Cybersecurity and Infrastructure Security Agency (CISA) published a joint advisory with the FBI last month that highlighted threat actors chaining unpatched vulnerabilities to gain initial access into a target environment and elevate privileges. Now that Google and Microsoft have patched these flaws, it is imperative for organizations to ensure they’ve applied these patches before threat actors begin to leverage them more broadly.
zdi: Six patches address spoofing bugs, but without a description, it’s difficult to guess what these might be. The spoofing bugs in SharePoint typically indicate XSS, but CVE-2020-1599 title “Windows Spoofing Vulnerability” could be just about anything. The same could be said for the tampering fixes for Azure Sphere and Visual Studio. The November release is rounded out by four patches to address XSS in Microsoft Dynamics 365.
71. 
Information Disclosure - Windows WalletService (CVE-2020-16999) - Medium [337]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
72. Information Disclosure - Windows Graphics Component (CVE-2020-17004) - Medium [337]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
73. Information Disclosure - Windows Kernel (CVE-2020-17013) - Medium [337]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
74. Information Disclosure - Windows Canonical Display Driver (CVE-2020-17029) - Medium [337]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
75. Information Disclosure - Windows MSCTF Server (CVE-2020-17030) - Medium [337]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
76. Information Disclosure - Windows Function Discovery SSDP Provider (CVE-2020-17036) - Medium [337]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
77. Information Disclosure - Windows KernelStream (CVE-2020-17045) - Medium [337]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
78. Information Disclosure - Windows Network File System (CVE-2020-17056) - Medium [337]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
tenable: CVE-2020-17051 is a critical remote code execution (RCE) vulnerability affecting the Windows Network File System (NFS). NFS is a file system protocol used for file sharing across multiple operating systems on a network. According to the limited information provided by Microsoft, the vulnerability appears to impact all supported versions of Windows and can be exploited without authentication or user interaction based on the CVSSv3 score of 9.8. In a blog post by McAfee, there is speculation about combining CVE-2020-17051 with CVE-2020-17056, a remote kernel data read vulnerability in NFS, in order to bypass address space layout randomization (ASLR), which could increase the probability of a remote exploit. Additionally, the blog post notes that it’s possible for CVE-2020-17051 to be wormable, assuming NFS has been configured to allow for anonymous write access. With Microsoft labeling this vulnerability as “Exploitation More Likely” under its Exploitability Index, we suggest that the organizations prioritize patches for both of these CVEs.
79. Information Disclosure - Windows NDIS (CVE-2020-17069) - Medium [337]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
80. Information Disclosure - Windows Delivery Optimization (CVE-2020-17071) - Medium [337]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
81. Information Disclosure - Windows Camera Codec (CVE-2020-17113) - Medium [337]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
82. Information Disclosure - Remote Desktop Protocol Server (CVE-2020-16997) - Medium [332]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 0.9 | 14 | RDP |
| CVSS Base Score | 0.6 | 10 | NVD Vulnerability Severity Rating is Medium |
83. Information Disclosure - Remote Desktop Protocol Client (CVE-2020-17000) - Medium [318]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 0.9 | 14 | RDP |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
84. Remote Code Execution - HEIF Image Extensions (CVE-2020-17101) - Medium [316]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.1 | 14 | Other less common product |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
85. Remote Code Execution - HEVC Video Extensions (CVE-2020-17106) - Medium [316]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.1 | 14 | Other less common product |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
86. Remote Code Execution - HEVC Video Extensions (CVE-2020-17107) - Medium [316]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.1 | 14 | Other less common product |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
87. Remote Code Execution - HEVC Video Extensions (CVE-2020-17108) - Medium [316]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.1 | 14 | Other less common product |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
88. Remote Code Execution - HEVC Video Extensions (CVE-2020-17109) - Medium [316]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.1 | 14 | Other less common product |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
89. Remote Code Execution - HEVC Video Extensions (CVE-2020-17110) - Medium [316]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.1 | 14 | Other less common product |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
90. Spoofing - Microsoft SharePoint (CVE-2020-17016) - Medium [302]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Spoofing |
| Vulnerable Product is Common | 0.6 | 14 | SharePoint |
| CVSS Base Score | 0.8 | 10 | NVD Vulnerability Severity Rating is High |
qualys: Microsoft patched six vulnerabilities in SharePoint, and one of them could lead to Remote Code Execution (CVE-2020-17061). Three of these vulnerabilities (CVE-2020-17016, CVE-2020-17015, CVE-2020-17060) involve spoofing vulnerabilities, and two (CVE-2020-16979, CVE-2020-17017) involve information disclosure vulnerabilities. The remaining one (CVE-2020-17061) is a remote code execution vulnerability. Because of this, it is highly recommended to prioritize these patches across all SharePoint deployments.
91. Denial of Service - Azure Sphere (CVE-2020-16986) - Medium [285]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.7 | 15 | Denial of Service |
| Vulnerable Product is Common | 0.4 | 14 | Azure Sphere |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
92. Elevation of Privilege - Azure Sphere (CVE-2020-16992) - Medium [285]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.4 | 14 | Azure Sphere |
| CVSS Base Score | 0.8 | 10 | NVD Vulnerability Severity Rating is High |
93. Spoofing - Microsoft Office Online (CVE-2020-17063) - Medium [281]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Spoofing |
| Vulnerable Product is Common | 0.7 | 14 | MS Office product |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
94. Information Disclosure - Microsoft SharePoint (CVE-2020-16979) - Medium [275]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 0.6 | 14 | SharePoint |
| CVSS Base Score | 0.6 | 10 | NVD Vulnerability Severity Rating is Medium |
qualys: Microsoft patched six vulnerabilities in SharePoint, and one of them could lead to Remote Code Execution (CVE-2020-17061). Three of these vulnerabilities (CVE-2020-17016, CVE-2020-17015, CVE-2020-17060) involve spoofing vulnerabilities, and two (CVE-2020-16979, CVE-2020-17017) involve information disclosure vulnerabilities. The remaining one (CVE-2020-17061) is a remote code execution vulnerability. Because of this, it is highly recommended to prioritize these patches across all SharePoint deployments.
95. Spoofing - Microsoft SharePoint (CVE-2020-17015) - Medium [275]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Spoofing |
| Vulnerable Product is Common | 0.6 | 14 | SharePoint |
| CVSS Base Score | 0.6 | 10 | NVD Vulnerability Severity Rating is Medium |
qualys: Microsoft patched six vulnerabilities in SharePoint, and one of them could lead to Remote Code Execution (CVE-2020-17061). Three of these vulnerabilities (CVE-2020-17016, CVE-2020-17015, CVE-2020-17060) involve spoofing vulnerabilities, and two (CVE-2020-16979, CVE-2020-17017) involve information disclosure vulnerabilities. The remaining one (CVE-2020-17061) is a remote code execution vulnerability. Because of this, it is highly recommended to prioritize these patches across all SharePoint deployments.
96. Information Disclosure - Microsoft SharePoint (CVE-2020-17017) - Medium [275]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 0.6 | 14 | SharePoint |
| CVSS Base Score | 0.6 | 10 | NVD Vulnerability Severity Rating is Medium |
qualys: Microsoft patched six vulnerabilities in SharePoint, and one of them could lead to Remote Code Execution (CVE-2020-17061). Three of these vulnerabilities (CVE-2020-17016, CVE-2020-17015, CVE-2020-17060) involve spoofing vulnerabilities, and two (CVE-2020-16979, CVE-2020-17017) involve information disclosure vulnerabilities. The remaining one (CVE-2020-17061) is a remote code execution vulnerability. Because of this, it is highly recommended to prioritize these patches across all SharePoint deployments.
97. 
Cross Site Scripting - Microsoft Dynamics 365 (on-premises) (CVE-2020-17005) - Medium [262]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Cross Site Scripting |
| Vulnerable Product is Common | 0.6 | 14 | Microsoft Dynamics 365 |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
98. Cross Site Scripting - Microsoft Dynamics 365 (on-premises) (CVE-2020-17006) - Medium [262]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Cross Site Scripting |
| Vulnerable Product is Common | 0.6 | 14 | Microsoft Dynamics 365 |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
99. Cross Site Scripting - Microsoft Dynamics 365 (on-premises) (CVE-2020-17018) - Medium [262]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Cross Site Scripting |
| Vulnerable Product is Common | 0.6 | 14 | Microsoft Dynamics 365 |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
100. Cross Site Scripting - Microsoft Dynamics 365 (on-premises) (CVE-2020-17021) - Medium [262]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Cross Site Scripting |
| Vulnerable Product is Common | 0.6 | 14 | Microsoft Dynamics 365 |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
101. Spoofing - Microsoft SharePoint (CVE-2020-17060) - Medium [262]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Spoofing |
| Vulnerable Product is Common | 0.6 | 14 | SharePoint |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
qualys: Microsoft patched six vulnerabilities in SharePoint, and one of them could lead to Remote Code Execution (CVE-2020-17061). Three of these vulnerabilities (CVE-2020-17016, CVE-2020-17015, CVE-2020-17060) involve spoofing vulnerabilities, and two (CVE-2020-16979, CVE-2020-17017) involve information disclosure vulnerabilities. The remaining one (CVE-2020-17061) is a remote code execution vulnerability. Because of this, it is highly recommended to prioritize these patches across all SharePoint deployments.
102. Elevation of Privilege - Azure Sphere (CVE-2020-16981) - Medium [258]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.4 | 14 | Azure Sphere |
| CVSS Base Score | 0.6 | 10 | NVD Vulnerability Severity Rating is Medium |
103. Elevation of Privilege - Azure Sphere (CVE-2020-16988) - Medium [258]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.4 | 14 | Azure Sphere |
| CVSS Base Score | 0.6 | 10 | NVD Vulnerability Severity Rating is Medium |
104. Elevation of Privilege - Azure Sphere (CVE-2020-16989) - Medium [258]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.4 | 14 | Azure Sphere |
| CVSS Base Score | 0.6 | 10 | NVD Vulnerability Severity Rating is Medium |
105. Elevation of Privilege - Azure Sphere (CVE-2020-16993) - Medium [258]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.4 | 14 | Azure Sphere |
| CVSS Base Score | 0.6 | 10 | NVD Vulnerability Severity Rating is Medium |
106. 
Tampering - Visual Studio (CVE-2020-17100) - Medium [241]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.3 | 15 | Tampering |
| Vulnerable Product is Common | 0.6 | 14 | Visual Studio |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
107. Spoofing - Azure DevOps Server and Team Foundation Services (CVE-2020-1325) - Medium [224]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Spoofing |
| Vulnerable Product is Common | 0.4 | 14 | Azure Sphere |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
108. Information Disclosure - Azure Sphere (CVE-2020-16985) - Medium [224]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 0.4 | 14 | Azure Sphere |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
109. Information Disclosure - Azure Sphere (CVE-2020-16990) - Medium [224]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 0.4 | 14 | Azure Sphere |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
110. Tampering - Azure Sphere (CVE-2020-16983) - Medium [217]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.3 | 15 | Tampering |
| Vulnerable Product is Common | 0.4 | 14 | Azure Sphere |
| CVSS Base Score | 0.6 | 10 | NVD Vulnerability Severity Rating is Medium |
111. Information Disclosure - Microsoft Raw Image Extension (CVE-2020-17081) - Low [194]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 0.1 | 14 | Other less common product |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
112. Information Disclosure - WebP Image Extensions (CVE-2020-17102) - Low [167]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 0.1 | 14 | Other less common product |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
Security Feature Bypass (1)zdi: As someone who has written many bulletins myself, I understand the repetitive nature of these descriptions. I have literally forgotten how many kernel EoP bugs I have written up - and they were all almost identical. However, there are those outlier cases where a description does matter. Two examples are above. Another example is CVE-2020-17049. What security feature in Kerberos is being bypassed? What is the likelihood? As a network defender, I have defenses to mitigate risks beyond just applying security patches. Should I employ those other technologies while the patches roll out? Until I have some idea of the answers to those questions, I can’t accurately assess the risk to my network from this or any of the other bugs with outstanding questions. Hopefully, Microsoft will decide to re-add the executive summaries in future releases.
Elevation of Privilege (1)qualys: While listed as Important, there is an Actively Attacked vulnerability (CVE-2020-17087) in Microsoft Windows. This privilege escalation vulnerability was publicly disclosed by Google in late October. According to Google’s Project Zero security researchers Mateusz Jurczyk and Sergei Glazunov, the bug allows an attacker to escalate their privileges in Windows. This patch should be prioritized across all Windows devices.
tenable: CVE-2020-17087 is an elevation of privilege vulnerability in the Windows kernel Cryptography Driver, cng.sys, that was exploited in the wild as part of a vulnerability chain with CVE-2020-15999, a buffer overflow vulnerability in the FreeType 2 library used by Google Chrome. CVE-2020-17087 was used to escape Google Chrome’s sandbox in order to elevate privileges on the exploited system. This is the second vulnerability chain involving a Google Chrome vulnerability and a Windows elevation of privilege vulnerability exploited in the last year.
tenable: Chaining vulnerabilities is an important tactic for threat actors. While both CVE-2020-15999 and CVE-2020-17087 were exploited in the wild as zero-days, the Cybersecurity and Infrastructure Security Agency (CISA) published a joint advisory with the FBI last month that highlighted threat actors chaining unpatched vulnerabilities to gain initial access into a target environment and elevate privileges. Now that Google and Microsoft have patched these flaws, it is imperative for organizations to ensure they’ve applied these patches before threat actors begin to leverage them more broadly.
rapid7: Microsoft CVE-2020-17087: Windows Kernel Local Elevation of Privilege Vulnerability. Coming as no surprise to anyone, the previously disclosed CVE-2020-17087 zero-day affecting all supported versions of Windows has a patch this month. It is with this same patch that over half of the additional vulnerabilities detailed this month can be remediated, so definitely have your patching cycles ready. CVE-2020-17087 is a buffer overflow vulnerability behind the Windows Kernel Cryptography Driver that gave local attackers the ability to escalate privileges. Luckily, as seen via Rapid7's AttackerKB analysis "exploitability is at least somewhat more limited than it might appear at first glance." This does not diminish the need to prioritize Operating System patching because of the next vulnerability up for discussion: CVE-2020-17051.
zdi: CVE-2020-17087 - Windows Kernel Local Elevation of Privilege Vulnerability. This privilege escalation bug was publicly disclosed by Google in late October. They noted it was combined with a Chrome bug to escape the browser sandbox and execute code on the target system. While not explicitly stated, the language used makes it seem the exploit is not yet widespread. However, considering there is a full analysis of the bug weeks before the patch, it will likely be incorporated into other exploits quickly.
Elevation of Privilege (1)tenable: Interestingly enough, this month brought a patch to CVE-2020-17001, an elevation of privilege flaw in the Windows Print Spooler reported to Microsoft by James Forshaw of Google’s Project Zero team. According to the details from Project Zero, this is a bypass of the patch for CVE-2020-1337. The vulnerability disclosure provides a proof-of-concept (PoC) and although the vulnerability received only a CVSSv3 score of 7.8, this vulnerability could be used in a chained attack scenario as evident by the abuse of CVE-2020-1337.
Remote Code Execution (30)qualys: Microsoft fixed a vulnerability in Network File System (NFS) (CVE-2020-17051). This CVE received a CVSS score of 9.8 with low attack complexity without any user interaction. This has a potential of wormable and should be prioritized.
qualys: Can we get an active unauthenticated separate check for CVE-2020-17051?
tenable: CVE-2020-17051 is a critical remote code execution (RCE) vulnerability affecting the Windows Network File System (NFS). NFS is a file system protocol used for file sharing across multiple operating systems on a network. According to the limited information provided by Microsoft, the vulnerability appears to impact all supported versions of Windows and can be exploited without authentication or user interaction based on the CVSSv3 score of 9.8. In a blog post by McAfee, there is speculation about combining CVE-2020-17051 with CVE-2020-17056, a remote kernel data read vulnerability in NFS, in order to bypass address space layout randomization (ASLR), which could increase the probability of a remote exploit. Additionally, the blog post notes that it’s possible for CVE-2020-17051 to be wormable, assuming NFS has been configured to allow for anonymous write access. With Microsoft labeling this vulnerability as “Exploitation More Likely” under its Exploitability Index, we suggest that the organizations prioritize patches for both of these CVEs.
rapid7: Microsoft CVE-2020-17087: Windows Kernel Local Elevation of Privilege Vulnerability. Coming as no surprise to anyone, the previously disclosed CVE-2020-17087 zero-day affecting all supported versions of Windows has a patch this month. It is with this same patch that over half of the additional vulnerabilities detailed this month can be remediated, so definitely have your patching cycles ready. CVE-2020-17087 is a buffer overflow vulnerability behind the Windows Kernel Cryptography Driver that gave local attackers the ability to escalate privileges. Luckily, as seen via Rapid7's AttackerKB analysis "exploitability is at least somewhat more limited than it might appear at first glance." This does not diminish the need to prioritize Operating System patching because of the next vulnerability up for discussion: CVE-2020-17051.
rapid7: Microsoft CVE-2020-17051: Windows Network File System Remote Code Execution. CVE-2020-17051 is this month's highest severity vulnerability sitting at CVSS 9.8. Microsoft describes CVE-2020-17051 as a Remote Code Execution vulnerability affecting Windows Network File System. At the time of writing, information regarding this vulnerability is light but Microsoft has noted that it has low attack complexity and does not require user interaction to exploit. This is aptly represented by the high CVSS score. At this point, this vulnerability is not known to be exploited in the wild.
zdi: CVE-2020-17051 - Windows Network File System Remote Code Execution Vulnerability. With no description to work from, we need to rely on the CVSS to provide clues about the real risk from this bug. At a 9.8, it’s about as critical as a bug can get. Considering this is listed as no user interaction with low attack complexity, and considering NFS is a network service, you should treat this as wormable until we learn otherwise.
qualys: Microsoft also patched a Remote Code Execution vulnerability in Print Spooler (CVE-2020-17042), which would lead to elevation of privileges. The exploit requires user interaction but has a low attack complexity which makes it more likely to be compromised. This patch should be prioritized.
tenable: CVE-2020-17042 is an RCE vulnerability in the Windows Print Spooler. Despite receiving an Exploitability Index rating of “Exploitation Less Likely,” this vulnerability should be high up on any organization's patch priority list as it received a CVSSv3 score of 8.8. Although Microsoft does not provide any details on the flaw or conditions to exploit, it’s important to consider past flaws in the Windows Print Spooler. In August, CVE-2020-1337 was patched by Microsoft shortly after being discussed in presentations at both the Black Hat USA and DEF CON conferences. The presentations, A Decade After Stuxnet's Printer Vulnerability: Printing is Still the Stairway to Heaven from SafeBreach Labs discusses how a flaw in the Windows Print Spooler could be chained with additional vulnerabilities to compromise a host and further propagate across a network. With interest in the print spooler as an attack vector from security researchers, we anticipate to see further information on this in the near future.
tenable: CVE-2020-17083 and CVE-2020-17084 are both RCE flaws within Microsoft Exchange Server. CVE-2020-17083 is scored as a CVSSv3 5.5 while CVE-2020-17084has a CVSSv3 score of 8.5. While both flaws are labeled as “Exploitation Less Likely,” from reviewing the CVSS score, it’s likely these vulnerabilities could be exploited by enticing a user to open a crafted email. The vulnerabilities are credited to Steven Seeley of Source Incite. While unconfirmed, it’s likely that these fixes are related to a bypass Seeley found for CVE-2020-16875. Seeley has noted on Twitter that the CVSS score for CVE-2020-17083 is incorrect and should be 8.5.
zdi: CVE-2020-17084 - Microsoft Exchange Server Remote Code Execution Vulnerability. This patch corrects a code execution bug in Exchange that was reported by Pwn2Own Miami winner Steven Seeley. With no details provided by Microsoft, we can only assume this is the bypass of CVE-2020-16875 he had previously mentioned. It is very likely he will his publish the details of these bugs soon. Microsoft rates this as Important, but I would treat it as Critical, especially since people seem to find it hard to patch Exchange at all.
tenable: CVE-2020-17019, CVE-2020-17064, CVE-2020-17065, and CVE-2020-17066 are RCE flaws within Microsoft Excel. Each of these flaws received a CVSSv3 score of 7.8. The CVSS metrics call out that user interaction is required in order to exploit the flaws, however this is a common scenario for Microsoft Office related flaws. We speculate that the path to exploitation requires that a user open a crafted file with an affected version of Microsoft Excel. These vulnerabilities are likely to be exploited in phishing attacks. Despite a lower exploitation probability, these updates are important to apply.
tenable: CVE-2020-17091 is a RCE vulnerability in Microsoft Teams, a platform used by businesses, small teams and schools for collaboration and distance learning. The vulnerability is credited to Matt Austin, director of security research at Contrast Security. In November 2019, Austin tweeted that he discovered a “one click RCE” in Microsoft Teams that he submitted to Microsoft on September 1, 2018 that was still an open case one year later.
tenable: It is unclear if CVE-2020-17091 is the same vulnerability, but since it is credited to the researcher, we surmise this might be the case.
qualys: Microsoft patched six vulnerabilities in SharePoint, and one of them could lead to Remote Code Execution (CVE-2020-17061). Three of these vulnerabilities (CVE-2020-17016, CVE-2020-17015, CVE-2020-17060) involve spoofing vulnerabilities, and two (CVE-2020-16979, CVE-2020-17017) involve information disclosure vulnerabilities. The remaining one (CVE-2020-17061) is a remote code execution vulnerability. Because of this, it is highly recommended to prioritize these patches across all SharePoint deployments.
tenable: CVE-2020-17061 is a RCE vulnerability in Microsoft SharePoint. A remote attacker could exploit this vulnerability to gain code execution privileges on the SharePoint server. According to the advisory, an attacker requires low level privileges in order to exploit the vulnerability.
tenable: In September and October, we saw a stream of patches for SharePoint RCE vulnerabilities. SharePoint is an attractive target for both researchers and threat actors. One of the most notable SharePoint vulnerabilities, CVE-2019-0604 has been actively exploited for well over a year now. While CVE-2020-17061 is not as severe as CVE-2019-0604, the regularity with which we’re seeing patches for SharePoint vulnerabilities should serve as a reminder for defenders to ensure they’re patching SharePoint regularly to reduce the potential attack surface for their organization.
Security Feature Bypass (4)zdi: CVE-2020-17040 - Windows Hyper-V Security Feature Bypass Vulnerability. Here’s another bug that could be helped by a description. It’s not clear which security feature in Hyper-V is being bypassed or how an attacker can abuse it. Again, the attack complexity is low, authentication is not required, and there is no user interaction. Additional details are needed to accurately judge the risk from this bug, but the title and CVSS values alone put this bug on everyone’s radar.
Denial of Service (4)Elevation of Privilege (35)zdi: There are a total of 37 elevation of privilege (EoP) bugs getting fixes this month. In most of these cases, an attacker would need to log in to a target system then run a specially crafted program to escalate privileges. There are a couple of exceptions, such as CVE-2020-17012. IN this case, the specific flaw exists within the bindflt.sys driver. A crafted request with an IOCTL of 0x220000 can perform remapping of directories. This was reported through the ZDI program, so we do have a good understanding of this bug.
Memory Corruption (5)rapid7: While it feels like it's been a while, browser vulnerabilities are still a thing, and this month brought along five vulnerabilities affecting Internet Explorer and Edge browsers (EdgeHTML-based). CVE-2020-17048, CVE-2020-17052, CVE-2020-17053, CVE-2020-17054, and CVE-2020-17058 are all Remote Code Execution vulnerabilities potentially affecting Internet Explorer and/or Microsoft Edge (again, non-Chromium).
rapid7: While it feels like it's been a while, browser vulnerabilities are still a thing, and this month brought along five vulnerabilities affecting Internet Explorer and Edge browsers (EdgeHTML-based). CVE-2020-17048, CVE-2020-17052, CVE-2020-17053, CVE-2020-17054, and CVE-2020-17058 are all Remote Code Execution vulnerabilities potentially affecting Internet Explorer and/or Microsoft Edge (again, non-Chromium).
rapid7: While it feels like it's been a while, browser vulnerabilities are still a thing, and this month brought along five vulnerabilities affecting Internet Explorer and Edge browsers (EdgeHTML-based). CVE-2020-17048, CVE-2020-17052, CVE-2020-17053, CVE-2020-17054, and CVE-2020-17058 are all Remote Code Execution vulnerabilities potentially affecting Internet Explorer and/or Microsoft Edge (again, non-Chromium).
rapid7: While it feels like it's been a while, browser vulnerabilities are still a thing, and this month brought along five vulnerabilities affecting Internet Explorer and Edge browsers (EdgeHTML-based). CVE-2020-17048, CVE-2020-17052, CVE-2020-17053, CVE-2020-17054, and CVE-2020-17058 are all Remote Code Execution vulnerabilities potentially affecting Internet Explorer and/or Microsoft Edge (again, non-Chromium).
Information Disclosure (19)tenable: CVE-2020-17051 is a critical remote code execution (RCE) vulnerability affecting the Windows Network File System (NFS). NFS is a file system protocol used for file sharing across multiple operating systems on a network. According to the limited information provided by Microsoft, the vulnerability appears to impact all supported versions of Windows and can be exploited without authentication or user interaction based on the CVSSv3 score of 9.8. In a blog post by McAfee, there is speculation about combining CVE-2020-17051 with CVE-2020-17056, a remote kernel data read vulnerability in NFS, in order to bypass address space layout randomization (ASLR), which could increase the probability of a remote exploit. Additionally, the blog post notes that it’s possible for CVE-2020-17051 to be wormable, assuming NFS has been configured to allow for anonymous write access. With Microsoft labeling this vulnerability as “Exploitation More Likely” under its Exploitability Index, we suggest that the organizations prioritize patches for both of these CVEs.
qualys: Microsoft patched six vulnerabilities in SharePoint, and one of them could lead to Remote Code Execution (CVE-2020-17061). Three of these vulnerabilities (CVE-2020-17016, CVE-2020-17015, CVE-2020-17060) involve spoofing vulnerabilities, and two (CVE-2020-16979, CVE-2020-17017) involve information disclosure vulnerabilities. The remaining one (CVE-2020-17061) is a remote code execution vulnerability. Because of this, it is highly recommended to prioritize these patches across all SharePoint deployments.
Spoofing (6)tenable: CVE-2020-17087 is an elevation of privilege vulnerability in the Windows kernel Cryptography Driver, cng.sys, that was exploited in the wild as part of a vulnerability chain with CVE-2020-15999, a buffer overflow vulnerability in the FreeType 2 library used by Google Chrome. CVE-2020-17087 was used to escape Google Chrome’s sandbox in order to elevate privileges on the exploited system. This is the second vulnerability chain involving a Google Chrome vulnerability and a Windows elevation of privilege vulnerability exploited in the last year.
tenable: Chaining vulnerabilities is an important tactic for threat actors. While both CVE-2020-15999 and CVE-2020-17087 were exploited in the wild as zero-days, the Cybersecurity and Infrastructure Security Agency (CISA) published a joint advisory with the FBI last month that highlighted threat actors chaining unpatched vulnerabilities to gain initial access into a target environment and elevate privileges. Now that Google and Microsoft have patched these flaws, it is imperative for organizations to ensure they’ve applied these patches before threat actors begin to leverage them more broadly.
zdi: Six patches address spoofing bugs, but without a description, it’s difficult to guess what these might be. The spoofing bugs in SharePoint typically indicate XSS, but CVE-2020-1599 title “Windows Spoofing Vulnerability” could be just about anything. The same could be said for the tampering fixes for Azure Sphere and Visual Studio. The November release is rounded out by four patches to address XSS in Microsoft Dynamics 365.
qualys: Microsoft patched six vulnerabilities in SharePoint, and one of them could lead to Remote Code Execution (CVE-2020-17061). Three of these vulnerabilities (CVE-2020-17016, CVE-2020-17015, CVE-2020-17060) involve spoofing vulnerabilities, and two (CVE-2020-16979, CVE-2020-17017) involve information disclosure vulnerabilities. The remaining one (CVE-2020-17061) is a remote code execution vulnerability. Because of this, it is highly recommended to prioritize these patches across all SharePoint deployments.
Cross Site Scripting (4)Tampering (2)