Why These 4 New Critical Vulnerabilities Need Mitigated Pronto

There are quite a few remote code execution vulnerabilities revealed in the latest security bulletin provided by our threat research team.

Read on for the vulnerability descriptions and update information that will help you get started.

Get new security bulletins directly in your inbox as soon as they're released by our threat research team.

Windows Remote Code Execution Vulnerability

• Identifier: CVE-2020-1252
• Exploit Info / POC: No
• Description: A remote code execution vulnerability exists when Windows improperly handles objects in memory. To exploit the vulnerability an attacker would have to convince a user to run a specially crafted application. An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
• Mitigation recommendation: Patching is currently the only mitigation method.
• Update: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1252

Remote Code Execution In Microsoft Dynamics 365

• Identifier: CVE-2020-16857, CVE-2020-16862
• Exploit Info / POC:  No
• Description: A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11. An attacker who successfully exploited this vulnerability could gain remote code execution via server-side script execution on the victim server. An authenticated attacker with privileges to import and export data could exploit this vulnerability by sending a specially crafted file to a vulnerable Dynamics server.
• Mitigation recommendation: Patching is currently the only mitigation method.
• Update: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16857
  https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16862

Remote Code Execution In Windows Graphics Device Interface (GDI)

• Identifier: CVE-2020-1285
• Exploit Info / POC:  No
• Description: A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to open an email attachment or click a link in an email or instant message. In a file-sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit the vulnerability, and then convince users to open the document file.
• Mitigation recommendation: Patching is currently the only mitigation method.
• Update: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1285

Multiple Vulnerabilities in SharePoint including Remote Code Execution Vulnerabilities

• Identifier: CVE-2020-1200, CVE-2020-1210, CVE-2020-1452, CVE-2020-1453, CVE-2020-1576, CVE-2020-1595
• Exploit Info / POC:  No
• Description: A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account. A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.
• Mitigation recommendation: Patching is currently the only mitigation method.
• Update:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1200

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1210

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1452

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1453

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1576

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1595

Want to see all the vulnerabilities listed in our latest bulletin AND receive the next bulletin directly in your inbox as soon as it's released?

Subscribe today.