SpiderLabs Blog

Patch Tuesday, July 2020

Written by Karl Sigler | Jul 14, 2020 9:55:00 AM

July's Patch Tuesday is here with another large list of CVEs. It includes 20 CVEs rated "Critical" while the other 103 are rated as "Important". The list of Critical CVEs includes a Remote Code Execution vulnerability in the Windows DNS Server (CVE-2020-1350). While there is no current public exploit, MS considers exploitation likely and has issued the vulnerability a CVSS base score of 10. Unfortunately, the vulnerability allows for arbitrary code execution from any location in the Local System user context. DNS servers are often publicly exposed services available to anyone. This makes things easier for an attacker. When an exploit is developed and released, this vulnerability could result in a worm that automatically spreads from vulnerable system to vulnerable system.

Users that can't apply the patch released today for whatever reason can set this registry key as a temporary workaround:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters
Value: TcpReceivePacketSize
Data Type DWORD = 0xFF00

Please note that you will need to restart of the DNS Service for this workaround take effect. After applying the patch, you can delete the TcpReceivePacketSize key and, again, restart the service.

There are dozens of Remote Code Execution and Privilege Escalation vulnerabilities on the list of Important rated vulnerabilities as well, so make sure you get these patches in place as soon as possible.

Critical

.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability
CVE-2020-1147
Remote Code Execution

DirectWrite Remote Code Execution Vulnerability
CVE-2020-1409
Remote Code Execution

GDI+ Remote Code Execution Vulnerability
CVE-2020-1435
Remote Code Execution

Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
CVE-2020-1032, CVE-2020-1036, CVE-2020-1040, CVE-2020-1041, CVE-2020-1042, CVE-2020-1043
Remote Code Execution

LNK Remote Code Execution Vulnerability
CVE-2020-1421
Remote Code Execution

Microsoft Office Elevation of Privilege Vulnerability
CVE-2020-1025
Elevation of Privilege

Microsoft Outlook Remote Code Execution Vulnerability
CVE-2020-1349
Remote Code Execution

Microsoft Word Remote Code Execution Vulnerability
CVE-2020-1446, CVE-2020-1447
Remote Code Execution

PerformancePoint Services Remote Code Execution Vulnerability
CVE-2020-1439
Remote Code Execution

Remote Desktop Client Remote Code Execution Vulnerability
CVE-2020-1374
Remote Code Execution

VBScript Remote Code Execution Vulnerability
CVE-2020-1403
Remote Code Execution

Windows Address Book Remote Code Execution Vulnerability
CVE-2020-1410
Remote Code Execution

Windows DNS Server Remote Code Execution Vulnerability
CVE-2020-1350
Remote Code Execution

Windows Font Library Remote Code Execution Vulnerability
CVE-2020-1436
Remote Code Execution


Important

Azure DevOps Server Cross-site Scripting Vulnerability
CVE-2020-1326
Spoofing

Bond Denial of Service Vulnerability
CVE-2020-1469
Information Disclosure

Connected User Experiences and Telemetry Service Information Disclosure Vulnerability
CVE-2020-1386
Information Disclosure

Group Policy Services Policy Processing Elevation of Privilege Vulnerability
CVE-2020-1333
Elevation of Privilege

Jet Database Engine Remote Code Execution Vulnerability
CVE-2020-1400, CVE-2020-1401, CVE-2020-1407
Remote Code Execution

Local Security Authority Subsystem Service Denial of Service Vulnerability
CVE-2020-1267
Denial of Service

Microsoft Defender Elevation of Privilege Vulnerability
CVE-2020-1461
Elevation of Privilege

Microsoft Edge PDF Information Disclosure Vulnerability
CVE-2020-1433
Information Disclosure

Microsoft Excel Remote Code Execution Vulnerability
CVE-2020-1240
Remote Code Execution

Microsoft Graphics Component Information Disclosure Vulnerability
CVE-2020-1351
Information Disclosure

Microsoft Graphics Components Remote Code Execution Vulnerability
CVE-2020-1412
Remote Code Execution

Microsoft Graphics Remote Code Execution Vulnerability
CVE-2020-1408
Remote Code Execution

Microsoft Guidance for Enabling Request Smuggling Filter on IIS Servers
ADV200008
Tampering

Microsoft Office Information Disclosure Vulnerability
CVE-2020-1342, CVE-2020-1445
Information Disclosure

Microsoft Office Remote Code Execution Vulnerability
CVE-2020-1458
Remote Code Execution

Microsoft Office SharePoint XSS Vulnerability
CVE-2020-1450, CVE-2020-1451, CVE-2020-1456
Spoofing

Microsoft OneDrive Elevation of Privilege Vulnerability
CVE-2020-1465
Elevation of Privilege

Microsoft Project Remote Code Execution Vulnerability
CVE-2020-1449
Remote Code Execution

Microsoft SharePoint Reflective XSS Vulnerability
CVE-2020-1454
Spoofing

Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2020-1444
Remote Code Execution

Microsoft SharePoint Spoofing Vulnerability
CVE-2020-1443
Spoofing

Microsoft Word Remote Code Execution Vulnerability
CVE-2020-1448
Remote Code Execution

Office Web Apps XSS Vulnerability
CVE-2020-1442
Spoofing

Skype for Business via Internet Explorer Information Disclosure Vulnerability
CVE-2020-1432
Information Disclosure

Skype for Business via Microsoft Edge (EdgeHTML-based) Information Disclosure Vulnerability
CVE-2020-1462
Information Disclosure

Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability
CVE-2020-1416
Elevation of Privilege

Visual Studio Code ESLint Extension Remote Code Execution Vulnerability
CVE-2020-1481
Remote Code Execution

Windows ActiveX Installer Service Elevation of Privilege Vulnerability
CVE-2020-1402
Elevation of Privilege

Windows Agent Activation Runtime Information Disclosure Vulnerability
CVE-2020-1391
Information Disclosure

Windows ALPC Elevation of Privilege Vulnerability
CVE-2020-1396
Elevation of Privilege

Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
CVE-2020-1431
Elevation of Privilege

Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
CVE-2020-1359, CVE-2020-1384
Elevation of Privilege

Windows COM Server Elevation of Privilege Vulnerability
CVE-2020-1375
Elevation of Privilege

Windows Credential Enrollment Manager Service Elevation of Privilege Vulnerability
CVE-2020-1368
Elevation of Privilege

Windows Credential Picker Elevation of Privilege Vulnerability
CVE-2020-1385
Elevation of Privilege

Windows Diagnostics Hub Elevation of Privilege Vulnerability
CVE-2020-1393, CVE-2020-1418
Elevation of Privilege

Windows Elevation of Privilege Vulnerability
CVE-2020-1388, CVE-2020-1392, CVE-2020-1394, CVE-2020-1395
Elevation of Privilege

Windows Error Reporting Information Disclosure Vulnerability
CVE-2020-1420
Information Disclosure

Windows Error Reporting Manager Elevation of Privilege Vulnerability
CVE-2020-1429
Elevation of Privilege

Windows Event Logging Service Elevation of Privilege Vulnerability
CVE-2020-1365, CVE-2020-1371
Elevation of Privilege

Windows Font Driver Host Remote Code Execution Vulnerability
CVE-2020-1355
Remote Code Execution

Windows Function Discovery Service Elevation of Privilege Vulnerability
CVE-2020-1085
Elevation of Privilege

Windows GDI Information Disclosure Vulnerability
CVE-2020-1468
Information Disclosure

Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2020-1381, CVE-2020-1382
Elevation of Privilege

Windows Imaging Component Information Disclosure Vulnerability
CVE-2020-1397
Information Disclosure

Windows iSCSI Target Service Elevation of Privilege Vulnerability
CVE-2020-1356
Elevation of Privilege

Windows Kernel Elevation of Privilege Vulnerability
CVE-2020-1336
Elevation of Privilege

Windows Kernel Elevation of Privilege Vulnerability
CVE-2020-1411
Elevation of Privilege

Windows Kernel Information Disclosure Vulnerability
CVE-2020-1367, CVE-2020-1389, CVE-2020-1419, CVE-2020-1426
Information Disclosure

Windows Lockscreen Elevation of Privilege Vulnerability
CVE-2020-1398
Elevation of Privilege

Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability
CVE-2020-1372, CVE-2020-1405
Elevation of Privilege

Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability
CVE-2020-1330
Information Disclosure

Windows Modules Installer Elevation of Privilege Vulnerability
CVE-2020-1346
Elevation of Privilege

Windows Network Connections Service Elevation of Privilege Vulnerability
CVE-2020-1373, CVE-2020-1390, CVE-2020-1427, CVE-2020-1428, CVE-2020-1438
Elevation of Privilege

Windows Network List Service Elevation of Privilege Vulnerability
CVE-2020-1406
Elevation of Privilege

Windows Network Location Awareness Service Elevation of Privilege Vulnerability
CVE-2020-1437
Elevation of Privilege

Windows Picker Platform Elevation of Privilege Vulnerability
CVE-2020-1363
Elevation of Privilege

Windows Print Workflow Service Elevation of Privilege Vulnerability
CVE-2020-1366
Elevation of Privilege

Windows Profile Service Elevation of Privilege Vulnerability
CVE-2020-1360
Elevation of Privilege

Windows Push Notification Service Elevation of Privilege Vulnerability
CVE-2020-1387
Elevation of Privilege

Windows Resource Policy Information Disclosure Vulnerability
CVE-2020-1358
Information Disclosure

Windows Runtime Elevation of Privilege Vulnerability
CVE-2020-1249, CVE-2020-1353, CVE-2020-1370, CVE-2020-1399, CVE-2020-1404, CVE-2020-1413, CVE-2020-1414, CVE-2020-1415, CVE-2020-1422
Elevation of Privilege

Windows SharedStream Library Elevation of Privilege Vulnerability
CVE-2020-1463
Elevation of Privilege

Windows Storage Services Elevation of Privilege Vulnerability
CVE-2020-1347
Elevation of Privilege

Windows Subsystem for Linux Elevation of Privilege Vulnerability
CVE-2020-1423
Elevation of Privilege

Windows Sync Host Service Elevation of Privilege Vulnerability
CVE-2020-1434
Elevation of Privilege

Windows System Events Broker Elevation of Privilege Vulnerability
CVE-2020-1357
Elevation of Privilege

Windows Update Stack Elevation of Privilege Vulnerability
CVE-2020-1424
Elevation of Privilege

Windows UPnP Device Host Elevation of Privilege Vulnerability
CVE-2020-1354, CVE-2020-1430
Elevation of Privilege

Windows USO Core Worker Elevation of Privilege Vulnerability
CVE-2020-1352
Elevation of Privilege

Windows WalletService Denial of Service Vulnerability
CVE-2020-1364
Denial of Service

Windows WalletService Elevation of Privilege Vulnerability
CVE-2020-1344, CVE-2020-1362, CVE-2020-1369
Elevation of Privilege

Windows WalletService Information Disclosure Vulnerability
CVE-2020-1361
Information Disclosure