At the moment, exploited vulnerabilities are CVE-2020-1020, CVE-2020-0938, CVE-2020-0968 & CVE-2020-1027. The first 2 were announced on Mar. 23 and can be found in the ‘Adobe Font Manager Library’, & it is suggested, can lead to a ‘Remote Code Execution’.
113 vulnerabilities, 19 of them rated as ‘Critical’ and 94 rated as ‘Important’ have been now highlighted in Microsoft’s Patch released on Tues.
“This month’s Patch Tuesday is another significant release, with Microsoft fixing a total of 113 vulnerabilities, 19 of them which are rated as critical and 94 rated as important. 3 of the vulnerabilities were exploited ‘in the wild’,” observed Satnam Narang, who is a Principal Research Engineer at Tenable.
Adobe Font Manager
Microsoft has now released a patch for CVE-2020-1020, which is best described as a ‘remote code execution vulnerability’ in the Adobe Font Manager Library. This was first made public on Mar. 23, when Microsoft published an advisory which fully detailed the exploitation.
Microsoft also patched CVE-2020-0938, which is another ‘remote code execution vulnerability’ in Adobe Font Manager Library that was also exploited too.
Both of these do in fact effect the Adobe Font Manager Library, but it must also be said that there is currently no firm confirmation that the 2 are actually really related to these same set of attacks. “To exploit these flaws, an attacker would need to socially engineer a user into opening a malicious document or viewing the document in the Windows Preview Pane it was observed.
In addition, it must be noted that Microsoft has also now patched CVE-2020-0968, which is a newly discovered ‘Memory Corruption Vulnerability’, that has been found to exist within Internet Explorer. This flaw exists because of the improper handling of objects in memory by the scripting engine. Narang also urgently warns that there are many possible situations in which this particular vulnerability could actually be seriously exploited.
“The primary way would be to socially engineer a user into visiting a website containing the malicious code, whether owned by the attacker, or a compromised website with the malicious code injected into it. An attacker could also socially engineer the user into opening a malicious Microsoft Office document that embeds the malicious code.”
“CVE-2020-1027 is an elevation of privilege vulnerability in the Windows Kernel. This is another vulnerability that has been seen exploited & Microsoft rates it as “Exploitation More Likely,” cautioned Allan Liska, who is an Intelligence Analyst at Recorded Future. He further said that, “the vulnerability exists in the way that the Windows kernel handles objects in memory and is exploited by a locally authenticated attacker running a specially crafted application.”
Jonathan Cran, who is Head of Research at Kenna Security, observed that Kenna’s data is now showing active attacks using CVE 2020-0796, which is a critical remote code execution vulnerability against SMBv3, & appears to be a popular target that is easily exploitable.
“Microsoft pulled the patch for this CVE from the March 2020 ‘Patch on Tuesday’ at the last minute, but some information leaked online around it without a patch available.
Now that a patch is available, all organisations & businesses must quickly update the affected systems,” he urgently suggested.
Todd Schell, who is a Senior Product Manager Ivanti also has examined CVE-2020-0935 in OneDrive closely. This particular vulnerability, it seems, could actually allow an intruder to elevate their privilege level, which could further let them use a specially designed application to take full control of their system. Most users will not have to update their OneDrive because it has a feature that does occasionally check & then update the OneDrive binary.
You have been warned! Get your Patches!