Patch Tuesday (October 2020): Microsoft Fixes Wormable Remote Code Execution Vulnerability

Microsoft’s security updates (the October 2020 Patch Tuesday) have been released. Patches have been rolled out for 87 security bugs. 11 out of the vulnerabilities addressed in this month’s Patch Tuesday received the “critical” ranking from Microsoft, meaning that cybercriminals or malware may leverage them to gain full access over an unpatched endpoint with little to zero user assistance. 75 were listed as “important” and only 1 rated as “moderate”. None were reported as being actively exploited in the wild, but six issues that were previously known yet unpatched before the regularly scheduled updates have also been included this month. Fixes for vulnerabilities in Microsoft Windows, Exchange Server, Visual Studio, .NET Framework, Microsoft Dynamics, and Windows Codecs Library, to name a few, have been included in the October 2020 Patch Tuesday.

CVE-2020-16898: A RCE wormable bug

A remote code execution risk occurs when CMPv6 Router Advertisement packets are inappropriately handled by the Windows TCP / IP stack. The power to run code on the target server or client may be obtained by an attacker who has successfully exploited this vulnerability. An attacker will have to send specially designed ICMPv6 Router Advertising packets to a remote Windows device to exploit this flaw. The newly released fix solves the flaw by adjusting how ICMPv6 Router Ads packets are handled by the Windows TCP / IP stack. Security researchers dubbed the CVE-2020-16898 “Bad Neighbor” after reviewing a proof-of-concept exploit shared by Microsoft. This flaw appears to be “wormable“, which means that it would be capable of being used in a threat that propagates very rapidly inside a network. Temporary workarounds such as disabling ICMPv6 RDNSS support exist, however, you are strongly advised to test and patch as soon as possible!

CVE-2020-16947: A RCE flaw found in Microsoft Outlook

An RCE bug in Microsoft Outlook is yet another critical vulnerability. The flaw can be activated by delivering a specially designed email to a target. Victims do not need to open the email to become compromised (because the Preview Pane is an attack vector). In a web-based attack scenario, it can also be triggered by enticing users into visiting a malicious website.

As always, our Heimdal™ Patch & Asset Management​ (and our Endpoint Security Suite and Heimdal™ Threat Prevention) customers who have turned on their automatic updates can be confident they are safe. Every month, almost 50% of Heimdal^TM Security’s enterprise customers automatically patch their Microsoft software within 3 days upon release, with the rest choosing to postpone the patching process in accordance with their schedule. In case you missed it, check out our latest webinar on how Automated Patch Management will save significant amounts of resources in your organization and help you highly improve your cybersecurity posture.

Conclusion

Although Microsoft’s October 2020 Patch Tuesday is smaller compared to most of their prior batches, it still is highly critical and thus imperative you don’t miss the vendor’s patches. So, as always, stay on top of your updates!