There has been a common vulnerabilities and exposures (CVE) fixing trend in 2020 Patch Tuesdays. For instance, Microsoft has patched roughly more than 100 vulnerabilities per month in recent bulletins. Similarly, the July update issues 123 patches, including fixes in RemoteFX vGPU, Microsoft Office, Microsoft Windows, OneDrive, and Jet Database Engine.
The patches address 18 vulnerabilities rated Critical and 105 that were rated Important in severity. A total of eight CVEs were disclosed through Trend Micro’s Zero Day Initiative (ZDI) program.
While none of the vulnerabilities were listed as under active attack at the time of release, among the bugs addressed this month is the “wormable” Critical-rated remote code execution (RCE) vulnerability in Windows Domain Name System (DNS) Servers (designated as CVE-2020-1350). An affected system that receives a specially crafted request could allow unauthenticated code execution at the level of a Local System account.
Since Windows servers configured as DNS servers are usually also domain controllers, users should prioritize patching this flaw. The update addresses the vulnerability by modifying how Windows DNS servers handle requests.
.NET Framework, SharePoint Server, and Visual Studio RCE
This month’s security releases include a fix for an RCE vulnerability (CVE-2020-1147) in Microsoft .NET Framework, Visual Studio, and collaborative platform SharePoint. Users with affected installations are urged to immediately apply the update to address potential risks.
The vulnerability is concerned with the way the source markup of XML file input is validated. If left unpatched, an attacker could exploit the vulnerability and run arbitrary code in the context of the process responsible for the deserialization of XML content.
Microsoft Office Elevation of Privilege
CVE-2020-1025 is a Critical-rated elevation of privilege (EoP) vulnerability that occurs in SharePoint and Skype for Business servers. The flaw exists when these kinds of software mishandle OAuth token validation. An attacker who successfully modifies the token can bypass authentication and gain improper access. The fix addresses how Microsoft SharePoint Server and Skype for Business Server check tokens.
Trend Micro Solutions
As with all patch releases, we advise users to stay on top of these updates. Vulnerability management and system updates are important in protecting systems against publicly reported exploits, as well as old vulnerabilities and resurfacing malware variants. Organizations are recommended to install security solutions that can protect their systems from attacks that abuse these vulnerabilities.
Trend Micro™ Deep Security™ protect both systems and users against threats targeting the vulnerabilities via the following rules:
- 1010393 – Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability (CVE-2020-1403)
- 1010394 – Microsoft Windows LNK Remote Code Execution Vulnerability Over SMB (CVE-2020-1421)
- 1010395 – Microsoft Windows LNK Remote Code Execution Vulnerability Over WebDAV (CVE-2020-1421)
- 1010397 – Microsoft Windows JET Database Engine Remote Code Execution Vulnerability (CVE-2020-1400)
- 1010398 – Microsoft SharePoint Scorecards Remote Code Execution Vulnerability (CVE-2020-1439)
- 1010399 – Microsoft SharePoint Scorecards Remote Code Execution Vulnerability (CVE-2020-1439) – 1
- 1010401 – Microsoft Windows DNS Server Remote Code Execution Vulnerability (CVE-2020-1350) – Server
- 1010402 – Microsoft Windows Remote Desktop Client Remote Code Execution Vulnerability (CVE-2020-1374)
- 1010403 – Microsoft Windows Font Parsing Remote Code Execution Vulnerability (CVE-2020-1355)
- 1010404 – Microsoft Windows PFB Font File Out-Of-Bounds Write Privilege Escalation Vulnerability (CVE-2020-1436)
- 1010406 – Microsoft Windows DNS Server Remote Code Execution Vulnerability (CVE-2020-1350) – Client
Please note that rules 1010401 and 1010406 are not available for Vulnerability Protection.
With TippingPoint® Next-Generation Intrusion Prevention System (NGIPS), customers are protected against threats and attacks through the following rules:
- 37837: RDP: Microsoft Remote Desktop Integer Overflow Vulnerability
- 37838: HTTP: Microsoft Internet Explorer Type Confusion Vulnerability
- 37851: HTTP: Microsoft .NET Framework Insecure Deserialization Vulnerability
- 37877: HTTP: Microsoft Windows Address Book Contact File Parsing Integer Overflow Vulnerability