Posts

Critical CVE's of the year 2020

/in /by

CVE-2020-1472 Zerologon – A vulnerability in the cryptography of Microsoft’s Netlogon process that allows an attack against Microsoft Active Directory domain controllers, making it possible for a hacker to impersonate any computer, including the root domain controller.

Ref: https://securitynews.sonicwall.com/xmlpost/windows-netlogon-elevation-of-privilege-vulnerability-cve-2020-1472/

CVE-2020-0796 SMBGhost – A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka ‘Windows SMBv3 Client/Server Remote Code Execution Vulnerability’.

Ref: https://securitynews.sonicwall.com/xmlpost/windows-smbv3-remote-code-execution-vulnerability-cve-2020-0796/

CVE-2020-1350 SIGRed – A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka ‘Windows DNS Server Remote Code Execution’ Vulnerability.

Ref: https://securitynews.sonicwall.com/xmlpost/windows-dns-server-remote-code-execution-vulnerability-cve-2020-1350/

CVE-2020-0601 Curveball – A vulnerability that affects the certificate verification function in the Crypt32.dll module provided by Microsoft.

Ref: https://securitynews.sonicwall.com/xmlpost/windows-cryptoapi-spoofing-vulnerability-cve-2020-0601/

CVE-2020-5902 – A critical vulnerability in the F5 BIG-IP Traffic Management User Interface (TMUI) also known as the Configuration Utility

Ref: https://securitynews.sonicwall.com/xmlpost/cve-2020-5902-hackers-actively-exploit-critical-vulnerability-in-f5-big-ip/

CVE-2020-14882 – A critical and easily exploitable remote code execution vulnerability (CVE-2020-14882) in Oracle WebLogic Server.

Ref: https://securitynews.sonicwall.com/xmlpost/cve-2020-14882-oracle-weblogic-remote-code-execution-vulnerability-exploited-in-the-wild/

CVE-2020-0688 Microsoft Exchange Memory Corruption Vulnerability – A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory.

Ref: https://securitynews.sonicwall.com/xmlpost/hackers-are-actively-trying-to-exploit-vulnerable-microsoft-exchange-servers/

CVE-2020–25213 – A vulnerability in WordPress File Manager (wp-file-manager) plugin versions prior to 6.9 that allows remote attackers to upload and execute arbitrary PHP code.

Ref: https://securitynews.sonicwall.com/xmlpost/cve-2020-25213-wordpress-plugin-wp-file-manager-actively-being-exploited-in-the-wild/

Windows SMBv3 Remote Code Execution Vulnerability CVE-2020-0796

/in /by

A remote code execution vulnerability (CVE-2020-0796) exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploits the vulnerability could gain the ability to execute code on the target server or client.To exploit the vulnerability, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 server.

Microsoft has released an OOB update for this vulnerability.

Following Windows version are vulnerable :
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows Server, version 1903 (Server Core installation)
Windows Server, version 1909 (Server Core installation)

SonicWall Capture Labs Threat Research team provides protection against this vulnerability with the following signatures:

  • IPS 14854: Windows SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796) 1
  • IPS 14857: Windows SMBv3 Remote Code Execution (CVE-2020-0796) 2
  • IPS 14858:Windows SMBv3 Remote Code Execution (CVE-2020-0796) 3

Microsoft Security Bulletin Coverage for March 2020

/in /by

SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of March 2020. A list of issues reported, along with SonicWall coverage information are as follows:

CVE-2020-0645 Microsoft IIS Server Tampering Vulnerability
There are no known exploits in the wild.
CVE-2020-0684 LNK Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0690 DirectX Elevation of Privilege Vulnerability
ASPY 5907:Malformed-File exe.MP.131
CVE-2020-0700 Azure DevOps Server Cross-site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2020-0758 Azure DevOps Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0762 Windows Defender Security Center Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0763 Windows Defender Security Center Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0765 Remote Desktop Connection Manager Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0768 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0769 Windows CSC Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0770 Windows ActiveX Installer Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0771 Windows CSC Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0772 Windows Error Reporting Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0773 Windows ActiveX Installer Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0774 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0775 Windows Error Reporting Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0776 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0777 Windows Work Folder Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0778 Windows Network Connections Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0779 Windows Installer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0780 Windows Network List Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0781 Windows UPnP Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0783 Windows UPnP Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0785 Windows User Profile Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0786 Windows Tile Object Service Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-0787 Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0788 Win32k Elevation of Privilege Vulnerability
ASPY 5844:Malformed-File exe.MP.113
CVE-2020-0789 Visual Studio Extension Installer Service Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-0791 Windows Graphics Component Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0793 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0795 Microsoft SharePoint Reflective XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-0796 Windows SMBv3 Client/Server Remote Code Execution Vulnerability
IPS 14854: Windows SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796) 1
IPS 14857: Windows SMBv3 Remote Code Execution (CVE-2020-0796) 2
IPS 14858: Windows SMBv3 Remote Code Execution (CVE-2020-0796) 3
CVE-2020-0797 Windows Work Folder Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0798 Windows Installer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0799 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0800 Windows Work Folder Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0801 Media Foundation Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0802 Windows Network Connections Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0803 Windows Network Connections Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0804 Windows Network Connections Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0806 Windows Error Reporting Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0807 Media Foundation Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0808 Provisioning Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0809 Media Foundation Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0810 Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0811 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0812 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0813 Scripting Engine Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0814 Windows Installer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0815 Azure DevOps Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0816 Microsoft Edge Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0819 Windows Device Setup Manager Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0820 Media Foundation Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0822 Windows Language Pack Installer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0823 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0824 Internet Explorer Memory Corruption Vulnerability
IPS 14850:Internet Explorer Memory Corruption Vulnerability (CVE-2020-0824)
CVE-2020-0825 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0826 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0827 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0828 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0829 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0830 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0831 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0832 Scripting Engine Memory Corruption Vulnerability
IPS 14847:Scripting Engine Memory Corruption Vulnerability (CVE-2020-0832)
CVE-2020-0833 Scripting Engine Memory Corruption Vulnerability
IPS 14848:Scripting Engine Memory Corruption Vulnerability (CVE-2020-0833)
CVE-2020-0834 Windows ALPC Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0840 Windows Hard Link Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0841 Windows Hard Link Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0842 Windows Installer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0843 Windows Installer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0844 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0845 Windows Network Connections Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0847 VBScript Remote Code Execution Vulnerability
IPS 14849:Scripting Engine Memory Corruption Vulnerability (CVE-2020-0847)
CVE-2020-0848 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0849 Windows Hard Link Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0850 Microsoft Word Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0851 Microsoft Word Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0852 Microsoft Word Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0853 Windows Imaging Component Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0854 Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0855 Microsoft Word Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0857 Windows Search Indexer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0858 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0859 Windows Modules Installer Service Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0860 Windows ActiveX Installer Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0861 Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0863 Connected User Experiences and Telemetry Service Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0864 Windows Work Folder Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0865 Windows Work Folder Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0866 Windows Work Folder Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0867 Windows Update Orchestrator Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0868 Windows Update Orchestrator Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0869 Media Foundation Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0871 Windows Network Connections Service Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0872 Remote Code Execution Vulnerability in Application Inspector
There are no known exploits in the wild.
CVE-2020-0874 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0876 Win32k Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0877 Win32k Elevation of Privilege Vulnerability
ASPY 5904:Malformed-File exe.MP.128
CVE-2020-0879 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0880 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0881 GDI+ Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0882 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0883 GDI+ Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0884 Microsoft Visual Studio Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-0885 Windows Graphics Component Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0887 Win32k Elevation of Privilege Vulnerability
ASPY 5905:Malformed-File exe.MP.129
CVE-2020-0891 Microsoft SharePoint Reflective XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-0892 Microsoft Word Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0893 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-0894 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-0896 Windows Hard Link Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0897 Windows Work Folder Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0898 Windows Graphics Component Elevation of Privilege Vulnerability
ASPY 5906:Malformed-File exe.MP.130
CVE-2020-0902 Service Fabric Elevation of Privilege
There are no known exploits in the wild.
CVE-2020-0903 Microsoft Exchange Server Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-0905 Dynamics Business Central Remote Code Execution Vulnerability
There are no known exploits in the wild.