Microsoft has released July 2020 Security updates, that includes an emergency patch for ‘a Wormable’ RCE Vulnerability CVE-2020-1350 dubbed “SIGRed” in Window DNS Server.
In all, the Microsoft security updates address 123 (18 Critical) vulnerabilities in the following products:
- .NET Framework
- Azure DevOps
- Internet Explorer
- Microsoft ChakraCore
- Microsoft Edge (Chromium-based) in IE Mode
- Microsoft Edge (EdgeHTML-based)
- Microsoft Office and Microsoft Office Services and Web Apps
- Microsoft OneDrive
- Microsoft Windows
- Open Source Software
- Skype for Business
- Visual Studio
- Windows Defender.
Microsoft has provided patches for each of the vulnerabilities and summarized them in the July 2020 Security Updates Release Notes.
‘Wormable’ RCE Vulnerability (CVE-2020-1350)
Most notable of this month’s patches include a fix for a Critical Remote Code Execution (RCE) vulnerability CVE-2020-1350 in Windows DNS Server. This severe bug sports a CVSS base score of 10.0 and affects all Windows Server versions.
“A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account,” Microsoft stated in the advisory.
Furthermore, this issue affects Microsoft’s DNS server role implementation, a core networking component, and affects all Windows Server versions 2003 to 2019.
Microsoft further warned that this wormable vulnerability has the potential to spread malware between vulnerable computers, even without user interaction.
Security researchers from Checkpoint first discovered the wormable vulnerability dubbed “SIGRed” and warned the severe bug can be triggered by a malicious DNS response. As a consequence, an attacker could successfully exploit the flaw and then be “granted Domain Administrator rights, effectively compromising the entire corporate infrastructure.”
Although, there are no known active attacks in the wild yet, Microsoft confirmed “exploitation is more likely” and highly recommends customers apply Windows updates as soon as possible.
Critical Office Privileged Escalation vulnerability
One of the other Critical patches fixes an elevation of privilege vulnerability CVE-2020-1025 in Microsoft SharePoint Server and Skype for Business Server and how those products improperly handle OAuth token validation.
“An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access,” Microsoft explained in the advisory.
Critical Hyper-V RCE vulnerabilities
Microsoft also patched an additional 17 RCE vulnerabilities on multiple products.
Six of those address similar vulnerabilities (CVE-2020-1032, CVE-2020-1036, CVE-2020-1040, CVE-2020-1041, CVE-2020-1042, and CVE-2020-1043) in the way Hyper-V handles graphics drivers (RemoteFX vGPU).
Critical Remote Desktop RCE vulnerability
In addition, Microsoft patched a Critical Remote Client Desktop RCE vulnerability CVE-2020-1374. This bug could be exploited when a user connects to a malicious server.
“An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” Microsoft warned in the advisory.
Other Critical patches
Rounding out some of the other Critical patches include a fix to address an RCE vulnerability CVE-2020-1147 in .NET Framework, Microsoft SharePoint, and Visual Studio.
The issue exists when these software products fail to check the source markup of XML file input.
“An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content,” Microsoft explained in the advisory.
In addition, Microsoft patched an RCE vulnerability CVE-2020-1403 in how VBScript engine handles objects in memory.
Exploitation of these pair of RCE bugs CVE-2020-1147 and CVE-2020-1403 are also “more likely.”
Finally, the following Critical vulnerabilities were addressed in this month’s patch updates: CVE-2020-1409, CVE-2020-1410, CVE-2020-1421, CVE-2020-1425, CVE-2020-1435, CVE-2020-1436 and CVE-2020-1439.
Over a hundred other vulnerabilities (rated Important, Moderate or Low) were also included in the security updates.
- Microsoft takes down malicious domains used in COVID-19 related phishing campaign
- Microsoft releases two emergency out-of-band Windows codecs patches
- Microsoft releases out-of-band patch for Windows 10 vulnerability (CVE-2020-1441)
- Microsoft June 2020 Security Updates (and a Critical Adobe Flash patch)