Microsoft December 2020 Patch Tuesday fixes 58 vulnerabilities

microsoft cryptography encryption

Microsoft has published today 58 security fixes across 10+ products and services, as part of the company’s monthly batch of security updates, known as Patch Tuesday.

Windows 10 security: 'So good, it can block zero-days without being patched'

Windows 10 security: ‘So good, it can block zero-days without being patched’

Systems running the Windows 10 Anniversary Update were shielded from two exploits even before Microsoft had issued patches for them, its researchers have found.

Read More

There’s a smaller number of fixes this December compared with the regular 100+ fixes that Microsoft ships each month, but this doesn’t mean the bugs are less severe.

More than a third of this month’s patches (22) are classified as remote code execution (RCE) vulnerabilities. These are security bugs that need to be addressed right away as they are more easily exploitable, with no user interaction, either via the internet or from across a local network.

This month, we have RCEs in Microsoft products like Windows NTFS, Exchange Server, Microsoft Dynamics, Excel, PowerPoint, SharePoint, Visual Studio, and Hyper-V.

The highest-rated of these bugs, and the ones most likely to come under exploitation, are the RCE bugs impacting Exchange Server (CVE-2020-17143, CVE-2020-17144, CVE-2020-17141, CVE-2020-17117, CVE-2020-17132, and CVE-2020-17142) and SharePoint (CVE-2020-17118 and CVE-2020-17121).

Patching these first is advised, as, through their nature, Exchange and SharePoint systems are regularly connected to the internet and, as a result, are more easily attacked.

Another major bug fixed this month is also a bug in Hyper-V, Microsoft’s virtualization technology, used to host virtual machines. Exploitable via a malicious SMB packet, this bug could allow remote attackers to compromise virtualized sandboxed environments, something that Hyper-V was designed to protect.


Below are additional details about today’s Microsoft Patch Tuesday and security updates released by other tech companies:

  • Microsoft’s official Security Update Guide portal lists all security updates in a filterable table.
  • ZDNet has published this file listing all this month’s security advisories on one single page.
  • Adobe’s security updates are detailed here.
  • SAP security updates are available here.
  • Intel security updates are available here.
  • VMWare security updates are available here.
  • Chrome 87 security updates are detailed here.
  • Android security updates are available here.
Tag CVE ID CVE Title
Microsoft Windows DNS ADV200013 Microsoft Guidance for Addressing Spoofing Vulnerability in DNS Resolver
Azure DevOps CVE-2020-17145 Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
Azure DevOps CVE-2020-17135 Azure DevOps Server Spoofing Vulnerability
Azure SDK CVE-2020-17002 Azure SDK for C Security Feature Bypass Vulnerability
Azure SDK CVE-2020-16971 Azure SDK for Java Security Feature Bypass Vulnerability
Azure Sphere CVE-2020-17160 Azure Sphere Security Feature Bypass Vulnerability
Microsoft Dynamics CVE-2020-17147 Dynamics CRM Webclient Cross-site Scripting Vulnerability
Microsoft Dynamics CVE-2020-17133 Microsoft Dynamics Business Central/NAV Information Disclosure
Microsoft Dynamics CVE-2020-17158 Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
Microsoft Dynamics CVE-2020-17152 Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
Microsoft Edge CVE-2020-17153 Microsoft Edge for Android Spoofing Vulnerability
Microsoft Edge CVE-2020-17131 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Exchange Server CVE-2020-17143 Microsoft Exchange Information Disclosure Vulnerability
Microsoft Exchange Server CVE-2020-17144 Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Exchange Server CVE-2020-17141 Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Exchange Server CVE-2020-17117 Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Exchange Server CVE-2020-17132 Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Exchange Server CVE-2020-17142 Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2020-17137 DirectX Graphics Kernel Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2020-17098 Windows GDI+ Information Disclosure Vulnerability
Microsoft Office CVE-2020-17130 Microsoft Excel Security Feature Bypass Vulnerability
Microsoft Office CVE-2020-17128 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office CVE-2020-17129 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office CVE-2020-17124 Microsoft PowerPoint Remote Code Execution Vulnerability
Microsoft Office CVE-2020-17123 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office CVE-2020-17119 Microsoft Outlook Information Disclosure Vulnerability
Microsoft Office CVE-2020-17125 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office CVE-2020-17127 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office CVE-2020-17126 Microsoft Excel Information Disclosure Vulnerability
Microsoft Office CVE-2020-17122 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2020-17115 Microsoft SharePoint Spoofing Vulnerability
Microsoft Office SharePoint CVE-2020-17120 Microsoft SharePoint Information Disclosure Vulnerability
Microsoft Office SharePoint CVE-2020-17121 Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2020-17118 Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2020-17089 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-17136 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-16996 Kerberos Security Feature Bypass Vulnerability
Microsoft Windows CVE-2020-17138 Windows Error Reporting Information Disclosure Vulnerability
Microsoft Windows CVE-2020-17092 Windows Network Connections Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-17139 Windows Overlay Filter Security Feature Bypass Vulnerability
Microsoft Windows CVE-2020-17103 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-17134 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Visual Studio CVE-2020-17148 Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability
Visual Studio CVE-2020-17159 Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability
Visual Studio CVE-2020-17156 Visual Studio Remote Code Execution Vulnerability
Visual Studio CVE-2020-17150 Visual Studio Code Remote Code Execution Vulnerability
Windows Backup Engine CVE-2020-16960 Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup Engine CVE-2020-16958 Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup Engine CVE-2020-16959 Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup Engine CVE-2020-16961 Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup Engine CVE-2020-16964 Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup Engine CVE-2020-16963 Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup Engine CVE-2020-16962 Windows Backup Engine Elevation of Privilege Vulnerability
Windows Error Reporting CVE-2020-17094 Windows Error Reporting Information Disclosure Vulnerability
Windows Hyper-V CVE-2020-17095 Hyper-V Remote Code Execution Vulnerability
Windows Lock Screen CVE-2020-17099 Windows Lock Screen Security Feature Bypass Vulnerability
Windows Media CVE-2020-17097 Windows Digital Media Receiver Elevation of Privilege Vulnerability
Windows SMB CVE-2020-17096 Windows NTFS Remote Code Execution Vulnerability
Windows SMB CVE-2020-17140 Windows SMB Information Disclosure Vulnerability

Microsoft Windows Security Updates November 2020

Microsoft has released security updates for all support client and server versions of Windows as well as other company products such as Microsoft Office, Microsoft Edge, and Internet Explorer.

Our November 2020 Patch Day overview provides you with details on the released patches. It begins with an executive summary listing the most important bits of information; this is followed by the operating system distribution, details about cumulative updates for Windows, other released security updates, download links, and lots of links to Microsoft support pages.

Check out the October 2020 Security Updates overview here in case you missed it.

Microsoft Windows Security Updates November 2020

You can download the following Excel spreadsheet that includes information about the released security updates in November 2020. It is provided as an archive that you need to extract on the local system. A viewer such as Microsoft Excel or LibreOffice Cacl is needed to open the spreadsheet.

Click on the following link to download the spreadsheet to your system: Security Updates 2020-11-10-070727pm

Executive Summary

  • Microsoft released security updates for all supported client and server versions of Windows.
  • All server and client versions of Windows are affected by the same two critical vulnerabilities.
  • Security updates are also released for Microsoft Office, Internet Explorer, Microsoft Edge, Microsoft Exchange Server, Microsoft Dynamics, Microsoft Windows Codecs Library, Azure Sphere, Windows Defender, Microsoft Teams, Azure SDK, Azure DevOps and Visual Studio.
  • Products with known issues: SharePoint Server 2016 and 2019, Windows 10 versions 2004, 1903, 1809, Windows 7, Windows 8.1, Windows Server products and Microsoft Exchange Server

Operating System Distribution

  • Windows 7(extended support only): 20 vulnerabilities: 2 critical and 18 important
    • CVE 2020 17042 — Windows Print Spooler Remote Code Execution Vulnerability
    • CVE 2020 17051 — Windows Network File System Remote Code Execution Vulnerability
  • Windows 8.1: 33 vulnerabilities: 2 rated critical and 31 rated important
    • CVE 2020 17042 — Windows Print Spooler Remote Code Execution Vulnerability
    • CVE 2020 17051 — Windows Network File System Remote Code Execution Vulnerability
  • Windows 10 version 1809: 48 vulnerabilities: 2 critical and 45 important, 1 low
    • CVE 2020 17042 — Windows Print Spooler Remote Code Execution Vulnerability
    • CVE 2020 17051 — Windows Network File System Remote Code Execution Vulnerability
  • Windows 10 version 1903 and 1909: 53 vulnerabilities: 2 critical and 54 important, 1 low
    • CVE 2020 17042 — Windows Print Spooler Remote Code Execution Vulnerability
    • CVE 2020 17051 — Windows Network File System Remote Code Execution Vulnerability
  • Windows 10 version 2004 and 20H2: 52 vulnerabilities, 2 critical, 49 important, 1 low
    • CVE 2020 17042 — Windows Print Spooler Remote Code Execution Vulnerability
    • CVE 2020 17051 — Windows Network File System Remote Code Execution Vulnerability

Windows Server products

  • Windows Server 2008 R2 (extended support only): 20 vulnerabilities: 2 critical and 18 important
    • CVE 2020 17042 — Windows Print Spooler Remote Code Execution Vulnerability
    • CVE 2020 17051 — Windows Network File System Remote Code Execution Vulnerability
  • Windows Server 2012 R2: 34 vulnerabilities: 2 critical and 22 important.
    • CVE 2020 17042 — Windows Print Spooler Remote Code Execution Vulnerability
    • CVE 2020 17051 — Windows Network File System Remote Code Execution Vulnerability
  • Windows Server 2016: 40 vulnerabilities: 2 critical and 38 important.
    • CVE 2020 17042 — Windows Print Spooler Remote Code Execution Vulnerability
    • CVE 2020 17051 — Windows Network File System Remote Code Execution Vulnerability
  • Windows Server 2019: 46 vulnerabilities: 2 critical and 44 are important
    • CVE 2020 17042 — Windows Print Spooler Remote Code Execution Vulnerability
    • CVE 2020 17051 — Windows Network File System Remote Code Execution Vulnerability

Other Microsoft Products

  • Internet Explorer 11: 3 vulnerabilities: 3 critical
  • Microsoft Edge (classic): 4 vulnerabilities: 3 critical, 1 important
    • CVE 2020 17048 — Chakra Scripting Engine Memory Corruption Vulnerability
    • CVE 2020 17052 — Scripting Engine Memory Corruption Vulnerability
    • CVE 2020 17058 — Microsoft Browser Memory Corruption Vulnerability
  • Microsoft Edge (Chromium)
    • see here (latest security patches from the Chromium project)

Windows Security Updates

Windows 7 SP1 and Windows Server 2008 R2

Updates and improvements:

  • Corrects DST start date for Fiji Islands to December 20, 2020
  • Security updates

Windows 8.1 and Windows Server 2012 R2

Updates and improvements:

  • Corrects DST start date for Fiji Islands to December 20, 2020
  • Security updates
  • Administrators may enable “Save Target As” in Group Policy for Microsoft Edge IE Mode (Monthly Rollup only).
  • Fixes an issue with LDAP session authentication (Monthly Rollup only).

Windows 10 version 1809

Updates and improvements:

  • Corrects DST start date for Fiji Islands to December 20, 2020
  • Security updates

Windows 10 version 1903 and 1909

Updates and improvements:

  • Corrects DST start date for Fiji Islands to December 20, 2020
  • Fixed an issue with the package frame launcher.
  • Security updates

Windows 10 version 2004 and 20H2

Updates and improvements:

  • Corrects DST start date for Fiji Islands to December 20, 2020
  • Security updates

Other security updates

KB4586768 — 2020-11 Cumulative Security Update for Internet Explorer

KB4586807 — 2020-11 Security Monthly Quality Rollup for Windows Server 2008

KB4586817 — 2020-11 Security Only Quality Update for Windows Server 200

KB4586808 — 2020-11 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012

KB4586834 — 2020-11 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012

KB4586787 — 2020-11 Cumulative Update for Windows 10 Version 1507

KB4586782 — 2020-11 Cumulative Update for Windows 10 Version 1703

KB4586785 — 2020-11 Cumulative Update for Windows 10 Version 1803

KB4586830 — 2020-11 Cumulative Update for Windows Server 2016 and Windows 10 Version 1607

Known Issues

Windows 7 SP1 and Server 2008 R2

  • Updates will uninstall if the system is not subscribed to ESU (Extended Security Updates).
  • Certain rename operations may fail on Cluster Shared Volumes. Workarounds available.

Windows 8.1 and Server 2012 R2

  • Certain rename operations may fail on Cluster Shared Volumes. Workarounds available.

Windows 10 version 1809

  • Some Asian language packs may throw the error “0x800f0982 – PSFX_E_MATCHING_COMPONENT_NOT_FOUND”. Microsoft suggest to remove the language packs and reinstall them, update Windows to the latest version, or Reset the PC.

Windows 10 version 1903, 1909, 2004, 20H2

  • System and user certificates may be lost when updating from Windows 10 version 1809 or later to a newer version of Windows 10. This happens mainly when managed devices are updated using outdated bundles or media according to Microsoft. Devices that use Windows Update or Windows Update for Business are not impacted. Microsoft suggests to go back to the previous version of Windows to fix the issue.

Security advisories and updates

ADV 990001 — Latest Servicing Stack Updates

Non-security related updates

KB4497165 — 2020-09 Update for Windows Server, version 1909, Windows 10 Version 1909, Windows Server 2019 (1903), and Windows 10 Version 1903

KB4558130 — 2020-09 Update for Windows Server, version 2004 and Windows 10 Version 2004

KB4580419 — 2020-11 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server, version 20H2, Windows 10 Version 20H2, Windows Server, version 2004, and Windows 10 Version 2004

KB4580980 — 2020-11 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server, version 1909, Windows 10 Version 1909, Windows Server 2019 (1903), and Windows 10 Version 1903

KB4585207 — 2020-11 Cumulative Update for .NET Framework 4.8 for Windows Server 2016 and Windows 10 Version 1607

KB4585208 — 2020-11 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1703

KB4585210 — 2020-11 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1803 and Windows Server 2016

KB4586082 — 2020-11 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows Server 2019 and Windows 10 Version 1809

KB4589198 — 2020-11 Update for Windows 10 Version 1507

KB4589206 — 2020-11 Update for Windows 10 Version 1803

KB4589208 — 2020-11 Update for Windows Server 2019 and Windows 10 Version 1809

KB4589210 — 2020-11 Update for Windows Server 2016 and Windows 10 Version 1607

KB4589211 — 2020-11 Update for Windows Server, version 1909, Windows 10 Version 1909, Windows Server 2019 (1903), and Windows 10 Version 1903

KB4589212 — 2020-11 Update for Windows Server, version 20H2, Windows 10 Version 20H2, Windows Server, version 2004, and Windows 10 Version 2004

KB890830 — Windows Malicious Software Removal Tool

KB4585204 — 2020-11 Security and Quality Rollup for .NET Framework 4.6 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008

KB4585205 — 2020-11 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4585211 — 2020-11 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded 8 Standard and Windows Server 2012

KB4585212 — 2020-11 Security and Quality Rollup for .NET Framework 4.8 for Windows 8.1 and Windows Server 2012 R2

KB4585213 — 2020-11 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012

KB4585214 — 2020-11 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Windows Server 2012 R2

KB4586083 — 2020-11 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4586084 — 2020-11 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded 8 Standard and Windows Server 2012

KB4586085 — 2020-11 Security and Quality Rollup for .NET Framework 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 and Windows Server 2012 R2

KB4586086 — 2020-11 Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 for Windows Server 2008

Microsoft Office Updates

You find Office update information here.

How to download and install the November 2020 security updates

microsoft windows november 2020 security updates

The November 2020 security patches are already available for all supported versions of Windows and other Microsoft products. Home users get these via Windows Updates or direct downloads, business customers and Enterprises get these via update management systems such as WSUS predominantly.

Updates are installed automatically by default on Home systems, but you can run a manual check for updates to download and install these earlier.

Note: we recommend that you create a backup of important data, better the entire system, before you install updates.

Do this to manually check for updates:

  1. Open the Start Menu of the Windows operating system, type Windows Update and select the result.
  2. Select check for updates in the application that opens. Updates may be installed automatically when they are found or offered by Windows; this depends on the operating system and version that is used, and update settings.

Direct update downloads

Below are resource pages with direct download links, if you prefer to download the updates to install them manually.

Windows 7 and Server 2008 R2

  • KB4586827 — 2020-11 Security Monthly Quality Rollup for Windows 7
  • KB4586805 — 2020-11 Security Only Quality Update for Windows 7

Windows 8.1 and Windows Server 2012 R2

  • KB4586845 — 2020-11 Security Monthly Quality Rollup for Windows 8.1
  • KB4586823 — 2020-11 Security Only Quality Update for Windows 8.1

Windows 10 (version 1809)

  • KB4586793 — 2020-11 Cumulative Update for Windows 10 Version 1809

Windows 10 (version 1903)

  • KB4586786 — 2020-11 Cumulative Update for Windows 10 Version 1903

Windows 10 (version 1909)

  • KB4586786 — 2020-11 Cumulative Update for Windows 10 Version 1909

Windows 10 (version 2004)

  • KB4586781 — 2020-11 Cumulative Update for Windows 10 Version 2004

Windows 10 (version 20H2)

  • KB4586781 — 2020-11 Cumulative Update for Windows 10 Version 20H2

Additional resources

Summary
Microsoft Windows Security Updates November 2020 overview
Article Name
Microsoft Windows Security Updates November 2020 overview
Description
Microsoft released security updates and non-security updates for all supported versions of the company’s Windows operating system, client and server, as well as other company products such as Microsoft Office on the November 2020 Patch Day.
Author
Martin Brinkmann
Publisher
Ghacks Technology News
Logo
Ghacks Technology News
Advertisement

Related:

  • No Related Posts

Microsoft Exchange Servers Still Open to Actively Exploited Flaw

Over half of exposed Exchange servers are still vulnerable to a severe bug that allows authenticated attackers to execute code remotely with system privileges – even eight months after Microsoft issued a fix.

The vulnerability in question (CVE-2020-0688) exists in the control panel of Exchange, Microsoft’s mail server and calendaring server. The flaw, which stems from the server failing to properly create unique keys at install time, was fixed as part of Microsoft’s February Patch Tuesday updates – and admins in March were warned that unpatched servers are being exploited in the wild by unnamed advanced persistent threat (APT) actors.

However, new telemetry found that out of 433,464 internet-facing Exchange servers observed, at least 61 percent of Exchange 2010, 2013, 2016 and 2019 servers are still vulnerable to the flaw.

“There are two important efforts that Exchange administrators and infosec teams need to undertake: verifying deployment of the update and checking for signs of compromise,” said Tom Sellers with Rapid7 in a Tuesday analysis.

Speaking of Exchange, we took another look at Exchange CVE-2020-0688 (any user -> SYSTEM on OWA).

It’s STILL 61% unpatched.

This is dangerous as hell and there is a reliable Metasploit module for it.

See the UPDATED information on the ORIGINAL blog:https://t.co/DclWb3T0mZ

— Tom Sellers (@TomSellers) September 29, 2020

Researchers warned in a March advisory that unpatched servers are being exploited in the wild by unnamed APT actors. Attacks first started in late February and targeted “numerous affected organizations,” researchers said. They observed attackers leverage the flaw to run system commands to conduct reconnaissance, deploy webshell backdoors and execute in-memory frameworks, post-exploitation.

Previously, in April, Rapid7 researchers found that more than 80 percent of servers were vulnerable; out of 433,464 internet-facing Exchange servers observed, at least 357,629 were open to the flaw (as of March 24). Researchers used Project Sonar, a scanning tool, to analyze internet-facing Exchange servers and sniff out which were vulnerable to the flaw.

microsoft exchange RCE flaw

Exchange build number distribution status for flaw. Credit: Rapid7

Sellers urged admins to verify that an update has been deployed. The most reliable method to do so is by checking patch-management software, vulnerability-management tools or the hosts themselves to determine whether the appropriate update has been installed, he said.

“The update for CVE-2020-0688 needs to be installed on any server with the Exchange Control Panel (ECP) enabled,” he said. “This will typically be servers with the Client Access Server (CAS) role, which is where your users would access the Outlook Web App (OWA).”

With the ongoing activity, admins should also determine whether anyone has attempted to exploit the vulnerability in their environment. The exploit code that Sellers tested left log artifacts in the Windows Event Log and the IIS logs (which contain HTTP server API kernel-mode cache hits) on both patched and unpatched servers: “This log entry will include the compromised user account, as well as a very long error message that includes the text invalid viewstate,” he said.

Admins can also review their IIS logs for requests to a path under /ecp (usually /ecp/default.aspx), Sellers said, These should contain the string __VIEWSTATE and __VIEWSTATEGENERATOR – and will have a long string in the middle of the request that is a portion of the exploit payload.

“You will see the username of the compromised account name at the end of the log entry,” he said. “A quick review of the log entries just prior to the exploit attempt should show successful requests (HTTP code 200) to web pages under /owa and then under /ecp.”

On October 14 at 2 PM ET Get the latest information on the rising threats to retail e-commerce security and how to stop them. Register today for this FREE Threatpost webinar, “Retail Security: Magecart and the Rise of e-Commerce Threats.” Magecart and other threat actors are riding the rising wave of online retail usage and racking up big numbers of consumer victims. Find out how websites can avoid becoming the next compromise as we go into the holiday season. Join us Wednesday, Oct. 14, 2-3 PM ET for this LIVE webinar.

Related:

Citrix Provisioning Target Device Boot Failure “Error: “Status 0xc000000e. A required device isn't connect or can't be accessed “

While booting a physical Target Device the Target fails with a BSOD:

“Status 0xc000000e. A required device isn’t connected or can’t be accessed”

Although the physical device from which the vDisk was created does boot without error, all subsequent Targets fail.

Related: