For this month’s Patch Tuesday, Microsoft took care of 87 vulnerabilities that varied in severity and the product they affected. Two of the more serious vulnerabilities are CVE-2020-16898 and CVE-2020-16947. The first of the two could allow for a takeover of Windows OS through remote code execution of the Windows TCP/IP stack, specifically through IPv6. CVE 2020-16898 received a severity score of 9.8 out of 10 and affects Windows 10 and Windows Server 2019. CVE-2020-16947 is another remote code execution bug, but this one affects Outlook. Threat actors could exploit this bug by coming up with creative ways to fool users into opening files that have a compromised version of Outlook in them. One of the vulnerabilities that has not received as much attention is CVE-2020-16952, which allows remote code execution on Sharepoint servers. Working Proof-of-Concept code has already been published to exploit that vulnerability, but it requires a valid username and password to exploit.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.