For the 3rd month in a row Microsoft issued a sizable list of Patch Tuesday security updates covering 111 CVEs with 16 noted as critical.
This is the 3rd successive month that Microsoft has had more than 100 vulnerabilities listed in its monthly security rundown, but unlike recently, the May 2020 list does not contain any vulnerabilities designated as currently being exploited ‘in the wild.’
However, there are a number of issues to which security experts believe that professional’s attention should be firmly drawn to.
Dustin Childs or Trend Micro’s Zero Day Initiative flagged CVE-2020-1071 and CVE-2020-1118 for special attention. The 1st is a Windows remote access common dialog elevation of privilege flaw that does have the limitation of the attacker needing physical access to the device, & boot it to the login screen, in order to exploit. However, if this is possible, run ‘arbitrary code with elevated privileges.’
CVE-2020-1118 is about a ‘null pointer dereference issue’ that can be used to create a ‘denial of service’ condition.
“An attacker can exploit this vulnerability by sending a malicious Client Key Exchange message during a TLS handshake. The vulnerability affects both TLS clients and TLS servers, so just about any system could be shut down by an attacker. Either way, successful exploitation will cause the lsass.exe process to terminate,” Childs commented.
Satnam Narang, Principal Research Engineer at Tenable, highlighted CVE-2020-1117 in Microsoft Color Management & CVE-2020-1126 in Microsoft Colour Management. Both would need a user to be deceived into opening a malicious email or visiting a compromised website.
“Successful exploitation would allow an attacker to perform actions on the system using the same permissions as the current user that was compromised. If the user has administrative privileges, the attacker could then perform a variety of actions, such as installing programs, creating a new account with full user rights, and viewing, changing or deleting data,” Narang outlined, although he noted that Microsoft thinks exploitation of these problems is less likely.
Remote Code Execution
Another couple of vulnerabilities can result in remote code execution are particularly important, explained Richard Melick, Sr. Technical Product Manager, Automox, as they affect 2 very popular Microsoft tools, Visual Studio Code & SharePoint.
Melick noted that Visual Studio Code has about 50% of the market share for developer tools, so CVE-2020-1192 requires attention right away.
The problem here is how Python extension loads workspace settings from a notebook file, & if exploited gives an attacker the means to take control of the target device, acting as the current user. At this point, the attacker could steal critical information like source codes, inserting malicious code or backdoors into current projects, & install, modify, or delete data, he warned.
CVE-2020-1024 affects SharePoint, which has gained more importance as the workforce has left the office for home-working, meaning more online collaboration. If properly utilised, this defect could give an attacker the means to execute arbitrary code from the SharePoint application pool, & the SharePoint server farm account, potentially reaching all the users connected into & using this platform.
“In light of a few of the critical vulnerabilities revealed & patched by Microsoft today, it is clear that services that support the expanding workspace are a heavy focus for both attackers and software providers. If enterprises are not responding to and deploying critical patches within 24 hours of release, they could be putting not only those individual, un-patched endpoints at risk but their full network,” Mellick commented yesterday (Tues. May 12).