Microsoft announced patches for 120 vulnerabilities this month, 17 of which were critical. Overall, 13 products were impacted, including Windows, Edge, Internet Explorer, Microsoft Office, SQL Server, and .NET Framework.
There are two vulnerabilities that are being exploited in the wild. The first, CVE-2020-1464, is a spoofing vulnerability in Windows Operating System. The vulnerability exists in the way Windows validates file signatures. When this vulnerability is exploited, it allows an attacker to bypass security features to allow improperly signed files to be loaded. This vulnerability impacts Windows 7 through Windows 10 and Windows Server 2008 through 2019. Interestingly, Microsoft did not acknowledge who reported the vulnerability, instead using a generic thank you: “Microsoft recognizes the efforts of those in the security community who help us protect customers through coordinated vulnerability disclosure.”
The second vulnerability being exploited in the wild is CVE-2020-1380, a critical Scripting Engine memory corruption vulnerability that, if exploited, could allow an attacker to execute arbitrary code. The vulnerability exists in Internet Explorer 11, which Microsoft has encouraged users to move away from and recommends users instead use Microsoft Edge. The vulnerability can be exploited either by visiting a malicious website or opening a Microsoft Office document with an embedded malicious script. As this is being exploited in the wild, it is recommended that any organizations still using Internet Explorer upgrade versions right away.
CVE-2020-1554, CVE-2020-1492, CVE-2020-1379, CVE-2020-1477, and CVE-2020-1525 are all critical remote code execution (RCE) vulnerabilities in the Windows Media Foundation (WMF). These vulnerabilities exist in the way WMF handles objects in memory. Successful exploitation would allow an attacker to install malicious software, manipulate data, or create new accounts. These vulnerabilities impact Windows 7 through Windows 10 and Windows Server 2008 through 2019. This makes 10 critical vulnerabilities in WMF that have been announced this year, though at this point no known exploits have been developed for any of these vulnerabilities.
CVE-2020-1046 is an RCE vulnerability in the Windows . NET framework. The vulnerability exists in the way . NET handles imports. An attacker could exploit this vulnerability and gain admin-level control of the vulnerable system. To exploit this vulnerability, an attacker needs to upload a specially crafted file to a web application. This vulnerability impacts the . NET Framework versions 2.0 through 4.8.
Finally, CVE-2020-1567 is an RCA in the Microsoft MSHTML Engine. This vulnerability impacts Internet Explorer 9 through 11 and is a vulnerability in the way MSHTML validates input. Successful exploitation of the vulnerability would allow an attacker to execute code at the same privilege level as the victim. Normally, this would not get much attention, but Microsoft tracks the vulnerability as being both easy to exploit and highly likely to be exploited.
Nuspire recommends that Administrators apply Microsoft patches as soon as feasible within their organization.