Patch Tuesday (September 2020): Microsoft Addresses 129 Vulnerabilities
32 have been classified as remote code execution (RCE) bugs. Make sure you patch your systems!
Microsoft’s September 2020 Patch Tuesday brings along its traditional monthly updates, enabling network administrators to address the latest discovered security issues associated with the vendor’s products. Malicious hackers are notorious for following these security updates and leveraging the most dangerous software flaws in their attacks, so, in this article, I’ve summarized what potential threats the latest batch of updates will protect your organization from.
This month, the company has patched 129 vulnerabilities in 15 products, ranging from Microsoft Windows to ASP.NET, Microsoft OneDrive, or Azure DevOps. Out of these, 32 have been classified as remote code execution (RCE) bugs, which would allow cybercriminals to exploit the software remotely, regardless of where the endpoint would be located in the world. What’s more, of these 32, 20 have been rated as “critical”, the highest severity on the company’s scale.
Heimdal™ Threat Prevention - Endpoint
- Machine learning powered scans for all incoming online traffic;
- Stops data breaches before sensitive info can be exposed to the outside;
- Advanced DNS, HTTP and HTTPS filtering for all your endpoints;
- Protection against data leakage, APTs, ransomware and exploits;
Among the most serious ones, we would like to point out the ones below:
- Microsoft Exchange Server (CVE-2020-16875) – Attackers could take advantage of this vulnerability by running their code merely by sending a malicious email to a vulnerable Exchange server.
- Microsoft SharePoint (CVE-2020-1200, CVE-2020-1210, CVE-2020-1452, CVE-2020-1453, CVE-2020-1576) – Cybercriminals could leverage these flaws by uploading a “specially crafted SharePoint application package” to a vulnerable SharePoint site.
- Windows (CVE-2020-1252) – Microsoft warns its users that attackers who manage to exploit this vulnerability could execute arbitrary code and completely take control of the affected systems, being able to install programs, view, change, or delete data as they please, or even create new accounts with full user rights. These types of threats highlight the notion that admin rights can stir up trouble in your organization, so be careful how you manage them.
Heimdal™ Privileged Access Management
- Automate the elevation of admin rights on request;
- Approve or reject escalations with one click;
- Provide a full audit trail into user behavior;
- Automatically de-escalate on infection;
- Windows Graphics Device Interface (GDI) (CVE-2020-1285) – This vulnerability can be traced back to the faulty way in which the GDI handles objects in memory, potentially becoming the root cause for both web-based and file-sharing attack scenarios.
- Microsoft Dynamics 365 for Finance and Operations (on-premises) (CVE-2020-16857, CVE-2020-16862) – In these instances, attackers could gain remote code execution via server-side script execution on the victims’ servers. Again, authenticated attackers with elevated privileges would benefit from this vulnerability.
- Windows Media Audio Decoder (CVE-2020-1593, CVE-2020-1508) – An RCE vulnerability exists when Windows Media Audio Decoder incorrectly handles objects, which would allow cyber attackers to take control of the vulnerable systems – for instance, by convincing users to open an infected document or by luring them into visiting a malicious website.
- Windows Text Service Module (CVE-2020-0908) – This is related to a vulnerability found in Microsoft Edge (Chromium-based), that attackers would be able to exploit by tricking users into visiting a compromised website.
- Microsoft Windows Codecs Library (CVE-2020-1319, CVE-2020-1129) – As Visual Studio improperly handles objects in memory, attackers who leverage these vulnerabilities could be able to run arbitrary code as the affected users. The ones “whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights”, says Microsoft.
- Visual Studio (CVE-2020-16874) – Yet another RCE vulnerability, this time found in Microsoft Windows Codecs library, would allow attackers to override the vulnerable systems and be able to take advantage of having full user rights.
None of these Microsoft software vulnerabilities have been spotted being exploited in the wild thus far, however, this is not a decisive factor when it comes to whether you should be patching your systems or not.
The process of patching should not be skipped or delayed. As you probably already know, various major attacks happened due to bad patching habits. Therefore, we strongly advise you to take every month’s patched vulnerabilities seriously and start planning your deployment as soon as possible. We also encourage you to review our patch management best practices and take a look at this piece on how you can create your own patch management policy.
HEIMDAL™ ENDPOINT PREVENTION - DETECTION AND RESPONSE
- Next-gen Antivirus & Firewall which stops known threats;
- DNS traffic filter which stops unknown threats;
- Automatic patches for your software and apps with no interruptions;
- Privileged Access Management and Application Control, all in one unified dashboard
As always, our Heimdal™ Patch & Asset Management (and naturally, our Endpoint Security Software and Heimdal™ Threat Prevention) customers who have turned on their automatic updates can rest assured they are safe. Nearly 50% of them automatically patch their Windows OS and Microsoft apps within 3 days upon release, while the rest have chosen to postpone the process according to their own schedule.
Heimdal™ Patch & Asset Management is an Automated Patch Management and Software Deployment and Inventory tool that allows you to efficiently manage vulnerabilities. It is very easy to deploy and use and works anywhere in the world, so it’s a great addition for any organization, regardless of its size and its employees’ location.
Contact us today to learn more!