REDLEGG BLOG
Alert icon image

Why These 4 New Critical Vulnerabilities Need Mitigated Pronto

9/17/20 11:48 AM  |  by RedLegg Blog

There are quite a few remote code execution vulnerabilities revealed in the latest security bulletin provided by our threat research team.

Read on for the vulnerability descriptions and update information that will help you get started.

Get new security bulletins directly in your inbox as soon as they're released by our threat research team.

Windows Remote Code Execution Vulnerability

  • Identifier: CVE-2020-1252
  • Exploit Info / POC: No
  • Description: A remote code execution vulnerability exists when Windows improperly handles objects in memory. To exploit the vulnerability an attacker would have to convince a user to run a specially crafted application. An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
  • Mitigation recommendation: Patching is currently the only mitigation method.
  • Update: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1252

Remote Code Execution In Microsoft Dynamics 365

Remote Code Execution In Windows Graphics Device Interface (GDI)

  • Identifier: CVE-2020-1285
  • Exploit Info / POC:  No
  • Description: A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to open an email attachment or click a link in an email or instant message. In a file-sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit the vulnerability, and then convince users to open the document file.
  • Mitigation recommendation: Patching is currently the only mitigation method.
  • Update: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1285

Multiple Vulnerabilities in SharePoint including Remote Code Execution Vulnerabilities

  • Identifier: CVE-2020-1200, CVE-2020-1210, CVE-2020-1452, CVE-2020-1453, CVE-2020-1576, CVE-2020-1595
  • Exploit Info / POC:  No
  • Description: A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account. A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.
  • Mitigation recommendation: Patching is currently the only mitigation method.
  • Update:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1200

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1210

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1452

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1453

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1576

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1595

 

Critical-Vulnerabilities-Security-BulletinWant to see all the vulnerabilities listed in our latest bulletin AND receive the next bulletin directly in your inbox as soon as it's released?

Subscribe today.

Get Blog Updates

Related Articles

Summoning Cyber Awareness: Exorcising the Malevolent Realm of Remote Monitoring and Management Tools threat intel, 96bravo

Summoning Cyber Awareness: Exorcising the Malevolent Realm of Remote Monitoring and Management Tools

EXECUTIVE SUMMARY RedLegg would like to recognize the efforts instituted by the Cybersecurity & Infrastructure ...
Patch Tuesday - August 2023 96bravo

Patch Tuesday - August 2023

*Important note: These are not the only vulnerabilities that have been recently released; however, these are the ...
Critical Security Vulnerabilities Bulletin