SANS ISC: Microsoft November 2020 Patch Tuesday - SANS Internet Storm Center

• SANS Site Network
  • Current Site
  • SANS Internet Storm Center
  • Other SANS Sites Help
  • Graduate Degree Programs
  • Security Training
  • Security Certification
  • Security Awareness Training
  • Penetration Testing
  • Industrial Control Systems
  • Cyber Defense Foundations
  • DFIR
  • Software Security
  • Government OnSite Training

SANS ISC InfoSec Forums

This month we got patches for 112 vulnerabilities. Of these, 17 are critical and one was previously disclosed and is already being exploited according to Microsoft.

Amongst critical vulnerabilities, there is a CVSSv3 9.8 remote code execution in Windows Network File System (CVE-2020-17051). There are no details regarding the vulnerable component neither how the vulnerability could be exploited. The vulnerability affects virtually all supported Windows versions and is classified by Microsoft as ‘Exploitation More Likely’ which means that an exploit could be created in such a way that an attacker could consistently exploit this vulnerability.

The exploited and already disclosed one is a Windows Kernel Local Elevation of Privilege vulnerability (CVE-2020-17087). This vulnerability has been chained with Google Chrome CVE-2020-15999 to perform privilege escalation and gain administrator access to a system. More details about this vulnerability can be found at [1].

A third vulnerability worth mentioning here is remote code execution (RCE) in Microsoft Sharepoint (CVE-2020-17061). According to the advisory, it requires no user interaction and is classified as ‘Exploitation More Likely’.

See Renato's dashboard for a more detailed breakout: https://patchtuesdaydashboard.com

References:
[1] https://attackerkb.com/topics/y8mmBHc710/cve-2020-17087-windows-kernel-local-privilege-escalation-0day?referrer=home

--
Renato Marinho
Morphus Labs| LinkedIn|Twitter