Patch Tuesday, October 2020
October's Patch Tuesday is upon us and with it comes patches for 102 CVEs. This release includes 13 hair-raising "Critical" vulnerabilities, 88 spooky "Important" bugs, and one creepy "Moderate" issue.
On the list of "Critical" vulnerabilities are two for Azure Sphere, including Privilege Escalation and the ability to execute unsigned code (basically bypassing valid executable checks). Microsoft is also patching a critical Remote Code Execution (RCE) vulnerability in the TCP/IP stack which affects every Windows system. A malicious, specially crafted ICMPv6 Router Advertisement packets can be sent to a Windows system triggering an RCE condition. Finally patched this month are critical RCE vulnerabilities in often externally facing services including Outlook, Sharepoint, and Hyper-V.
Azure Sphere is also featured heavily on the list of Important patches with 14 vulnerabilities total. Also patched are RCE vulnerabilities in Microsoft Office and Visual Studio Code Python Extension; Privilege Escalation vulnerabilities in over two dozen packages including Dynamics 365, Microsoft Office, Windows Backup Service, Windows Error Reporting, and Windows Hyper-V. One singular Moderate vulnerability is also patched which can cause a Denial of Service condition in Microsoft Outlook.
October can be scary, but getting these vulnerabilities patched quickly, that will be one less monster you will have to worry about.
Critical
Azure Sphere Elevation of Privilege Vulnerability
CVE-2020-16988
Elevation of Privilege
Azure Sphere Unsigned Code Execution Vulnerability
CVE-2020-16982
Remote Code Execution
Base3D Remote Code Execution Vulnerability
CVE-2020-17003
Remote Code Execution
GDI+ Remote Code Execution Vulnerability
CVE-2020-16911
Remote Code Execution
Media Foundation Memory Corruption Vulnerability
CVE-2020-16915
Remote Code Execution
Microsoft Graphics Components Remote Code Execution Vulnerability
CVE-2020-16923
Remote Code Execution
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2020-16947
Remote Code Execution
Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2020-16951, CVE-2020-16952
Remote Code Execution
Windows Camera Codec Pack Remote Code Execution Vulnerability
CVE-2020-16967, CVE-2020-16968
Remote Code Execution
Windows Hyper-V Remote Code Execution Vulnerability
CVE-2020-16891
Remote Code Execution
Windows TCP/IP Remote Code Execution Vulnerability
CVE-2020-16898
Remote Code Execution
Important
.NET Framework Information Disclosure Vulnerability
CVE-2020-16937
Information Disclosure
Azure Functions Elevation of Privilege Vulnerability
CVE-2020-16904
Elevation of Privilege
Azure Sphere Denial of Service Vulnerability
CVE-2020-16986
Denial of Service
Azure Sphere Elevation of Privilege Vulnerability
CVE-2020-16981, CVE-2020-16989, CVE-2020-16992, CVE-2020-16993
Elevation of Privilege
Azure Sphere Information Disclosure Vulnerability
CVE-2020-16985, CVE-2020-16990
Information Disclosure
Azure Sphere Tampering Vulnerability
CVE-2020-16983
Tampering
Azure Sphere Unsigned Code Execution Vulnerability
CVE-2020-16970, CVE-2020-16984, CVE-2020-16987, CVE-2020-16991, CVE-2020-16994
Remote Code Execution
Base3D Remote Code Execution Vulnerability
CVE-2020-16918
Remote Code Execution
Dynamics 365 Commerce Elevation of Privilege Vulnerability
CVE-2020-16943
Elevation of Privilege
Group Policy Elevation of Privilege Vulnerability
CVE-2020-16939
Elevation of Privilege
Jet Database Engine Remote Code Execution Vulnerability
CVE-2020-16924
Remote Code Execution
Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
CVE-2020-16956, CVE-2020-16978
Spoofing
Microsoft Excel Remote Code Execution Vulnerability
CVE-2020-16929, CVE-2020-16930, CVE-2020-16931, CVE-2020-16932
Remote Code Execution
Microsoft Exchange Information Disclosure Vulnerability
CVE-2020-16969
Information Disclosure
Microsoft Graphics Components Remote Code Execution Vulnerability
CVE-2020-1167
Remote Code Execution
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
CVE-2020-16957
Remote Code Execution
Microsoft Office Click-to-Run Elevation of Privilege Vulnerability
CVE-2020-16928, CVE-2020-16934, CVE-2020-16955
Elevation of Privilege
Microsoft Office SharePoint XSS Vulnerability
CVE-2020-16945, CVE-2020-16946
Spoofing
Microsoft SharePoint Information Disclosure Vulnerability
CVE-2020-16941, CVE-2020-16942, CVE-2020-16948, CVE-2020-16950, CVE-2020-16953, CVE-2020-16944
Spoofing
Microsoft Word Security Feature Bypass Vulnerability
CVE-2020-16933
Security Feature Bypass
NetBT Information Disclosure Vulnerability
CVE-2020-16897
Information Disclosure
Network Watcher Agent Virtual Machine Extension for Linux Elevation of Privilege Vulnerability
CVE-2020-16995
Elevation of Privilege
PowerShellGet Module WDAC Security Feature Bypass Vulnerability
CVE-2020-16886
Security Feature Bypass
Visual Studio Code Python Extension Remote Code Execution Vulnerability
CVE-2020-16977
Remote Code Execution
Win32k Elevation of Privilege Vulnerability
CVE-2020-16907, CVE-2020-16913
Elevation of Privilege
Windows User Profile Service Elevation of Privilege Vulnerability
CVE-2020-16940
Elevation of Privilege
Windows Application Compatibility Client Library Elevation of Privilege Vulnerability
CVE-2020-16876
Elevation of Privilege
Windows Application Compatibility Client Library Elevation of Privilege Vulnerability
CVE-2020-16920
Elevation of Privilege
Windows Backup Service Elevation of Privilege Vulnerability
CVE-2020-16912, CVE-2020-16936, CVE-2020-16972, CVE-2020-16973, CVE-2020-16974, CVE-2020-16975, CVE-2020-16976
Elevation of Privilege
Windows COM Server Elevation of Privilege Vulnerability
CVE-2020-16916, CVE-2020-16935
Elevation of Privilege
Windows Elevation of Privilege Vulnerability
CVE-2020-16877
Elevation of Privilege
Windows Enterprise App Management Service Information Disclosure Vulnerability
CVE-2020-16919
Information Disclosure
Windows Error Reporting Elevation of Privilege Vulnerability
CVE-2020-16905, CVE-2020-16909, CVE-2020-16895
Elevation of Privilege
Windows Event System Elevation of Privilege Vulnerability
CVE-2020-16900
Elevation of Privilege
Windows GDI+ Information Disclosure Vulnerability
CVE-2020-16914
Information Disclosure
Windows Hyper-V Denial of Service Vulnerability
CVE-2020-1243
Denial of Service
Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2020-1080
Elevation of Privilege
Windows Image Elevation of Privilege Vulnerability
CVE-2020-16892
Elevation of Privilege
Windows Installer Elevation of Privilege Vulnerability
CVE-2020-16902
Elevation of Privilege
Windows iSCSI Target Service Elevation of Privilege Vulnerability
CVE-2020-16980
Elevation of Privilege
Windows Kernel Elevation of Privilege Vulnerability
CVE-2020-16890
Elevation of Privilege
Windows Kernel Information Disclosure Vulnerability
CVE-2020-16901
Information Disclosure
Windows KernelStream Information Disclosure Vulnerability
CVE-2020-16889
Information Disclosure
Windows NAT Remote Code Execution Vulnerability
CVE-2020-16894
Remote Code Execution
Windows Network Connections Service Elevation of Privilege Vulnerability
CVE-2020-16887
Elevation of Privilege
Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
CVE-2020-16927
Denial of Service
Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
CVE-2020-16896
Information Disclosure
Windows Remote Desktop Service Denial of Service Vulnerability
CVE-2020-16863
Denial of Service
Windows Security Feature Bypass Vulnerability
CVE-2020-16910
Security Feature Bypass
Windows Setup Elevation of Privilege Vulnerability
CVE-2020-16908
Elevation of Privilege
Windows Spoofing Vulnerability
CVE-2020-16922
Spoofing
Windows Storage Services Elevation of Privilege Vulnerability
CVE-2020-0764
Information Disclosure
Windows Storage VSP Driver Elevation of Privilege Vulnerability
CVE-2020-16885
Elevation of Privilege
Windows TCP/IP Denial of Service Vulnerability
CVE-2020-16899
Denial of Service
Windows Text Services Framework Information Disclosure Vulnerability
CVE-2020-16921
Information Disclosure
Windows Kernel Information Disclosure Vulnerability
CVE-2020-16938
Information Disclosure
Microsoft Office Remote Code Execution Vulnerability
CVE-2020-16954
Remote Code Execution
Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2020-1047
Elevation of Privilege
Moderate
Microsoft Outlook Denial of Service Vulnerability
CVE-2020-16949
Denial of Service
About the Author
Karl Sigler is Security Research Manager, SpiderLabs Threat Intelligence at Trustwave. Karl is a 20-year infosec veteran responsible for research and analysis of current vulnerabilities, malware and threat trends at Trustwave. Follow Karl on LinkedIn.
ABOUT TRUSTWAVE
Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.