Exploits & Vulnerabilities
November Patch Tuesday Fixes Exchange, NFS Vulns
Comparing to last month’s update, which saw a noticeable drop to over 80 fixes, the total number of patches for this month increased again, with over a hundred patches released.
Microsoft’s Patch Tuesday for November had 112 patches, with 17 categorized as critical. Compared to last month’s update, which saw a noticeable drop to over 80 fixes, the total number of patches for this month increased again, with over a hundred patches released. Six of the vulnerabilities came through the Zero Day Initiative program. Details on the patches can be viewed on Microsoft’s Security Update Guide page.
Patch for recently disclosed zero-day CVE-2020-17087
This month’s list includes the fix for CVE-2020-17087 (Windows Kernel Local Elevation of Privilege Vulnerability), the zero-day vulnerability that, according to Google, can be exploited together with the Chrome zero-day CVE-2020-15999. As shared in a post of Ben Hawkes, team lead of Project Zero, CVE-2020-17087 (together with the Chrome vulnerability) was exploited for a sandbox escape, leading to code execution.
Fixes for Microsoft Exchange vulnerabilities
The update includes fixes for a couple of Microsoft Exchange bugs, addressing significant remote code execution (RCE) vulnerabilities, CVE-2020-17083 and CVE-2020-17084. Left unpatched, these vulnerabilities can permit RCE attacks that allow attackers to gain unauthorized access, apply changes, or take control of systems by running arbitrary code.
CVE-2020-17085, a denial of service vulnerability, was also patched in this month’s release.
Patches for bugs related to the use of Network File System
Some vulnerabilities for Network File System (NFS) running on Windows were also fixed. One of them, CVE-2020-17051, was an RCE bug categorized as critical.
Other patched NFS-related vulnerabilities were CVE-2020-17047, a denial of service vulnerability; and CVE-2020-17056, an information disclosure bug that, if exploited, can provide unintentional read access to memory content in the kernel space from a user-mode process.
Releases for vulnerabilities in Microsoft SharePoint and others
The release also includes fixes for Microsoft SharePoint bugs like CVE-2020-17061, an RCE vulnerability.
Other notable fixes include those for an RCE bug found in Windows GDI+ (CVE-2020-17068) and various Microsoft Raw Image Extension vulnerabilities (CVE-2020-17078, CVE-2020-17079, CVE-2020-17081, CVE-2020-17082, and CVE-2020-17086).
Trend Micro solutions
Patches should be applied as soon as possible to prevent attacks that exploit vulnerabilities on the system. Trend Micro also recommends employing security solutions to provide an extra layer of protection from threats.
Trend Micro™ Deep Security™ and Vulnerability Protection can protect systems from attackers that attempt to infiltrate the system using these vulnerabilities, defending customers via the following rules:
- 1010599 - Microsoft Windows Kernel Elevation Of Privilege Vulnerability (CVE-2020-17087)
- 1010601 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2020-17052)
- 1010602 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2020-17053)
- 1010604 - Microsoft Windows Network File System Remote Code Execution Vulnerability (CVE-2020-17051)
- 1010605 - Microsoft Windows Network File System Remote Code Execution Vulnerability (CVE-2020-17056)
- 1010606 - Identified Out-Of-Sync RPCSEC_GSS_CONTINUE_INIT RPC Message (CVE-2020-17047)
Trend Micro™ TippingPoint™ protects users from exploits that target these bugs via the following rules:
- 38411: HTTP: Microsoft Windows Kernel cng.sys Privilege Escalation Vulnerability (CVE-2020-17087)
- 38412: HTTP: Microsoft Internet Explorer Worker Use-After-Free Vulnerability (CVE-2020-17053)
- 38413: HTTP: Microsoft Internet Explorer Array Buffer Overflow Vulnerability (CVE-2020-17052)
- 38439: NFS: Microsoft Windows NFSv3 Server Buffer Overflow Vulnerability (CVE-2020-17056)
- 38441: NFS: Microsoft Windows Network File System Buffer Overflow Vulnerability (CVE-2020-17051)
- 38443: HTTP: Microsoft SharePoint Unsafe Deserialization Vulnerability (CVE-2020-17061)
- 38454: NFS: Microsoft Windows Network File System RPCSEC_GSS Handling Denial-of-Service Vulnerability (CVE-2020-17047)