Patch Tuesday (October 2020): Microsoft Fixes Wormable Remote Code Execution Vulnerability
21 Remote Code Execution (RCE) bugs for Microsoft products have been patched. Don’t overlook these updates!
Microsoft’s security updates (the October 2020 Patch Tuesday) have been released. Patches have been rolled out for 87 security bugs. 11 out of the vulnerabilities addressed in this month’s Patch Tuesday received the “critical” ranking from Microsoft, meaning that cybercriminals or malware may leverage them to gain full access over an unpatched endpoint with little to zero user assistance. 75 were listed as “important” and only 1 rated as “moderate”. None were reported as being actively exploited in the wild, but six issues that were previously known yet unpatched before the regularly scheduled updates have also been included this month. Fixes for vulnerabilities in Microsoft Windows, Exchange Server, Visual Studio, .NET Framework, Microsoft Dynamics, and Windows Codecs Library, to name a few, have been included in the October 2020 Patch Tuesday.
CVE-2020-16898: A RCE wormable bug
A remote code execution risk occurs when CMPv6 Router Advertisement packets are inappropriately handled by the Windows TCP / IP stack. The power to run code on the target server or client may be obtained by an attacker who has successfully exploited this vulnerability. An attacker will have to send specially designed ICMPv6 Router Advertising packets to a remote Windows device to exploit this flaw. The newly released fix solves the flaw by adjusting how ICMPv6 Router Ads packets are handled by the Windows TCP / IP stack. Security researchers dubbed the CVE-2020-16898 “Bad Neighbor” after reviewing a proof-of-concept exploit shared by Microsoft. This flaw appears to be “wormable“, which means that it would be capable of being used in a threat that propagates very rapidly inside a network. Temporary workarounds such as disabling ICMPv6 RDNSS support exist, however, you are strongly advised to test and patch as soon as possible!
CVE-2020-16947: A RCE flaw found in Microsoft Outlook
An RCE bug in Microsoft Outlook is yet another critical vulnerability. The flaw can be activated by delivering a specially designed email to a target. Victims do not need to open the email to become compromised (because the Preview Pane is an attack vector). In a web-based attack scenario, it can also be triggered by enticing users into visiting a malicious website.
Simple standalone security solutions are no longer enough.
HEIMDAL™ ENDPOINT PREVENTION
- DETECTION AND CONTROL
- Next-gen Antivirus & Firewall which stops known threats;
- DNS traffic filter which stops unknown threats;
- Automatic patches for your software and apps with no interruptions;
- Privileged Access Management and Application Control, all in one unified dashboard
Although Microsoft’s October 2020 Patch Tuesday is smaller compared to most of their prior batches, it still is highly critical and thus imperative you don’t miss the vendor’s patches. So, as always, stay on top of your updates!