The July 2020 Patch Tuesday includes 123 vulnerabilities, 32 of which allow for remote code execution. The main concern this month is with CVE-2020-1350, a remote code execution (RCE) vulnerability in Windows DNS Servers. Microsoft has given this a CVSS score of 10 and marked it as “Exploitation More Likely.” This vulnerability impacts Windows Server 2008 through 2019. To exploit the vulnerability, an attacker needs to send a specially crafted packet to a Windows Server running a vulnerable version of Microsoft’s DNS. Because most Active Directory (AD) servers also double as DNS servers, this vulnerability could lead to exploitation of AD servers in the network. This should be a high priority for patching this month, although fortunately its disclosure has not been accompanied yet by news of active exploitation.
Another suite of critical remote code execution vulnerabilities exist in the Microsoft Hyper-V RemoteFX vGPU (CVE-2020-1032, -1036, -1040, -1041, -1042, and -1043). These are difficult vulnerabilities to exploit, since an attacker would have to have access to a guest operating system. From the guest operating system, the attacker could run a specially crafted application that would attack certain video drivers running on the Hyper-V host. This would allow the attacker to execute arbitrary code on the host operating system. Microsoft has not released a patch for this vulnerability: instead, this month’s software update disables the RemoteFX vGPU on vulnerable systems, which includes Windows Server 2008 through 2016.
One of the concerning attributes of this Patch Tuesday is the number of disclosed RCE vulnerabilities that impact a broad range of widely used Microsoft products. CVE-2020-1374, for example, allows remote code execution based on a flaw in Windows Remote Desktop Client, can be exploited by convincing a user to visit a malicious server, and impacts Windows 7 through 10 and Windows Server 2008 through 2019. Other RCE vulnerabilities that impact an identical range of products include CVE-2020-1410, which impacts Windows Address Book and could be exploited via a malicious vcard file; CVE-2020-1421, which impacts .LNK files and could be exploited via a malicious removable drive or remote share; and CVE-2020-1435 and CVE-2020-1436, which impact Windows Graphic Device Interface and Windows font library, respectively, and could both be exploited via a malicious link or document.
Nuspire highly recommends that administrators and users apply Windows patches as soon as feasible to him mitigate against risks presented by these vulnerabilities or apply applicable workarounds.