Posts

Critical CVE's of the year 2020

CVE-2020-1472 Zerologon – A vulnerability in the cryptography of Microsoft’s Netlogon process that allows an attack against Microsoft Active Directory domain controllers, making it possible for a hacker to impersonate any computer, including the root domain controller.

Ref: https://securitynews.sonicwall.com/xmlpost/windows-netlogon-elevation-of-privilege-vulnerability-cve-2020-1472/

CVE-2020-0796 SMBGhost – A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka ‘Windows SMBv3 Client/Server Remote Code Execution Vulnerability’.

Ref: https://securitynews.sonicwall.com/xmlpost/windows-smbv3-remote-code-execution-vulnerability-cve-2020-0796/

CVE-2020-1350 SIGRed – A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka ‘Windows DNS Server Remote Code Execution’ Vulnerability.

Ref: https://securitynews.sonicwall.com/xmlpost/windows-dns-server-remote-code-execution-vulnerability-cve-2020-1350/

CVE-2020-0601 Curveball – A vulnerability that affects the certificate verification function in the Crypt32.dll module provided by Microsoft.

Ref: https://securitynews.sonicwall.com/xmlpost/windows-cryptoapi-spoofing-vulnerability-cve-2020-0601/

CVE-2020-5902 – A critical vulnerability in the F5 BIG-IP Traffic Management User Interface (TMUI) also known as the Configuration Utility

Ref: https://securitynews.sonicwall.com/xmlpost/cve-2020-5902-hackers-actively-exploit-critical-vulnerability-in-f5-big-ip/

CVE-2020-14882 – A critical and easily exploitable remote code execution vulnerability (CVE-2020-14882) in Oracle WebLogic Server.

Ref: https://securitynews.sonicwall.com/xmlpost/cve-2020-14882-oracle-weblogic-remote-code-execution-vulnerability-exploited-in-the-wild/

CVE-2020-0688 Microsoft Exchange Memory Corruption Vulnerability – A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory.

Ref: https://securitynews.sonicwall.com/xmlpost/hackers-are-actively-trying-to-exploit-vulnerable-microsoft-exchange-servers/

CVE-2020–25213 – A vulnerability in WordPress File Manager (wp-file-manager) plugin versions prior to 6.9 that allows remote attackers to upload and execute arbitrary PHP code.

Ref: https://securitynews.sonicwall.com/xmlpost/cve-2020-25213-wordpress-plugin-wp-file-manager-actively-being-exploited-in-the-wild/

Windows CryptoAPI Spoofing Vulnerability CVE-2020-0601

NSA has discovered a critical vulnerability affecting Microsoft Windows cryptographic functionality. A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. The vulnerability affects Windows 10 and Windows Server 2016/2019 as well as applications that rely on Windows for trust functionality.

Microsoft released a patch today for Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601) and urges that everyone update their systems as quickly as possible.

A successful exploit could allow the attacker to
(1) Sign a malicious executable, making it appear the file was from a trusted, legitimate source; the user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider.
Or
(2) Conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software.

SonicWall Capture Labs Threat Research team provides protection against this vulnerability with the following signatures:
IPS 14728:Windows CryptoAPI Spoofing Vulnerability (JAN 20) 1
IPS 14729:Windows CryptoAPI Spoofing Vulnerability (JAN 20) 2
IPS 14730:Windows CryptoAPI Spoofing Vulnerability (JAN 20) 3
IPS 14731:Windows CryptoAPI Spoofing Vulnerability (JAN 20) 4

Microsoft Security Bulletin Coverage for Jan 2020

SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of January 2020. A list of issues reported, along with SonicWall coverage information are as follows:

CVE-2020-0601 Windows CryptoAPI Spoofing Vulnerability
IPS 14728:Windows CryptoAPI Spoofing Vulnerability (JAN 20) 1
IPS 14729:Windows CryptoAPI Spoofing Vulnerability (JAN 20) 2
IPS 14730:Windows CryptoAPI Spoofing Vulnerability (JAN 20) 3
IPS 14731:Windows CryptoAPI Spoofing Vulnerability (JAN 20) 4

CVE-2020-0602 ASP.NET Core Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-0603 ASP.NET Core Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0605 .NET Framework Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0606 .NET Framework Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0607 Microsoft Graphics Components Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0608 Win32k Information Disclosure Vulnerability
There are no known exploits in the wild.

CVE-2020-0609 Windows RDP Gateway Server Remote Code Execution Vulnerability
IPS 14723:Windows RDP Gateway Server Remote Code Execution Vulnerability (JAN 20) 1

CVE-2020-0610 Windows RDP Gateway Server Remote Code Execution Vulnerability
IPS 14724:Windows RDP Gateway Server Remote Code Execution Vulnerability (JAN 20) 2

CVE-2020-0611 Remote Desktop Client Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0612 Windows Remote Desktop Protocol (RDP) Gateway Server Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-0613 Windows Search Indexer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0614 Windows Search Indexer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0615 Windows Common Log File System Driver Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0616 Microsoft Windows Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-0617 Hyper-V Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-0620 Microsoft Cryptographic Services Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0621 Windows Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-0622 Microsoft Graphics Component Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0623 Windows Search Indexer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0624 Win32k Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0625 Windows Search Indexer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0626 Windows Search Indexer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0627 Windows Search Indexer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0628 Windows Search Indexer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0629 Windows Search Indexer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0630 Windows Search Indexer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0631 Windows Search Indexer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0632 Windows Search Indexer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0633 Windows Search Indexer Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2020-0634 Windows Common Log File System Driver Elevation of Privilege Vulnerability
ASPY 5871:Malformed-File exe.MP.116

CVE-2020-0635 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0636 Windows Subsystem for Linux Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0637 Remote Desktop Web Access Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0638 Update Notification Manager Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0639 Windows Common Log File System Driver Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0640 Internet Explorer Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0641 Microsoft Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0642 Win32k Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0643 Windows GDI+ Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0644 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0646 .NET Framework Remote Code Execution Injection Vulnerability
There are no known exploits in the wild.
CVE-2020-0647 Microsoft Office Online Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-0650 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0651 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0652 Microsoft Office Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0653 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0654 Microsoft OneDrive for Android Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-0656 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
There are no known exploits in the wild.