Remote Code Execution - Microsoft SharePoint (CVE-2020-16952) - Critical [640] 1. Remote Code Execution - Microsoft SharePoint (CVE-2020-16952) - Critical [640]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 1.0 | 17 | Public exploit is found at Vulners (Microsoft SharePoint SSI / ViewState Remote Code Execution) |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.6 | 14 | SharePoint |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
qualys: Two remote code execution vulnerabilities (CVE-2020-16951, CVE-2020-16952) are patched in Sharepoint Server that would allow an authenticated user on a guest system to perform security actions for an application pool process. Microsoft notes that exploitation of this vulnerability is less likely, but these patches should still be prioritized for all SharePoint servers.
tenable: CVE-2020-16951 and CVE-2020-16952 are RCE vulnerabilities in Microsoft SharePoint resulting from a failure to validate an application package’s source markup. To exploit the vulnerability, an attacker would need to be able to upload a specially crafted SharePoint application package to a vulnerable SharePoint server. Successful exploitation could allow an attacker to execute arbitrary code under the context of the SharePoint application pool and the SharePoint server farm account.
tenable: Steven Seeley, a security researcher on Qihoo 360’s Vulcan Team, is credited with discovering CVE-2020-16952. Seeley published an advisory on his website, which includes a PoC exploit script for the vulnerability.
rapid7: Microsoft SharePoint Remote Code Execution Vulnerabilities (CVE-2020-16951, CVE-2020-16952). With Proof-of-Concept exploits starting to flow out in the wild, bringing a closure to this pair of critical remote code execution vulnerabilities is a must.
rapid7: CVE-2020-16951 and CVE-2020-16952 are remote code execution vulnerabilities that exploit a gap in checking the source markup of an application package. Upon successful exploitation, the attacker could run arbitrary code in the context of the SharePoint application pool or server farm account.
rapid7: For more in-depth attacker perspective, visit AttackerKB's take on CVE-2020-16952.
2. 
Elevation of Privilege - Windows COM Server (CVE-2020-16916) - Critical [628]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 1.0 | 18 | Exploitation in the wild is mentioned at AttackerKB |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
3. Remote Code Execution - Windows Hyper-V (CVE-2020-16891) - High [500]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.8 | 10 | NVD Vulnerability Severity Rating is High |
tenable: CVE-2020-16891 is an RCE vulnerability on the host server of Windows Hyper-V when inputs from an authenticated user on the guest operating system (OS) are not properly validated. To exploit this vulnerability, an attacker would need to run a malicious application on the guest OS, which could result in arbitrary code execution on the host OS.
zdi: CVE-2020-16891 - Windows Hyper-V Remote Code Execution Vulnerability. This patch corrects a bug that allows an attacker to run a specially crafted program on an affected guest OS to execute arbitrary code on the host OS. The write up doesn’t say at what permission level the code execution occurs, but that shouldn’t stop you from rolling this out to your Hyper-V servers quickly.
4. Remote Code Execution - Windows TCP/IP (CVE-2020-16898) - High [500]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.8 | 10 | NVD Vulnerability Severity Rating is High |
qualys: An extremely critical Remote Code Execution vulnerability (CVE-2020-16898) is fixed today. Microsoft ranks this vulnerability as “Exploitation More Likely,” and according to Microsoft and the researchers at McAfee, the vulnerability is wormable. It is highly recommended to prioritize these patches on all Windows 10, including Microsoft DNS Servers.
tenable: CVE-2020-16898, dubbed “Bad Neighbor,” is a critical remote code execution (RCE) vulnerability within the Windows TCP/IP stack. The vulnerability exists due to improper handling of ICMPv6 Router Advertisement packets using Option Type 25 and an even length field. According to a blog post from McAfee, Microsoft Active Protections Program (MAPP) members were provided with a test script that successfully demonstrates exploitation of this vulnerability to cause a denial of service (DoS). While the test scenario does not provide the ability to pivot to RCE, an attacker could craft a wormable exploit to achieve RCE. While an additional bug would be required to craft an exploit, it is likely that we will see proof-of-concept (PoC) code released in the near future.
tenable: Similar to CVE-2020-16898, CVE-2020-16899 is a DoS vulnerability within the Windows TCP/IP stack. The vulnerability also results from the improper handling of ICMPv6 Router Advertisement packets. Exploitation of this flaw requires an attacker to send crafted ICMPv6 Router Advertisement packets which could cause the system to stop responding. While Microsoft does recommend applying the security update to patch this flaw, a workaround is available via a PowerShell command to disable ICMPv6 RDNSS (Recursive DNS Server) in the event the patch cannot be immediately applied.
rapid7: Microsoft CVE-2020-16898: Microsoft TCP/IP Remote Code Execution Vulnerability. With a CVSS score of 9.8 and marked as "Exploitation More Likely", this vulnerability grants the ability to execute code on target Windows 10 (version 1709+), Windows Server 2019, and Windows Server version 1903+ systems due to improper handling of ICMPv6 Router Advertisement packets.
rapid7: Unlike CVE-2020-16898, however, this vulnerability affects all supported versions of Windows OS, which may suggest affecting unsupported/earlier versions of Windows as well.
zdi: CVE-2020-16898 – Windows TCP/IP Remote Code Execution Vulnerability. This patch corrects a problem in the TCP/IP stack caused by the way it handles ICMPv6 router advertisements. A specially crafted ICMPv6 router advertisement could cause code execution on an affected system. Since the code execution occurs in the TCP/IP stack, it is assumed the attacker could execute arbitrary code with elevated privileges. If you’re running an IPv6 network, you know that filtering router advertisements is not a practical workaround. Microsoft also gives this bug its highest exploitability rating, so exploits are likely. You should definitely test and deploy this patch as soon as possible.
5. Remote Code Execution - Windows Camera Codec Pack (CVE-2020-16967) - High [486]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
6. Remote Code Execution - Windows Camera Codec Pack (CVE-2020-16968) - High [486]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
7. Remote Code Execution - Microsoft Outlook (CVE-2020-16947) - High [443]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.7 | 14 | MS Office product |
| CVSS Base Score | 0.8 | 10 | NVD Vulnerability Severity Rating is High |
tenable: CVE-2020-16947 is an RCE flaw in Microsoft Outlook due to the improper handling of objects in memory. An attacker can exploit this vulnerability using a crafted email file sent to a user of a vulnerable version of Microsoft Outlook. Because Outlook’s Preview Pane is affected by this flaw, a user does not have to open the message in order for the vulnerability to be exploited. As Outlook is widely used for enterprise email, we highly recommend prioritizing the patching of this CVE.
rapid7: Microsoft CVE-2020-16947: Outlook Remote Code Execution Vulnerability. A critical remote code execution vulnerability for Outlook 2016, Office 2019 and Microsoft 365 apps only, CVE-2020-16947 has the potential to allow an attacker to run arbitrary code in the context of the user. The attacker could then install programs or create new accounts with full user rights.
rapid7: Microsoft CVE-2020-16949: Outlook Denial of Service Vulnerability. CVE-2020-16949 is an Outlook vulnerability that affects more versions than the list around CVE-2020-14947 including Outlook 2010 and Outlook 2013. This vulnerability, however, reads differently in that this denial of service vulnerability only requires that a specially-crafted email be sent. When paired with the fact that this vulnerability is marked with the Preview Pane as an attack vector, just like CVE-2020-16947, suggests giving Outlook its fair share of attention this month.
zdi: CVE-2020-16947 - Microsoft Outlook Remote Code Execution Vulnerability. This vulnerability was reported through the ZDI program, and it could allow code execution on affected versions of Outlook just by viewing a specially crafted e-mail. The Preview Pane is an attack vector here, so you don’t even need to open the mail to be impacted. The specific flaw exists within the parsing of HTML content in an email. The issue results from the lack of proper validation of the length of user-supplied data before copying it to a fixed-length heap-based buffer. Although Microsoft gives this an XI rating of 2, we have a working proof-of-concept. Patch this one quickly.
8. 
Security Feature Bypass - Windows (CVE-2020-16910) - High [439]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.9 | 15 | Security Feature Bypass |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
9. Remote Code Execution - Microsoft Excel (CVE-2020-16929) - High [429]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.7 | 14 | MS Office product |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
tenable: CVE-2020-16929, CVE-2020-16930, CVE-2020-16931 and CVE-2020-16932 are RCE vulnerabilities in Microsoft Excel because of the way the software improperly handles objects in memory. To exploit these vulnerabilities, an attacker must create a malicious Excel file and convince their target to open the file using a vulnerable version of Microsoft Excel, either by attaching the file to an email or hosting it on a website and enticing a user to visit the website. Successful exploitation would allow an attacker to gain arbitrary code execution on the vulnerable system with the same rights as the current user. Exploitation of this vulnerability could be exponentially worse if the current user has administrative privileges, which could grant the attacker the ability to perform a complete takeover of the vulnerable system.
10. Remote Code Execution - Microsoft Excel (CVE-2020-16930) - High [429]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.7 | 14 | MS Office product |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
tenable: CVE-2020-16929, CVE-2020-16930, CVE-2020-16931 and CVE-2020-16932 are RCE vulnerabilities in Microsoft Excel because of the way the software improperly handles objects in memory. To exploit these vulnerabilities, an attacker must create a malicious Excel file and convince their target to open the file using a vulnerable version of Microsoft Excel, either by attaching the file to an email or hosting it on a website and enticing a user to visit the website. Successful exploitation would allow an attacker to gain arbitrary code execution on the vulnerable system with the same rights as the current user. Exploitation of this vulnerability could be exponentially worse if the current user has administrative privileges, which could grant the attacker the ability to perform a complete takeover of the vulnerable system.
11. Remote Code Execution - Microsoft Excel (CVE-2020-16931) - High [429]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.7 | 14 | MS Office product |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
tenable: CVE-2020-16929, CVE-2020-16930, CVE-2020-16931 and CVE-2020-16932 are RCE vulnerabilities in Microsoft Excel because of the way the software improperly handles objects in memory. To exploit these vulnerabilities, an attacker must create a malicious Excel file and convince their target to open the file using a vulnerable version of Microsoft Excel, either by attaching the file to an email or hosting it on a website and enticing a user to visit the website. Successful exploitation would allow an attacker to gain arbitrary code execution on the vulnerable system with the same rights as the current user. Exploitation of this vulnerability could be exponentially worse if the current user has administrative privileges, which could grant the attacker the ability to perform a complete takeover of the vulnerable system.
12. Remote Code Execution - Microsoft Excel (CVE-2020-16932) - High [429]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.7 | 14 | MS Office product |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
tenable: CVE-2020-16929, CVE-2020-16930, CVE-2020-16931 and CVE-2020-16932 are RCE vulnerabilities in Microsoft Excel because of the way the software improperly handles objects in memory. To exploit these vulnerabilities, an attacker must create a malicious Excel file and convince their target to open the file using a vulnerable version of Microsoft Excel, either by attaching the file to an email or hosting it on a website and enticing a user to visit the website. Successful exploitation would allow an attacker to gain arbitrary code execution on the vulnerable system with the same rights as the current user. Exploitation of this vulnerability could be exponentially worse if the current user has administrative privileges, which could grant the attacker the ability to perform a complete takeover of the vulnerable system.
13. Remote Code Execution - Microsoft Office (CVE-2020-16954) - High [429]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.7 | 14 | MS Office product |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
14. Remote Code Execution - Microsoft Office Access Connectivity Engine (CVE-2020-16957) - High [429]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.7 | 14 | MS Office product |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
15. 
Denial of Service - Windows Hyper-V (CVE-2020-1243) - High [425]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.7 | 15 | Denial of Service |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
16. Denial of Service - Windows Remote Desktop Service (CVE-2020-16863) - High [425]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.7 | 15 | Denial of Service |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
17. Denial of Service - Windows NAT (CVE-2020-16894) - High [425]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.7 | 15 | Denial of Service |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
18. Denial of Service - Windows TCP/IP (CVE-2020-16899) - High [425]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.7 | 15 | Denial of Service |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
tenable: Similar to CVE-2020-16898, CVE-2020-16899 is a DoS vulnerability within the Windows TCP/IP stack. The vulnerability also results from the improper handling of ICMPv6 Router Advertisement packets. Exploitation of this flaw requires an attacker to send crafted ICMPv6 Router Advertisement packets which could cause the system to stop responding. While Microsoft does recommend applying the security update to patch this flaw, a workaround is available via a PowerShell command to disable ICMPv6 RDNSS (Recursive DNS Server) in the event the patch cannot be immediately applied.
19. Denial of Service - Windows Remote Desktop Protocol (RDP) (CVE-2020-16927) - High [425]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.7 | 15 | Denial of Service |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
20. Security Feature Bypass - Microsoft Word (CVE-2020-16933) - High [422]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.9 | 15 | Security Feature Bypass |
| Vulnerable Product is Common | 0.7 | 14 | MS Office product |
| CVSS Base Score | 0.8 | 10 | NVD Vulnerability Severity Rating is High |
21. Remote Code Execution - Microsoft SharePoint (CVE-2020-16951) - High [410]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.6 | 14 | SharePoint |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
qualys: Two remote code execution vulnerabilities (CVE-2020-16951, CVE-2020-16952) are patched in Sharepoint Server that would allow an authenticated user on a guest system to perform security actions for an application pool process. Microsoft notes that exploitation of this vulnerability is less likely, but these patches should still be prioritized for all SharePoint servers.
tenable: CVE-2020-16951 and CVE-2020-16952 are RCE vulnerabilities in Microsoft SharePoint resulting from a failure to validate an application package’s source markup. To exploit the vulnerability, an attacker would need to be able to upload a specially crafted SharePoint application package to a vulnerable SharePoint server. Successful exploitation could allow an attacker to execute arbitrary code under the context of the SharePoint application pool and the SharePoint server farm account.
rapid7: Microsoft SharePoint Remote Code Execution Vulnerabilities (CVE-2020-16951, CVE-2020-16952). With Proof-of-Concept exploits starting to flow out in the wild, bringing a closure to this pair of critical remote code execution vulnerabilities is a must.
rapid7: CVE-2020-16951 and CVE-2020-16952 are remote code execution vulnerabilities that exploit a gap in checking the source markup of an application package. Upon successful exploitation, the attacker could run arbitrary code in the context of the SharePoint application pool or server farm account.
22. Remote Code Execution - Visual Studio Code Python Extension (CVE-2020-16977) - High [410]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.6 | 14 | Visual Studio |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
23. Elevation of Privilege - Windows Storage Services (CVE-2020-0764) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
24. Elevation of Privilege - Windows Hyper-V (CVE-2020-1047) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
25. Elevation of Privilege - Windows Hyper-V (CVE-2020-1080) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
26. Elevation of Privilege - Windows Application Compatibility Client Library (CVE-2020-16876) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
27. Elevation of Privilege - Windows (CVE-2020-16877) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
28. Elevation of Privilege - Windows Storage VSP Driver (CVE-2020-16885) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
29. Elevation of Privilege - Windows Network Connections Service (CVE-2020-16887) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
30. Elevation of Privilege - Windows Kernel (CVE-2020-16890) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
31. Elevation of Privilege - Windows Image (CVE-2020-16892) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
32. Elevation of Privilege - Windows Error Reporting Manager (CVE-2020-16895) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
33. Elevation of Privilege - Windows Event System (CVE-2020-16900) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
34. Elevation of Privilege - Windows Installer (CVE-2020-16902) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
35. Elevation of Privilege - Windows Error Reporting (CVE-2020-16905) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
36. Elevation of Privilege - Windows Kernel (CVE-2020-16907) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
37. Elevation of Privilege - Windows Setup (CVE-2020-16908) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
38. Elevation of Privilege - Windows Error Reporting (CVE-2020-16909) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
zdi: CVE-2020-16909 - Windows Error Reporting Elevation of Privilege Vulnerability. This is one of the six bugs listed as publicly known for this month. The patch corrects an escalation of privilege (EoP) in the Windows Error Reporting (WER) component that could allow an authenticated attacker to execute arbitrary code with escalated privileges. Although this CVE is not listed as being publicly exploited, bugs in this component have been reported as being used in the wild in fileless attacks. Regardless, this and the other bugs in the WER component being fixed this month should not be ignored.
39. Elevation of Privilege - Windows Backup Service (CVE-2020-16912) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
40. Elevation of Privilege - Windows Kernel (CVE-2020-16913) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
41. Elevation of Privilege - Windows Application Compatibility Client Library (CVE-2020-16920) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
42. Elevation of Privilege - Windows COM Server (CVE-2020-16935) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
43. Elevation of Privilege - Windows Backup Service (CVE-2020-16936) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
44. Elevation of Privilege - Windows Backup Service (CVE-2020-16972) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
45. Elevation of Privilege - Windows Backup Service (CVE-2020-16973) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
46. Elevation of Privilege - Windows Backup Service (CVE-2020-16974) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
47. Elevation of Privilege - Windows Backup Service (CVE-2020-16975) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
48. Elevation of Privilege - Windows Backup Service (CVE-2020-16976) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
49. Elevation of Privilege - Windows iSCSI Target Service (CVE-2020-16980) - Medium [385]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
50. Denial of Service - Microsoft Outlook (CVE-2020-16949) - Medium [368]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.7 | 15 | Denial of Service |
| Vulnerable Product is Common | 0.7 | 14 | MS Office product |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
rapid7: Microsoft CVE-2020-16949: Outlook Denial of Service Vulnerability. CVE-2020-16949 is an Outlook vulnerability that affects more versions than the list around CVE-2020-14947 including Outlook 2010 and Outlook 2013. This vulnerability, however, reads differently in that this denial of service vulnerability only requires that a specially-crafted email be sent. When paired with the fact that this vulnerability is marked with the Preview Pane as an attack vector, just like CVE-2020-16947, suggests giving Outlook its fair share of attention this month.
51. 
Information Disclosure - Windows Remote Desktop Protocol (RDP) (CVE-2020-16896) - Medium [364]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
rapid7: Microsoft CVE-2020-16896: Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability. RDP has been a focal point for some of recent attacks (e.g. BlueKeep), so whenever Microsoft provides another fix within that realm, it's prudent to make note of some specifics. CVE-2020-16896 is an information disclosure vulnerability where, when successfully exploited, allows unauthorized read access to the Windows RDP server process.
52. Elevation of Privilege - Windows - User Profile Service (CVE-2020-16940) - Medium [358]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
53. Information Disclosure - Windows KernelStream (CVE-2020-16889) - Medium [337]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
54. Information Disclosure - Windows Kernel (CVE-2020-16901) - Medium [337]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
55. Information Disclosure - Windows GDI+ (CVE-2020-16914) - Medium [337]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
56. Information Disclosure - Windows Enterprise App Management Service (CVE-2020-16919) - Medium [337]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
57. Information Disclosure - Windows Text Services Framework (CVE-2020-16921) - Medium [337]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
58. 
Spoofing - Windows (CVE-2020-16922) - Medium [337]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Spoofing |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
59. Information Disclosure - Windows Kernel (CVE-2020-16938) - Medium [337]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 1.0 | 14 | Windows component |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
60. Remote Code Execution - GDI+ (CVE-2020-16911) - Medium [329]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.1 | 14 | Other less common product |
| CVSS Base Score | 0.8 | 10 | NVD Vulnerability Severity Rating is High |
rapid7: Microsoft CVE-2020-16911: GDI+ Remote Code Execution Vulnerability. Critical remote code execution vulnerability CVE-2020-16911 leverages how the Windows Graphics Device Interface (GDI) handles objects in memory. A successful exploitation allows the attacker to install programs and/or create new accounts under the same user rights as the user who triggered this vulnerability.
61. Elevation of Privilege - Microsoft Office Click-to-Run (CVE-2020-16928) - Medium [328]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.7 | 14 | MS Office product |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
62. Elevation of Privilege - Microsoft Office Click-to-Run (CVE-2020-16934) - Medium [328]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.7 | 14 | MS Office product |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
63. Elevation of Privilege - Microsoft Office Click-to-Run (CVE-2020-16955) - Medium [328]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.7 | 14 | MS Office product |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
64. Remote Code Execution - Microsoft Graphics Components (CVE-2020-1167) - Medium [316]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.1 | 14 | Other less common product |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
tenable: CVE-2020-1167 and CVE-2020-16923 are RCE vulnerabilities in Microsoft Graphics Components because of the way objects are handled in memory. To exploit these vulnerabilities, an attacker must create a specially crafted file and convince their target to open the file. This could be achieved through targeted social engineering. Successful exploitation would allow an attacker to gain arbitrary code execution on the vulnerable system.
65. Remote Code Execution - Base3D (CVE-2020-16918) - Medium [316]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.1 | 14 | Other less common product |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
tenable: CVE-2020-16918 and CVE-2020-17003 are RCE vulnerabilities in Base3D because its rendering engine handles memory improperly. Successful exploitation of these vulnerabilities would allow an attacker to gain arbitrary code execution on a vulnerable system.
66. Remote Code Execution - Microsoft Graphics Components (CVE-2020-16923) - Medium [316]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.1 | 14 | Other less common product |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
qualys: A remote code execution vulnerability CVE-2020-16923 is patched in the Graphics component that could be exploited once a user opens a specially crafted file. Based on the information given, this should be prioritized across all Windows servers and workstations.
tenable: CVE-2020-1167 and CVE-2020-16923 are RCE vulnerabilities in Microsoft Graphics Components because of the way objects are handled in memory. To exploit these vulnerabilities, an attacker must create a specially crafted file and convince their target to open the file. This could be achieved through targeted social engineering. Successful exploitation would allow an attacker to gain arbitrary code execution on the vulnerable system.
67. Remote Code Execution - Jet Database Engine (CVE-2020-16924) - Medium [316]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.1 | 14 | Other less common product |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
68. Remote Code Execution - Base3D (CVE-2020-17003) - Medium [316]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 1.0 | 15 | Remote Code Execution |
| Vulnerable Product is Common | 0.1 | 14 | Other less common product |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
tenable: CVE-2020-16918 and CVE-2020-17003 are RCE vulnerabilities in Base3D because its rendering engine handles memory improperly. Successful exploitation of these vulnerabilities would allow an attacker to gain arbitrary code execution on a vulnerable system.
69. Information Disclosure - Microsoft Exchange (CVE-2020-16969) - Medium [313]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 0.8 | 14 | Microsoft Exchange |
| CVSS Base Score | 0.6 | 10 | NVD Vulnerability Severity Rating is Medium |
70. Elevation of Privilege - Azure Functions (CVE-2020-16904) - Medium [298]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.4 | 14 | Azure Sphere |
| CVSS Base Score | 0.9 | 10 | NVD Vulnerability Severity Rating is Critical |
71. Security Feature Bypass - PowerShellGet Module WDAC (CVE-2020-16886) - Medium [282]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.9 | 15 | Security Feature Bypass |
| Vulnerable Product is Common | 0.1 | 14 | Other less common product |
| CVSS Base Score | 0.6 | 10 | NVD Vulnerability Severity Rating is Medium |
72. Information Disclosure - Microsoft SharePoint (CVE-2020-16948) - Medium [275]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 0.6 | 14 | SharePoint |
| CVSS Base Score | 0.6 | 10 | NVD Vulnerability Severity Rating is Medium |
73. Information Disclosure - Microsoft SharePoint (CVE-2020-16953) - Medium [275]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 0.6 | 14 | SharePoint |
| CVSS Base Score | 0.6 | 10 | NVD Vulnerability Severity Rating is Medium |
74. Information Disclosure - Microsoft SharePoint (CVE-2020-16941) - Medium [262]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 0.6 | 14 | SharePoint |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
75. 
Cross Site Scripting - Microsoft SharePoint Reflective (CVE-2020-16944) - Medium [262]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Cross Site Scripting |
| Vulnerable Product is Common | 0.6 | 14 | SharePoint |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
rapid7: Microsoft SharePoint Reflective XSS Vulnerabilities (CVE-2020-16944, CVE-2020-16945, CVE-2020-16946). The last set of notable SharePoint vulnerabilities this month are three CVSS 8.7 spoofing vulnerabilities. Requiring a user to click a specially-crafted URL within targeted SharePoint Web App site, a successful exploitation from those means allows the attacker to perform cross-site scripting attacks and/or run scripts in the security context of the user.
76. Cross Site Scripting - Microsoft SharePoint (CVE-2020-16945) - Medium [262]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Cross Site Scripting |
| Vulnerable Product is Common | 0.6 | 14 | SharePoint |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
rapid7: Microsoft SharePoint Reflective XSS Vulnerabilities (CVE-2020-16944, CVE-2020-16945, CVE-2020-16946). The last set of notable SharePoint vulnerabilities this month are three CVSS 8.7 spoofing vulnerabilities. Requiring a user to click a specially-crafted URL within targeted SharePoint Web App site, a successful exploitation from those means allows the attacker to perform cross-site scripting attacks and/or run scripts in the security context of the user.
77. Cross Site Scripting - Microsoft SharePoint (CVE-2020-16946) - Medium [262]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Cross Site Scripting |
| Vulnerable Product is Common | 0.6 | 14 | SharePoint |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
rapid7: Microsoft SharePoint Reflective XSS Vulnerabilities (CVE-2020-16944, CVE-2020-16945, CVE-2020-16946). The last set of notable SharePoint vulnerabilities this month are three CVSS 8.7 spoofing vulnerabilities. Requiring a user to click a specially-crafted URL within targeted SharePoint Web App site, a successful exploitation from those means allows the attacker to perform cross-site scripting attacks and/or run scripts in the security context of the user.
78. Information Disclosure - Microsoft SharePoint (CVE-2020-16950) - Medium [262]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 0.6 | 14 | SharePoint |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
79. Cross Site Scripting - Microsoft Dynamics 365 (On-Premise) (CVE-2020-16956) - Medium [262]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Cross Site Scripting |
| Vulnerable Product is Common | 0.6 | 14 | Microsoft Dynamics 365 |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
80. Cross Site Scripting - Microsoft Dynamics 365 (On-Premise) (CVE-2020-16978) - Medium [262]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Cross Site Scripting |
| Vulnerable Product is Common | 0.6 | 14 | Microsoft Dynamics 365 |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
81. 
Memory Corruption - Media Foundation (CVE-2020-16915) - Medium [248]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.6 | 15 | Memory Corruption |
| Vulnerable Product is Common | 0.1 | 14 | Other less common product |
| CVSS Base Score | 0.8 | 10 | NVD Vulnerability Severity Rating is High |
82. Information Disclosure - Microsoft SharePoint (CVE-2020-16942) - Medium [248]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 0.6 | 14 | SharePoint |
| CVSS Base Score | 0.4 | 10 | NVD Vulnerability Severity Rating is Medium |
83. Elevation of Privilege - Group Policy (CVE-2020-16939) - Medium [214]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.1 | 14 | Other less common product |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
84. Elevation of Privilege - Network Watcher Agent Virtual Machine Extension for Linux (CVE-2020-16995) - Medium [214]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.1 | 14 | Other less common product |
| CVSS Base Score | 0.7 | 10 | NVD Vulnerability Severity Rating is High |
85. Elevation of Privilege - Dynamics 365 Commerce (CVE-2020-16943) - Medium [201]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.5 | 15 | Elevation of Privilege |
| Vulnerable Product is Common | 0.1 | 14 | Other less common product |
| CVSS Base Score | 0.6 | 10 | NVD Vulnerability Severity Rating is Medium |
86. Information Disclosure - NetBT (CVE-2020-16897) - Low [167]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 0.1 | 14 | Other less common product |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
87. Information Disclosure - .NET Framework (CVE-2020-16937) - Low [167]
| component | value | weight | comment |
|---|---|---|---|
| Exploited in the Wild | 0 | 18 | Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites |
| Public Exploit Exists | 0 | 17 | Public exploit is NOT found at Vulners website |
| Criticality of Vulnerability Type | 0.4 | 15 | Information Disclosure |
| Vulnerable Product is Common | 0.1 | 14 | Other less common product |
| CVSS Base Score | 0.5 | 10 | NVD Vulnerability Severity Rating is Medium |
Elevation of Privilege (1)Remote Code Execution (1)qualys: Two remote code execution vulnerabilities (CVE-2020-16951, CVE-2020-16952) are patched in Sharepoint Server that would allow an authenticated user on a guest system to perform security actions for an application pool process. Microsoft notes that exploitation of this vulnerability is less likely, but these patches should still be prioritized for all SharePoint servers.
tenable: CVE-2020-16951 and CVE-2020-16952 are RCE vulnerabilities in Microsoft SharePoint resulting from a failure to validate an application package’s source markup. To exploit the vulnerability, an attacker would need to be able to upload a specially crafted SharePoint application package to a vulnerable SharePoint server. Successful exploitation could allow an attacker to execute arbitrary code under the context of the SharePoint application pool and the SharePoint server farm account.
tenable: Steven Seeley, a security researcher on Qihoo 360’s Vulcan Team, is credited with discovering CVE-2020-16952. Seeley published an advisory on his website, which includes a PoC exploit script for the vulnerability.
rapid7: Microsoft SharePoint Remote Code Execution Vulnerabilities (CVE-2020-16951, CVE-2020-16952). With Proof-of-Concept exploits starting to flow out in the wild, bringing a closure to this pair of critical remote code execution vulnerabilities is a must.
rapid7: CVE-2020-16951 and CVE-2020-16952 are remote code execution vulnerabilities that exploit a gap in checking the source markup of an application package. Upon successful exploitation, the attacker could run arbitrary code in the context of the SharePoint application pool or server farm account.
rapid7: For more in-depth attacker perspective, visit AttackerKB's take on CVE-2020-16952.
Remote Code Execution (19)tenable: CVE-2020-16891 is an RCE vulnerability on the host server of Windows Hyper-V when inputs from an authenticated user on the guest operating system (OS) are not properly validated. To exploit this vulnerability, an attacker would need to run a malicious application on the guest OS, which could result in arbitrary code execution on the host OS.
zdi: CVE-2020-16891 - Windows Hyper-V Remote Code Execution Vulnerability. This patch corrects a bug that allows an attacker to run a specially crafted program on an affected guest OS to execute arbitrary code on the host OS. The write up doesn’t say at what permission level the code execution occurs, but that shouldn’t stop you from rolling this out to your Hyper-V servers quickly.
qualys: An extremely critical Remote Code Execution vulnerability (CVE-2020-16898) is fixed today. Microsoft ranks this vulnerability as “Exploitation More Likely,” and according to Microsoft and the researchers at McAfee, the vulnerability is wormable. It is highly recommended to prioritize these patches on all Windows 10, including Microsoft DNS Servers.
tenable: CVE-2020-16898, dubbed “Bad Neighbor,” is a critical remote code execution (RCE) vulnerability within the Windows TCP/IP stack. The vulnerability exists due to improper handling of ICMPv6 Router Advertisement packets using Option Type 25 and an even length field. According to a blog post from McAfee, Microsoft Active Protections Program (MAPP) members were provided with a test script that successfully demonstrates exploitation of this vulnerability to cause a denial of service (DoS). While the test scenario does not provide the ability to pivot to RCE, an attacker could craft a wormable exploit to achieve RCE. While an additional bug would be required to craft an exploit, it is likely that we will see proof-of-concept (PoC) code released in the near future.
tenable: Similar to CVE-2020-16898, CVE-2020-16899 is a DoS vulnerability within the Windows TCP/IP stack. The vulnerability also results from the improper handling of ICMPv6 Router Advertisement packets. Exploitation of this flaw requires an attacker to send crafted ICMPv6 Router Advertisement packets which could cause the system to stop responding. While Microsoft does recommend applying the security update to patch this flaw, a workaround is available via a PowerShell command to disable ICMPv6 RDNSS (Recursive DNS Server) in the event the patch cannot be immediately applied.
rapid7: Microsoft CVE-2020-16898: Microsoft TCP/IP Remote Code Execution Vulnerability. With a CVSS score of 9.8 and marked as "Exploitation More Likely", this vulnerability grants the ability to execute code on target Windows 10 (version 1709+), Windows Server 2019, and Windows Server version 1903+ systems due to improper handling of ICMPv6 Router Advertisement packets.
rapid7: Unlike CVE-2020-16898, however, this vulnerability affects all supported versions of Windows OS, which may suggest affecting unsupported/earlier versions of Windows as well.
zdi: CVE-2020-16898 – Windows TCP/IP Remote Code Execution Vulnerability. This patch corrects a problem in the TCP/IP stack caused by the way it handles ICMPv6 router advertisements. A specially crafted ICMPv6 router advertisement could cause code execution on an affected system. Since the code execution occurs in the TCP/IP stack, it is assumed the attacker could execute arbitrary code with elevated privileges. If you’re running an IPv6 network, you know that filtering router advertisements is not a practical workaround. Microsoft also gives this bug its highest exploitability rating, so exploits are likely. You should definitely test and deploy this patch as soon as possible.
tenable: CVE-2020-16947 is an RCE flaw in Microsoft Outlook due to the improper handling of objects in memory. An attacker can exploit this vulnerability using a crafted email file sent to a user of a vulnerable version of Microsoft Outlook. Because Outlook’s Preview Pane is affected by this flaw, a user does not have to open the message in order for the vulnerability to be exploited. As Outlook is widely used for enterprise email, we highly recommend prioritizing the patching of this CVE.
rapid7: Microsoft CVE-2020-16947: Outlook Remote Code Execution Vulnerability. A critical remote code execution vulnerability for Outlook 2016, Office 2019 and Microsoft 365 apps only, CVE-2020-16947 has the potential to allow an attacker to run arbitrary code in the context of the user. The attacker could then install programs or create new accounts with full user rights.
rapid7: Microsoft CVE-2020-16949: Outlook Denial of Service Vulnerability. CVE-2020-16949 is an Outlook vulnerability that affects more versions than the list around CVE-2020-14947 including Outlook 2010 and Outlook 2013. This vulnerability, however, reads differently in that this denial of service vulnerability only requires that a specially-crafted email be sent. When paired with the fact that this vulnerability is marked with the Preview Pane as an attack vector, just like CVE-2020-16947, suggests giving Outlook its fair share of attention this month.
zdi: CVE-2020-16947 - Microsoft Outlook Remote Code Execution Vulnerability. This vulnerability was reported through the ZDI program, and it could allow code execution on affected versions of Outlook just by viewing a specially crafted e-mail. The Preview Pane is an attack vector here, so you don’t even need to open the mail to be impacted. The specific flaw exists within the parsing of HTML content in an email. The issue results from the lack of proper validation of the length of user-supplied data before copying it to a fixed-length heap-based buffer. Although Microsoft gives this an XI rating of 2, we have a working proof-of-concept. Patch this one quickly.
tenable: CVE-2020-16929, CVE-2020-16930, CVE-2020-16931 and CVE-2020-16932 are RCE vulnerabilities in Microsoft Excel because of the way the software improperly handles objects in memory. To exploit these vulnerabilities, an attacker must create a malicious Excel file and convince their target to open the file using a vulnerable version of Microsoft Excel, either by attaching the file to an email or hosting it on a website and enticing a user to visit the website. Successful exploitation would allow an attacker to gain arbitrary code execution on the vulnerable system with the same rights as the current user. Exploitation of this vulnerability could be exponentially worse if the current user has administrative privileges, which could grant the attacker the ability to perform a complete takeover of the vulnerable system.
qualys: Two remote code execution vulnerabilities (CVE-2020-16951, CVE-2020-16952) are patched in Sharepoint Server that would allow an authenticated user on a guest system to perform security actions for an application pool process. Microsoft notes that exploitation of this vulnerability is less likely, but these patches should still be prioritized for all SharePoint servers.
tenable: CVE-2020-16951 and CVE-2020-16952 are RCE vulnerabilities in Microsoft SharePoint resulting from a failure to validate an application package’s source markup. To exploit the vulnerability, an attacker would need to be able to upload a specially crafted SharePoint application package to a vulnerable SharePoint server. Successful exploitation could allow an attacker to execute arbitrary code under the context of the SharePoint application pool and the SharePoint server farm account.
rapid7: Microsoft SharePoint Remote Code Execution Vulnerabilities (CVE-2020-16951, CVE-2020-16952). With Proof-of-Concept exploits starting to flow out in the wild, bringing a closure to this pair of critical remote code execution vulnerabilities is a must.
rapid7: CVE-2020-16951 and CVE-2020-16952 are remote code execution vulnerabilities that exploit a gap in checking the source markup of an application package. Upon successful exploitation, the attacker could run arbitrary code in the context of the SharePoint application pool or server farm account.
rapid7: Microsoft CVE-2020-16911: GDI+ Remote Code Execution Vulnerability. Critical remote code execution vulnerability CVE-2020-16911 leverages how the Windows Graphics Device Interface (GDI) handles objects in memory. A successful exploitation allows the attacker to install programs and/or create new accounts under the same user rights as the user who triggered this vulnerability.
tenable: CVE-2020-16918 and CVE-2020-17003 are RCE vulnerabilities in Base3D because its rendering engine handles memory improperly. Successful exploitation of these vulnerabilities would allow an attacker to gain arbitrary code execution on a vulnerable system.
qualys: A remote code execution vulnerability CVE-2020-16923 is patched in the Graphics component that could be exploited once a user opens a specially crafted file. Based on the information given, this should be prioritized across all Windows servers and workstations.
tenable: CVE-2020-1167 and CVE-2020-16923 are RCE vulnerabilities in Microsoft Graphics Components because of the way objects are handled in memory. To exploit these vulnerabilities, an attacker must create a specially crafted file and convince their target to open the file. This could be achieved through targeted social engineering. Successful exploitation would allow an attacker to gain arbitrary code execution on the vulnerable system.
Security Feature Bypass (3)Denial of Service (6)tenable: Similar to CVE-2020-16898, CVE-2020-16899 is a DoS vulnerability within the Windows TCP/IP stack. The vulnerability also results from the improper handling of ICMPv6 Router Advertisement packets. Exploitation of this flaw requires an attacker to send crafted ICMPv6 Router Advertisement packets which could cause the system to stop responding. While Microsoft does recommend applying the security update to patch this flaw, a workaround is available via a PowerShell command to disable ICMPv6 RDNSS (Recursive DNS Server) in the event the patch cannot be immediately applied.
rapid7: Microsoft CVE-2020-16949: Outlook Denial of Service Vulnerability. CVE-2020-16949 is an Outlook vulnerability that affects more versions than the list around CVE-2020-14947 including Outlook 2010 and Outlook 2013. This vulnerability, however, reads differently in that this denial of service vulnerability only requires that a specially-crafted email be sent. When paired with the fact that this vulnerability is marked with the Preview Pane as an attack vector, just like CVE-2020-16947, suggests giving Outlook its fair share of attention this month.
Elevation of Privilege (35)zdi: CVE-2020-16909 - Windows Error Reporting Elevation of Privilege Vulnerability. This is one of the six bugs listed as publicly known for this month. The patch corrects an escalation of privilege (EoP) in the Windows Error Reporting (WER) component that could allow an authenticated attacker to execute arbitrary code with escalated privileges. Although this CVE is not listed as being publicly exploited, bugs in this component have been reported as being used in the wild in fileless attacks. Regardless, this and the other bugs in the WER component being fixed this month should not be ignored.
Information Disclosure (15)rapid7: Microsoft CVE-2020-16896: Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability. RDP has been a focal point for some of recent attacks (e.g. BlueKeep), so whenever Microsoft provides another fix within that realm, it's prudent to make note of some specifics. CVE-2020-16896 is an information disclosure vulnerability where, when successfully exploited, allows unauthorized read access to the Windows RDP server process.
Spoofing (1)Cross Site Scripting (5)rapid7: Microsoft SharePoint Reflective XSS Vulnerabilities (CVE-2020-16944, CVE-2020-16945, CVE-2020-16946). The last set of notable SharePoint vulnerabilities this month are three CVSS 8.7 spoofing vulnerabilities. Requiring a user to click a specially-crafted URL within targeted SharePoint Web App site, a successful exploitation from those means allows the attacker to perform cross-site scripting attacks and/or run scripts in the security context of the user.
rapid7: Microsoft SharePoint Reflective XSS Vulnerabilities (CVE-2020-16944, CVE-2020-16945, CVE-2020-16946). The last set of notable SharePoint vulnerabilities this month are three CVSS 8.7 spoofing vulnerabilities. Requiring a user to click a specially-crafted URL within targeted SharePoint Web App site, a successful exploitation from those means allows the attacker to perform cross-site scripting attacks and/or run scripts in the security context of the user.
Memory Corruption (1)