Posts

Critical CVE's of the year 2020

CVE-2020-1472 Zerologon – A vulnerability in the cryptography of Microsoft’s Netlogon process that allows an attack against Microsoft Active Directory domain controllers, making it possible for a hacker to impersonate any computer, including the root domain controller.

Ref: https://securitynews.sonicwall.com/xmlpost/windows-netlogon-elevation-of-privilege-vulnerability-cve-2020-1472/

CVE-2020-0796 SMBGhost – A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka ‘Windows SMBv3 Client/Server Remote Code Execution Vulnerability’.

Ref: https://securitynews.sonicwall.com/xmlpost/windows-smbv3-remote-code-execution-vulnerability-cve-2020-0796/

CVE-2020-1350 SIGRed – A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka ‘Windows DNS Server Remote Code Execution’ Vulnerability.

Ref: https://securitynews.sonicwall.com/xmlpost/windows-dns-server-remote-code-execution-vulnerability-cve-2020-1350/

CVE-2020-0601 Curveball – A vulnerability that affects the certificate verification function in the Crypt32.dll module provided by Microsoft.

Ref: https://securitynews.sonicwall.com/xmlpost/windows-cryptoapi-spoofing-vulnerability-cve-2020-0601/

CVE-2020-5902 – A critical vulnerability in the F5 BIG-IP Traffic Management User Interface (TMUI) also known as the Configuration Utility

Ref: https://securitynews.sonicwall.com/xmlpost/cve-2020-5902-hackers-actively-exploit-critical-vulnerability-in-f5-big-ip/

CVE-2020-14882 – A critical and easily exploitable remote code execution vulnerability (CVE-2020-14882) in Oracle WebLogic Server.

Ref: https://securitynews.sonicwall.com/xmlpost/cve-2020-14882-oracle-weblogic-remote-code-execution-vulnerability-exploited-in-the-wild/

CVE-2020-0688 Microsoft Exchange Memory Corruption Vulnerability – A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory.

Ref: https://securitynews.sonicwall.com/xmlpost/hackers-are-actively-trying-to-exploit-vulnerable-microsoft-exchange-servers/

CVE-2020–25213 – A vulnerability in WordPress File Manager (wp-file-manager) plugin versions prior to 6.9 that allows remote attackers to upload and execute arbitrary PHP code.

Ref: https://securitynews.sonicwall.com/xmlpost/cve-2020-25213-wordpress-plugin-wp-file-manager-actively-being-exploited-in-the-wild/

Microsoft Security Bulletin Coverage for July 2020

SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of July 2020. A list of issues reported, along with SonicWall coverage information are as follows:

CVE-2020-1147 .NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability
ASPY 5964:Malformed-File exe.MP.144

CVE-2020-1350 Windows DNS Server Remote Code Execution Vulnerability
IPS 15069:Windows DNS Server Remote Code Execution (CVE-2020-1350)

CVE-2020-1374 Remote Desktop Client Remote Code Execution Vulnerability
ASPY 5966:Malformed-File exe.MP.146

CVE-2020-1381 Windows Graphics Component Elevation of Privilege Vulnerability
SPY 5965:Malformed-File exe.MP.145

CVE-2020-1382 Windows Graphics Component Elevation of Privilege Vulnerability
ASPY 5967:Malformed-File exe.MP.148

CVE-2020-1399 Windows Runtime Elevation of Privilege Vulnerability
ASPY 5968:Malformed-File exe.MP.149

CVE-2020-1403 VBScript Remote Code Execution Vulnerability
IPS 14849:Suspicious JavaScript/VBScript Code 56

CVE-2020-1410 Windows Address Book Remote Code Execution Vulnerability
ASPY 5963:Malformed-File wab.MP.1

CVE-2020-1426 Windows Kernel Information Disclosure Vulnerability
ASPY 5962:Malformed-File exe.MP.147

Following vulnerabilities do not have exploits in the wild :

CVE-2020-1025 Microsoft Office Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1032 Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1036 Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1040 Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1041 Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1042 Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1043 Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1085 Windows Function Discovery Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1240 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1249 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1267 Local Security Authority Subsystem Service Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-1326 Azure DevOps Server Cross-site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2020-1330 Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1333 Group Policy Services Policy Processing Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1336 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1342 Microsoft Office Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1344 Windows WalletService Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1346 Windows Modules Installer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1347 Windows Storage Services Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1349 Microsoft Outlook Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1351 Microsoft Graphics Component Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1352 Windows USO Core Worker Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1353 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1354 Windows UPnP Device Host Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1355 Windows Font Driver Host Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1356 Windows iSCSI Target Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1357 Windows System Events Broker Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1358 Windows Resource Policy Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1359 Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1360 Windows Profile Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1361 Windows WalletService Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1362 Windows WalletService Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1363 Windows Picker Platform Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1364 Windows WalletService Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-1365 Windows Event Logging Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1366 Windows Print Workflow Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1367 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1368 Windows Credential Enrollment Manager Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1369 Windows WalletService Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1370 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1371 Windows Event Logging Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1372 Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1373 Windows Network Connections Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1375 Windows COM Server Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1384 Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1385 Windows Credential Picker Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1386 Connected User Experiences and Telemetry Service Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1387 Windows Push Notification Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1388 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1389 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1390 Windows Network Connections Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1391 Windows Agent Activation Runtime Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1392 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1393 Windows Diagnostics Hub Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1394 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1395 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1396 Windows ALPC Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1397 Windows Imaging Component Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1398 Windows Lockscreen Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1400 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1401 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1402 Windows ActiveX Installer Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1404 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1405 Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1406 Windows Network List Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1407 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1408 Microsoft Graphics Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1409 DirectWrite Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1411 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1412 Microsoft Graphics Components Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1413 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1414 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1415 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1416 Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1418 Windows Diagnostics Hub Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1419 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1420 Windows Error Reporting Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1421 LNK Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1422 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1423 Windows Subsystem for Linux Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1424 Windows Update Stack Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1427 Windows Network Connections Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1428 Windows Network Connections Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1429 Windows Error Reporting Manager Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1430 Windows UPnP Device Host Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1431 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1432 Skype for Business via Internet Explorer Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1433 Microsoft Edge PDF Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1434 Windows Sync Host Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1435 GDI+ Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1436 Windows Font Library Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1437 Windows Network Location Awareness Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1438 Windows Network Connections Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1439 PerformancePoint Services Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1442 Office Web Apps XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-1443 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-1444 Microsoft SharePoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1445 Microsoft Office Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1446 Microsoft Word Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1447 Microsoft Word Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1448 Microsoft Word Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1449 Microsoft Project Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1450 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-1451 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-1454 Microsoft SharePoint Reflective XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-1456 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-1458 Microsoft Office Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1461 Microsoft Defender Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1462 Skype for Business via Microsoft Edge (EdgeHTML-based) Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1463 Windows SharedStream Library Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1465 Microsoft OneDrive Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1468 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1469 Bond Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-1481 Visual Studio Code ESLint Extention Remote Code Execution Vulnerability
There are no known exploits in the wild.

Windows DNS Server Remote Code Execution Vulnerability CVE-2020-1350

A remote code execution vulnerability exists in Windows Domain Name System servers when certain requests are not properly handled. This issue results from a flaw in Microsoft’s DNS server role implementation. An attacker who successfully exploits the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk as a result of this vulnerability.

To exploit the vulnerability, an unauthenticated attacker could send malicious requests to a Windows DNS server.

This vulnerability (CVE-2020-1350) is classified as a ‘wormable’ vulnerability and has a CVSS base score of 10. Wormable vulnerabilities have the potential to spread via malware between vulnerable computers without user interaction.

This issue affects the following Windows Server versions. Non-Microsoft DNS Servers are not affected.

  • Microsoft Windows Server 2008
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Server 2016
  • Microsoft Windows Server 2019
  • Microsoft Windows Server version 1803 (Server Core installation)
  • Microsoft Windows Server version 1903 (Server Core installation)
  • Microsoft Windows Server version 1909 (Server Core installation)
  • Microsoft Windows Server version 2004 (Server Core installation)

Microsoft has patched this vulnerability in its July patch Tuesday updates. Users are encouraged to patch their systems as soon as possible.

SonicWall Capture Labs provides protection against this threat via the following signature:

      • IPS 15069: Windows DNS Server Remote Code Execution (CVE-2020-1350) 1
      • IPS 15073: Windows DNS Server Remote Code Execution (CVE-2020-1350) 2
      • IPS 15074: Windows DNS Server Remote Code Execution (CVE-2020-1350) 3
      • IPS 15075: Windows DNS Server Remote Code Execution (CVE-2020-1350) 4
      • IPS 15076: Windows DNS Server Remote Code Execution (CVE-2020-1350) 5