Patch Tuesday, July 2020
July's Patch Tuesday is here with another large list of CVEs. It includes 20 CVEs rated "Critical" while the other 103 are rated as "Important". The list of Critical CVEs includes a Remote Code Execution vulnerability in the Windows DNS Server (CVE-2020-1350). While there is no current public exploit, MS considers exploitation likely and has issued the vulnerability a CVSS base score of 10. Unfortunately, the vulnerability allows for arbitrary code execution from any location in the Local System user context. DNS servers are often publicly exposed services available to anyone. This makes things easier for an attacker. When an exploit is developed and released, this vulnerability could result in a worm that automatically spreads from vulnerable system to vulnerable system.
Users that can't apply the patch released today for whatever reason can set this registry key as a temporary workaround:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters
Value: TcpReceivePacketSize
Data Type DWORD = 0xFF00
Please note that you will need to restart of the DNS Service for this workaround take effect. After applying the patch, you can delete the TcpReceivePacketSize key and, again, restart the service.
There are dozens of Remote Code Execution and Privilege Escalation vulnerabilities on the list of Important rated vulnerabilities as well, so make sure you get these patches in place as soon as possible.
Critical
.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability
CVE-2020-1147
Remote Code Execution
DirectWrite Remote Code Execution Vulnerability
CVE-2020-1409
Remote Code Execution
GDI+ Remote Code Execution Vulnerability
CVE-2020-1435
Remote Code Execution
Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
CVE-2020-1032, CVE-2020-1036, CVE-2020-1040, CVE-2020-1041, CVE-2020-1042, CVE-2020-1043
Remote Code Execution
LNK Remote Code Execution Vulnerability
CVE-2020-1421
Remote Code Execution
Microsoft Office Elevation of Privilege Vulnerability
CVE-2020-1025
Elevation of Privilege
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2020-1349
Remote Code Execution
Microsoft Word Remote Code Execution Vulnerability
CVE-2020-1446, CVE-2020-1447
Remote Code Execution
PerformancePoint Services Remote Code Execution Vulnerability
CVE-2020-1439
Remote Code Execution
Remote Desktop Client Remote Code Execution Vulnerability
CVE-2020-1374
Remote Code Execution
VBScript Remote Code Execution Vulnerability
CVE-2020-1403
Remote Code Execution
Windows Address Book Remote Code Execution Vulnerability
CVE-2020-1410
Remote Code Execution
Windows DNS Server Remote Code Execution Vulnerability
CVE-2020-1350
Remote Code Execution
Windows Font Library Remote Code Execution Vulnerability
CVE-2020-1436
Remote Code Execution
Important
Azure DevOps Server Cross-site Scripting Vulnerability
CVE-2020-1326
Spoofing
Bond Denial of Service Vulnerability
CVE-2020-1469
Information Disclosure
Connected User Experiences and Telemetry Service Information Disclosure Vulnerability
CVE-2020-1386
Information Disclosure
Group Policy Services Policy Processing Elevation of Privilege Vulnerability
CVE-2020-1333
Elevation of Privilege
Jet Database Engine Remote Code Execution Vulnerability
CVE-2020-1400, CVE-2020-1401, CVE-2020-1407
Remote Code Execution
Local Security Authority Subsystem Service Denial of Service Vulnerability
CVE-2020-1267
Denial of Service
Microsoft Defender Elevation of Privilege Vulnerability
CVE-2020-1461
Elevation of Privilege
Microsoft Edge PDF Information Disclosure Vulnerability
CVE-2020-1433
Information Disclosure
Microsoft Excel Remote Code Execution Vulnerability
CVE-2020-1240
Remote Code Execution
Microsoft Graphics Component Information Disclosure Vulnerability
CVE-2020-1351
Information Disclosure
Microsoft Graphics Components Remote Code Execution Vulnerability
CVE-2020-1412
Remote Code Execution
Microsoft Graphics Remote Code Execution Vulnerability
CVE-2020-1408
Remote Code Execution
Microsoft Guidance for Enabling Request Smuggling Filter on IIS Servers
ADV200008
Tampering
Microsoft Office Information Disclosure Vulnerability
CVE-2020-1342, CVE-2020-1445
Information Disclosure
Microsoft Office Remote Code Execution Vulnerability
CVE-2020-1458
Remote Code Execution
Microsoft Office SharePoint XSS Vulnerability
CVE-2020-1450, CVE-2020-1451, CVE-2020-1456
Spoofing
Microsoft OneDrive Elevation of Privilege Vulnerability
CVE-2020-1465
Elevation of Privilege
Microsoft Project Remote Code Execution Vulnerability
CVE-2020-1449
Remote Code Execution
Microsoft SharePoint Reflective XSS Vulnerability
CVE-2020-1454
Spoofing
Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2020-1444
Remote Code Execution
Microsoft SharePoint Spoofing Vulnerability
CVE-2020-1443
Spoofing
Microsoft Word Remote Code Execution Vulnerability
CVE-2020-1448
Remote Code Execution
Office Web Apps XSS Vulnerability
CVE-2020-1442
Spoofing
Skype for Business via Internet Explorer Information Disclosure Vulnerability
CVE-2020-1432
Information Disclosure
Skype for Business via Microsoft Edge (EdgeHTML-based) Information Disclosure Vulnerability
CVE-2020-1462
Information Disclosure
Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability
CVE-2020-1416
Elevation of Privilege
Visual Studio Code ESLint Extension Remote Code Execution Vulnerability
CVE-2020-1481
Remote Code Execution
Windows ActiveX Installer Service Elevation of Privilege Vulnerability
CVE-2020-1402
Elevation of Privilege
Windows Agent Activation Runtime Information Disclosure Vulnerability
CVE-2020-1391
Information Disclosure
Windows ALPC Elevation of Privilege Vulnerability
CVE-2020-1396
Elevation of Privilege
Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
CVE-2020-1431
Elevation of Privilege
Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
CVE-2020-1359, CVE-2020-1384
Elevation of Privilege
Windows COM Server Elevation of Privilege Vulnerability
CVE-2020-1375
Elevation of Privilege
Windows Credential Enrollment Manager Service Elevation of Privilege Vulnerability
CVE-2020-1368
Elevation of Privilege
Windows Credential Picker Elevation of Privilege Vulnerability
CVE-2020-1385
Elevation of Privilege
Windows Diagnostics Hub Elevation of Privilege Vulnerability
CVE-2020-1393, CVE-2020-1418
Elevation of Privilege
Windows Elevation of Privilege Vulnerability
CVE-2020-1388, CVE-2020-1392, CVE-2020-1394, CVE-2020-1395
Elevation of Privilege
Windows Error Reporting Information Disclosure Vulnerability
CVE-2020-1420
Information Disclosure
Windows Error Reporting Manager Elevation of Privilege Vulnerability
CVE-2020-1429
Elevation of Privilege
Windows Event Logging Service Elevation of Privilege Vulnerability
CVE-2020-1365, CVE-2020-1371
Elevation of Privilege
Windows Font Driver Host Remote Code Execution Vulnerability
CVE-2020-1355
Remote Code Execution
Windows Function Discovery Service Elevation of Privilege Vulnerability
CVE-2020-1085
Elevation of Privilege
Windows GDI Information Disclosure Vulnerability
CVE-2020-1468
Information Disclosure
Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2020-1381, CVE-2020-1382
Elevation of Privilege
Windows Imaging Component Information Disclosure Vulnerability
CVE-2020-1397
Information Disclosure
Windows iSCSI Target Service Elevation of Privilege Vulnerability
CVE-2020-1356
Elevation of Privilege
Windows Kernel Elevation of Privilege Vulnerability
CVE-2020-1336
Elevation of Privilege
Windows Kernel Elevation of Privilege Vulnerability
CVE-2020-1411
Elevation of Privilege
Windows Kernel Information Disclosure Vulnerability
CVE-2020-1367, CVE-2020-1389, CVE-2020-1419, CVE-2020-1426
Information Disclosure
Windows Lockscreen Elevation of Privilege Vulnerability
CVE-2020-1398
Elevation of Privilege
Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability
CVE-2020-1372, CVE-2020-1405
Elevation of Privilege
Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability
CVE-2020-1330
Information Disclosure
Windows Modules Installer Elevation of Privilege Vulnerability
CVE-2020-1346
Elevation of Privilege
Windows Network Connections Service Elevation of Privilege Vulnerability
CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438
Elevation of Privilege
Windows Network List Service Elevation of Privilege Vulnerability
CVE-2020-1406
Elevation of Privilege
Windows Network Location Awareness Service Elevation of Privilege Vulnerability
CVE-2020-1437
Elevation of Privilege
Windows Picker Platform Elevation of Privilege Vulnerability
CVE-2020-1363
Elevation of Privilege
Windows Print Workflow Service Elevation of Privilege Vulnerability
CVE-2020-1366
Elevation of Privilege
Windows Profile Service Elevation of Privilege Vulnerability
CVE-2020-1360
Elevation of Privilege
Windows Push Notification Service Elevation of Privilege Vulnerability
CVE-2020-1387
Elevation of Privilege
Windows Resource Policy Information Disclosure Vulnerability
CVE-2020-1358
Information Disclosure
Windows Runtime Elevation of Privilege Vulnerability
CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422
Elevation of Privilege
Windows SharedStream Library Elevation of Privilege Vulnerability
CVE-2020-1463
Elevation of Privilege
Windows Storage Services Elevation of Privilege Vulnerability
CVE-2020-1347
Elevation of Privilege
Windows Subsystem for Linux Elevation of Privilege Vulnerability
CVE-2020-1423
Elevation of Privilege
Windows Sync Host Service Elevation of Privilege Vulnerability
CVE-2020-1434
Elevation of Privilege
Windows System Events Broker Elevation of Privilege Vulnerability
CVE-2020-1357
Elevation of Privilege
Windows Update Stack Elevation of Privilege Vulnerability
CVE-2020-1424
Elevation of Privilege
Windows UPnP Device Host Elevation of Privilege Vulnerability
CVE-2020-1354, CVE-2020-1430
Elevation of Privilege
Windows USO Core Worker Elevation of Privilege Vulnerability
CVE-2020-1352
Elevation of Privilege
Windows WalletService Denial of Service Vulnerability
CVE-2020-1364
Denial of Service
Windows WalletService Elevation of Privilege Vulnerability
CVE-2020-1344, CVE-2020-1362, CVE-2020-1369
Elevation of Privilege
Windows WalletService Information Disclosure Vulnerability
CVE-2020-1361
Information Disclosure
About the Author
Karl Sigler is Security Research Manager, SpiderLabs Threat Intelligence at Trustwave. Karl is a 20- year infosec veteran responsible for research and analysis of current vulnerabilities, malware and threat trends at Trustwave. Follow Karl on LinkedIn.
ABOUT TRUSTWAVE
Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.