Microsoft Pushes Fix for Critical “Wormable” RCE in Windows DNS Server
Last updated September 23, 2021
Another monthly fixing update for Microsoft Windows has landed, and this time, it squashes a total of 123 bugs. Seventeen of the identified flaws are classified as “critical,” 95 are “important,” and the rest are considered to be of “moderate” criticality. As always, you are advised to apply the available patch as soon as possible, as this is crucial in keeping your system secure. Many of the disclosed vulnerabilities concern remote code execution (RCE) flaws, some have to do with memory corruption, and others are based on local privilege escalation scenarios, so the full spectrum is covered.
Here are the most crucial flaws, as highlighted by the Sophos Labs and the Cisco Talos teams:
CVE-2020-1023, CVE-2020-1024, CVE-2020-1069, CVE-2020-1102: These are all RCE flaws affecting the Microsoft SharePoint web-based collaboration platform. By uploading a specially crafted packet onto the SharePoint server, or by convincing the target to open a malicious file, an attacker could execute code on the victim’s machine or server.
CVE-2020-1062: This is a memory corruption vulnerability affecting the Internet Explorer browser. For its triggering, an attacker would need to lead the victim into visiting a specially crafted web page. This would eventually lead to an RCE scenario.
CVE-2020-1054,CVE-2020-1143, CVE-2020-0915,CVE-2020-0916,CVE-2020-0963,CVE-2020-1141,CVE-2020-1142,CVE-2020-1145, CVE-2020-1135,CVE-2020-1153: These ten flaws affect the Windows Graphic Components, and are leading to local elevation of privilege conditions. There are some prerequisites for them to work, like having access to the Windows graphic session and being able to execute code. Still, a knowledgeable attacker could potentially elevate privileges to SYSTEM.
CVE-2020-1037, CVE-2020-1056, CVE-2020-1059, CVE-2020-1096, CVE-2020-1062, CVE-2020-1092, CVE-2020-1093: These flaws concern the Edge web browser that Microsoft has been pushing for adoption aggressively, and more specifically its ChakraCore JavaScript engine. Some of the identified vulnerabilities are also found in the VB Scripting engine of Internet Explorer 11.
CVE-2020-1084, CVE-2020-1123, CVE-2020-1137, CVE-2020-1081: These four are bugs in Windows services like printing, push notifications, the background intelligent transfer service (BITS) and the connected user experiences and telemetry service. They are not easy to trigger as they would require higher privileges to abuse symbolic links and junctions.
CVE-2020-1103: This is an information disclosure flaw affecting SharePoint. An attacker could exploit it to launch a successful cross-site search assault, potentially obtaining information by running search queries as the logged-in user.
Microsoft hasn’t provided technical details on most of the above, for reasons of security and precaution. In addition, they have specified that all of the fixed bugs were discovered in the lab and that none of them were detected in the wild. Thus, the chances of cyber-criminals knowing about how to exploit the 123 fixed bugs are slim, but no one can rule this out with certainty.