Threat Watch

Microsoft October Patch Tuesday

For this month’s Patch Tuesday, Microsoft took care of 87 vulnerabilities that varied in severity and the product they affected. Two of the more serious vulnerabilities are CVE-2020-16898 and CVE-2020-16947. The first of the two could allow for a takeover of Windows OS through remote code execution of the Windows TCP/IP stack, specifically through IPv6. CVE 2020-16898 received a severity score of 9.8 out of 10 and affects Windows 10 and Windows Server 2019. CVE-2020-16947 is another remote code execution bug, but this one affects Outlook. Threat actors could exploit this bug by coming up with creative ways to fool users into opening files that have a compromised version of Outlook in them. One of the vulnerabilities that has not received as much attention is CVE-2020-16952, which allows remote code execution on Sharepoint servers. Working Proof-of-Concept code has already been published to exploit that vulnerability, but it requires a valid username and password to exploit.

ANALYST NOTES

It is advised that anyone who uses products that may have been mentioned in Microsoft’s update download and implement the patches for these vulnerabilities. If patches aren’t applicable, some workarounds may be known and those could be good temporary fixes as well. If these vulnerabilities are ignored it could lead to many issues and even total device takeover in some situations. Krebs also suggests users backup their files before downloading any of the patches because there have been instances where the patches cause system failure and boot issues.

Sources: https://www.zdnet.com/article/microsoft-october-2020-patch-tuesday-fixes-87-vulnerabilities/

https://portal.msrc.microsoft.com/en-us/security-guidance