Patch Tuesday (December 2020): Microsoft Patches 58 Vulnerabilities
And advises users how to address a DNS Spoofing Vulnerability
Microsoft has released patches for 58 bugs and one advisory as part of its December 2020 Patch Tuesday security updates. Out of the vulnerabilities addressed in this month’s batch, 9 have been rated as Critical, 48 as Important, and 2 as Moderate.
Luckily, this year ends with a quite light Patch Tuesday compared to the previous ones. This month brings no zero-days or formerly revealed vulnerabilities. However, this doesn’t mean that administrators can dismiss Microsoft’s updates and should still address them at their earliest convenience.
Microsoft provides DNS cache poisoning security advice
Regarding the aforementioned security advisory included in the December 2020 Patch Tuesday, it relates to a DNS poisoning flaw found by researchers from Tsinghua University and the University of California.
Microsoft stated that they were aware of “a vulnerability involving DNS cache poisoning caused by IP fragmentation that affects Windows DNS Resolver. An attacker who successfully exploited this vulnerability could spoof the DNS packet which can be cached by the DNS Forwarder or the DNS Resolver.”
Administrators should adjust the Registry to change the maximum UDP packet size to 1,221 bytes in order to overcome this vulnerability. Consequently, the DNS resolver will turn over to TCP connections for DNS requests larger than 1,221 bytes.
Here is the workaround proposed by Microsoft:
- Run regedit.exe as Administrator.
- In Registry Editor, navigate to the HKLM\SYSTEM\CurrentControlSet\Services\DNS\Parameters subkey and set the following parameters:
- Value: MaximumUdpPacketSize
- Type: DWORD
- Data: 4C5 Hexadecimal or 1221 Decimal
- Close Registry Editor and restart the DNS service.
What’s more, the company also warns that the incorrect usage of the Registry Editor can cause serious problems that may necessitate the reinstallation of the OS and can’t guarantee that complications resulted from the incorrect use of Registry Editor can be resolved. Registry Editor should be used at the users’ own risk.
For details on how the registry can be edited, users should view the “Changing Keys and Values” Help topic in Registry Editor (Regedit.exe) or the “Add and Delete Information in the Registry” and “Edit Registry Data” Help topics in Regedt32.exe.
Other noteworthy patched vulnerabilities
Even though this month there were no zero-days, there are some software flaws worth mentioning.
- Hyper-V RCE Vulnerability (CVE-2020-17095): Enables malware running on a Hyper-V VM to execute arbitrary code.
- Windows NTFS RCE Vulnerability (CVE-2020-17096): A local attacker might run a specially designed program that would elevate the rights of the attacker. “A remote attacker with SMBv2 access to a vulnerable system could send specially crafted requests over a network to exploit this vulnerability and execute code on the target system.”, notes Microsoft.
- Windows Lock Screen Security Feature Bypass Vulnerability (CVE-2020-17099): During an active user session, attackers with physical access may be able to execute code directly from the Windows lock screen. However, only after a user has already signed in and locked their session could this flaw be abused.
- Microsoft Exchange Server (CVE-2020-17143, CVE-2020-17144, CVE-2020-17141, CVE-2020-17141, CVE-2020-17117, CVE-2020-17132, CVE-2020-17142) – All of these flaws allow remote code execution.
- Microsoft SharePoint (CVE-2020-17118, CVE-2020-17121) – Also RCE bugs.
Heimdal™ Threat Prevention - Endpoint
- Machine learning powered scans for all incoming online traffic;
- Stops data breaches before sensitive info can be exposed to the outside;
- Advanced DNS, HTTP and HTTPS filtering for all your endpoints;
- Protection against data leakage, APTs, ransomware and exploits;
As always, our customers who have opted for automated updates have escaped the burden of patching.
Did you know that almost 50% of our users automatically patch their Windows OS and Microsoft software within 3 days upon release? The rest of them prefer to postpone the process according to their own schedule.
HeimdalTM’s Patch and Asset Management module enables you to easily achieve compliance, close vulnerabilities, and install the software. Thanks to its overall simplicity and ease of use, it works anytime and anywhere in the world, regardless of your company’s size and its employees’ location. Should you like to learn more, contact us today for a free demo at firstname.lastname@example.org!