Exploits & Vulnerabilities
Smaller October Patch Tuesday Fixes TCP/IP, RDP Bugs
Microsoft's Patch Tuesday update for October has a relatively smaller number of patches. After a few months where the number of bug fixes exceeded the 100-mark, October’s round of updates stood at 87, containing fixes for eleven that were rated as Critical.
Microsoft's Patch Tuesday update for October has a relatively smaller number of patches. After a few months where the number of bug fixes exceeded the 100-mark, October’s round of updates stood at 87, containing fixes for eleven that were rated as Critical.
Critical TCP/IP vulnerabilities lead the way
Two of the more notable vulnerabilities that were addressed involved TCP/IP. The first, CVE-2020-16898, is a remote code execution (RCE) bug related to the way the TCP/IP stack mishandles ICMPv6 Router Advertisement packets. An attacker who creates malicious versions of these packets and then sends them remotely could potentially gain the ability to execute code on the target machine.
The second of these vulnerabilities is CVE-2020-16899, a denial-of-service (DoS) flaw that also concerns ICMPv6 Router Advertisement packets. While CVE-2020-16899 can again be exploited via specially crafted packets, unlike the previous vulnerability, it does not allow attackers to execute code or directly elevate user rights.
An RDP-related bug could lead to information disclosure
With a large number of workers accessing their systems via remote desktop protocol (RDP), the updates addressing CVE-2020-16896 look to be especially important. This particular bug can be exploited by an attacker running a specially crafted application against a server that provides RDP services. The successful exploitation of CVE-2020-16896 could then lead to a malicious actor obtaining information that can then be used for further malicious acts.
Microsoft Excel RCE vulnerabilities also present
Trend Micro Zero Day Initiative (ZDI) provided information on four Microsoft Excel vulnerabilities:
All four vulnerabilities share the same basic characteristics — RCE vulnerabilities that occur when Microsoft Excel fails to handle objects in memory properly. Successfully exploiting these vulnerabilities could permit the takeover of the targeted system, allowing an attacker to perform unwanted actions such as installing or uninstalling applications, or even creating new accounts with full administrative rights.
Trend Micro Solutions
Installing Trend Micro™ Deep Security™ and Vulnerability Protection or similar solutions can protect users from threats that target the vulnerabilities in this month’s patch list. Affected installations will be updated to minimize disruptions and ensure that critical applications and sensitive enterprise data stay protected. The following rules have been released to cover the appropriate vulnerabilities:
- 1010552 - Microsoft Windows Media Foundation Memory Corruption Vulnerability Over HTTP (CVE-2020-16915)
- 1010553 - Microsoft Windows Media Foundation Memory Corruption Vulnerability Over SMB (CVE-2020-16915)
- 1010554 - Microsoft Windows Spoofing Vulnerability (CVE-2020-16922)
- 1010556 - Microsoft Windows Remote Desktop Protocol Information Disclosure Vulnerability (CVE-2020-16896)
Trend Micro™ TippingPoint® customers are protected from threats and attacks that may exploit some of the vulnerabilities fixed this month via the following MainlineDV filters:
- 38090: IPv6: Microsoft Windows Ipv6pUpdateRDNSS Buffer Overflow Vulnerability
- 38092: IPv6: Microsoft Windows IPv6 Stack Denial-of-Service Vulnerability
- 38247: HTTP: Microsoft Windows File Validation Spoofing Vulnerability
- 38251: HTTP: Microsoft Windows Media Foundation H265 Stream Parsing Memory Corruption Vulnerability
- 38253: RDP: Microsoft Remote Desktop Integer Overflow Vulnerability