Date du conseil: 08 septembre 2020

  Description

Microsoft addresses several vulnerabilities in its September security bulletin. Trend Micro Deep Security covers the following:

  • CVE-2020-0664 - Active Directory Information Disclosure Vulnerability
    Risk Rating: Important

    This information disclosure vulnerability exists in the mishandling of objects in memory by the Active Directory integrated DNS (ADIDNS). Attackers looking to take advantage of this vulnerability must be authenticated to send a specially crafted request to the ADIDNS service.


  • CVE-2020-0856 - Active Directory Information Disclosure Vulnerability
    Risk Rating: Important

    This information disclosure vulnerability exists in the mishandling of objects in memory by the Active Directory integrated DNS (ADIDNS). Attackers looking to take advantage of this vulnerability must be authenticated to send a specially crafted request to the ADIDNS service.


  Information Exposure Rating:

Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection are also protected from attacks using these vulnerabilities.

Vulnerability ID DPI Rule Number DPI Rule Name Release Date Vulnerability Protection Compatibility
CVE-2020-0856 1010494 Microsoft Windows Active Directory Information Disclosure Vulnerability (CVE-2020-0856) 08-Sep-20 YES
CVE-2020-0664 1010491 Microsoft Windows Active Directory Information Disclosure Vulnerability (CVE-2020-0664) 08-Sep-20 YES