Contribute to angpao1/sql-injection-go development by creating an account on GitHub.
Tag: Microsoft
Microsoft December 2020 Patch Tuesday fixes 58 vulnerabilities
Microsoft has published today 58 security fixes across 10+ products and services, as part of the company’s monthly batch of security updates, known as Patch Tuesday.
Windows 10 security: ‘So good, it can block zero-days without being patched’
Systems running the Windows 10 Anniversary Update were shielded from two exploits even before Microsoft had issued patches for them, its researchers have found.
There’s a smaller number of fixes this December compared with the regular 100+ fixes that Microsoft ships each month, but this doesn’t mean the bugs are less severe.
More than a third of this month’s patches (22) are classified as remote code execution (RCE) vulnerabilities. These are security bugs that need to be addressed right away as they are more easily exploitable, with no user interaction, either via the internet or from across a local network.
This month, we have RCEs in Microsoft products like Windows NTFS, Exchange Server, Microsoft Dynamics, Excel, PowerPoint, SharePoint, Visual Studio, and Hyper-V.
The highest-rated of these bugs, and the ones most likely to come under exploitation, are the RCE bugs impacting Exchange Server (CVE-2020-17143, CVE-2020-17144, CVE-2020-17141, CVE-2020-17117, CVE-2020-17132, and CVE-2020-17142) and SharePoint (CVE-2020-17118 and CVE-2020-17121).
Patching these first is advised, as, through their nature, Exchange and SharePoint systems are regularly connected to the internet and, as a result, are more easily attacked.
Another major bug fixed this month is also a bug in Hyper-V, Microsoft’s virtualization technology, used to host virtual machines. Exploitable via a malicious SMB packet, this bug could allow remote attackers to compromise virtualized sandboxed environments, something that Hyper-V was designed to protect.
Below are additional details about today’s Microsoft Patch Tuesday and security updates released by other tech companies:
- Microsoft’s official Security Update Guide portal lists all security updates in a filterable table.
- ZDNet has published this file listing all this month’s security advisories on one single page.
- Adobe’s security updates are detailed here.
- SAP security updates are available here.
- Intel security updates are available here.
- VMWare security updates are available here.
- Chrome 87 security updates are detailed here.
- Android security updates are available here.
| Tag | CVE ID | CVE Title |
|---|---|---|
| Microsoft Windows DNS | ADV200013 | Microsoft Guidance for Addressing Spoofing Vulnerability in DNS Resolver |
| Azure DevOps | CVE-2020-17145 | Azure DevOps Server and Team Foundation Services Spoofing Vulnerability |
| Azure DevOps | CVE-2020-17135 | Azure DevOps Server Spoofing Vulnerability |
| Azure SDK | CVE-2020-17002 | Azure SDK for C Security Feature Bypass Vulnerability |
| Azure SDK | CVE-2020-16971 | Azure SDK for Java Security Feature Bypass Vulnerability |
| Azure Sphere | CVE-2020-17160 | Azure Sphere Security Feature Bypass Vulnerability |
| Microsoft Dynamics | CVE-2020-17147 | Dynamics CRM Webclient Cross-site Scripting Vulnerability |
| Microsoft Dynamics | CVE-2020-17133 | Microsoft Dynamics Business Central/NAV Information Disclosure |
| Microsoft Dynamics | CVE-2020-17158 | Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability |
| Microsoft Dynamics | CVE-2020-17152 | Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability |
| Microsoft Edge | CVE-2020-17153 | Microsoft Edge for Android Spoofing Vulnerability |
| Microsoft Edge | CVE-2020-17131 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Exchange Server | CVE-2020-17143 | Microsoft Exchange Information Disclosure Vulnerability |
| Microsoft Exchange Server | CVE-2020-17144 | Microsoft Exchange Remote Code Execution Vulnerability |
| Microsoft Exchange Server | CVE-2020-17141 | Microsoft Exchange Remote Code Execution Vulnerability |
| Microsoft Exchange Server | CVE-2020-17117 | Microsoft Exchange Remote Code Execution Vulnerability |
| Microsoft Exchange Server | CVE-2020-17132 | Microsoft Exchange Remote Code Execution Vulnerability |
| Microsoft Exchange Server | CVE-2020-17142 | Microsoft Exchange Remote Code Execution Vulnerability |
| Microsoft Graphics Component | CVE-2020-17137 | DirectX Graphics Kernel Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2020-17098 | Windows GDI+ Information Disclosure Vulnerability |
| Microsoft Office | CVE-2020-17130 | Microsoft Excel Security Feature Bypass Vulnerability |
| Microsoft Office | CVE-2020-17128 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-17129 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-17124 | Microsoft PowerPoint Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-17123 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-17119 | Microsoft Outlook Information Disclosure Vulnerability |
| Microsoft Office | CVE-2020-17125 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-17127 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-17126 | Microsoft Excel Information Disclosure Vulnerability |
| Microsoft Office | CVE-2020-17122 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office SharePoint | CVE-2020-17115 | Microsoft SharePoint Spoofing Vulnerability |
| Microsoft Office SharePoint | CVE-2020-17120 | Microsoft SharePoint Information Disclosure Vulnerability |
| Microsoft Office SharePoint | CVE-2020-17121 | Microsoft SharePoint Remote Code Execution Vulnerability |
| Microsoft Office SharePoint | CVE-2020-17118 | Microsoft SharePoint Remote Code Execution Vulnerability |
| Microsoft Office SharePoint | CVE-2020-17089 | Microsoft SharePoint Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-17136 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-16996 | Kerberos Security Feature Bypass Vulnerability |
| Microsoft Windows | CVE-2020-17138 | Windows Error Reporting Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2020-17092 | Windows Network Connections Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-17139 | Windows Overlay Filter Security Feature Bypass Vulnerability |
| Microsoft Windows | CVE-2020-17103 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-17134 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
| Visual Studio | CVE-2020-17148 | Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability |
| Visual Studio | CVE-2020-17159 | Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability |
| Visual Studio | CVE-2020-17156 | Visual Studio Remote Code Execution Vulnerability |
| Visual Studio | CVE-2020-17150 | Visual Studio Code Remote Code Execution Vulnerability |
| Windows Backup Engine | CVE-2020-16960 | Windows Backup Engine Elevation of Privilege Vulnerability |
| Windows Backup Engine | CVE-2020-16958 | Windows Backup Engine Elevation of Privilege Vulnerability |
| Windows Backup Engine | CVE-2020-16959 | Windows Backup Engine Elevation of Privilege Vulnerability |
| Windows Backup Engine | CVE-2020-16961 | Windows Backup Engine Elevation of Privilege Vulnerability |
| Windows Backup Engine | CVE-2020-16964 | Windows Backup Engine Elevation of Privilege Vulnerability |
| Windows Backup Engine | CVE-2020-16963 | Windows Backup Engine Elevation of Privilege Vulnerability |
| Windows Backup Engine | CVE-2020-16962 | Windows Backup Engine Elevation of Privilege Vulnerability |
| Windows Error Reporting | CVE-2020-17094 | Windows Error Reporting Information Disclosure Vulnerability |
| Windows Hyper-V | CVE-2020-17095 | Hyper-V Remote Code Execution Vulnerability |
| Windows Lock Screen | CVE-2020-17099 | Windows Lock Screen Security Feature Bypass Vulnerability |
| Windows Media | CVE-2020-17097 | Windows Digital Media Receiver Elevation of Privilege Vulnerability |
| Windows SMB | CVE-2020-17096 | Windows NTFS Remote Code Execution Vulnerability |
| Windows SMB | CVE-2020-17140 | Windows SMB Information Disclosure Vulnerability |
Security
- The best gifts for hackers
- The best VPNs in 2020
- Best security keys: Hardware two-factor authentication for online protection
- Best security cameras for business: Google Nest, Ring, Scout, and more
- Cyber security 101: Protect your privacy from hackers, spies, and the government
- Lessons cybersecurity teams need to learn from hackers to beat them at their own game (ZDNet YouTube)
- Top 6 cheap home security devices in 2020 (CNET)
- Cybersecurity best practices: An open letter to end users (TechRepublic)
Related:
Microsoft Windows Security Updates November 2020
Microsoft has released security updates for all support client and server versions of Windows as well as other company products such as Microsoft Office, Microsoft Edge, and Internet Explorer.
Our November 2020 Patch Day overview provides you with details on the released patches. It begins with an executive summary listing the most important bits of information; this is followed by the operating system distribution, details about cumulative updates for Windows, other released security updates, download links, and lots of links to Microsoft support pages.
Check out the October 2020 Security Updates overview here in case you missed it.
Microsoft Windows Security Updates November 2020
You can download the following Excel spreadsheet that includes information about the released security updates in November 2020. It is provided as an archive that you need to extract on the local system. A viewer such as Microsoft Excel or LibreOffice Cacl is needed to open the spreadsheet.
Click on the following link to download the spreadsheet to your system: Security Updates 2020-11-10-070727pm
Executive Summary
- Microsoft released security updates for all supported client and server versions of Windows.
- All server and client versions of Windows are affected by the same two critical vulnerabilities.
- Security updates are also released for Microsoft Office, Internet Explorer, Microsoft Edge, Microsoft Exchange Server, Microsoft Dynamics, Microsoft Windows Codecs Library, Azure Sphere, Windows Defender, Microsoft Teams, Azure SDK, Azure DevOps and Visual Studio.
- Products with known issues: SharePoint Server 2016 and 2019, Windows 10 versions 2004, 1903, 1809, Windows 7, Windows 8.1, Windows Server products and Microsoft Exchange Server
Operating System Distribution
- Windows 7(extended support only): 20 vulnerabilities: 2 critical and 18 important
- CVE 2020 17042 — Windows Print Spooler Remote Code Execution Vulnerability
- CVE 2020 17051 — Windows Network File System Remote Code Execution Vulnerability
- Windows 8.1: 33 vulnerabilities: 2 rated critical and 31 rated important
- CVE 2020 17042 — Windows Print Spooler Remote Code Execution Vulnerability
- CVE 2020 17051 — Windows Network File System Remote Code Execution Vulnerability
- Windows 10 version 1809: 48 vulnerabilities: 2 critical and 45 important, 1 low
- CVE 2020 17042 — Windows Print Spooler Remote Code Execution Vulnerability
- CVE 2020 17051 — Windows Network File System Remote Code Execution Vulnerability
- Windows 10 version 1903 and 1909: 53 vulnerabilities: 2 critical and 54 important, 1 low
- CVE 2020 17042 — Windows Print Spooler Remote Code Execution Vulnerability
- CVE 2020 17051 — Windows Network File System Remote Code Execution Vulnerability
- Windows 10 version 2004 and 20H2: 52 vulnerabilities, 2 critical, 49 important, 1 low
- CVE 2020 17042 — Windows Print Spooler Remote Code Execution Vulnerability
- CVE 2020 17051 — Windows Network File System Remote Code Execution Vulnerability
Windows Server products
- Windows Server 2008 R2 (extended support only): 20 vulnerabilities: 2 critical and 18 important
- CVE 2020 17042 — Windows Print Spooler Remote Code Execution Vulnerability
- CVE 2020 17051 — Windows Network File System Remote Code Execution Vulnerability
- Windows Server 2012 R2: 34 vulnerabilities: 2 critical and 22 important.
- CVE 2020 17042 — Windows Print Spooler Remote Code Execution Vulnerability
- CVE 2020 17051 — Windows Network File System Remote Code Execution Vulnerability
- Windows Server 2016: 40 vulnerabilities: 2 critical and 38 important.
- CVE 2020 17042 — Windows Print Spooler Remote Code Execution Vulnerability
- CVE 2020 17051 — Windows Network File System Remote Code Execution Vulnerability
- Windows Server 2019: 46 vulnerabilities: 2 critical and 44 are important
- CVE 2020 17042 — Windows Print Spooler Remote Code Execution Vulnerability
- CVE 2020 17051 — Windows Network File System Remote Code Execution Vulnerability
Other Microsoft Products
- Internet Explorer 11: 3 vulnerabilities: 3 critical
- CVE 2020 17052 — Scripting Engine Memory Corruption Vulnerability
- CVE 2020 17053 — Internet Explorer Memory Corruption Vulnerability
- CVE 2020 17058 — Microsoft Browser Memory Corruption Vulnerability
- Microsoft Edge (classic): 4 vulnerabilities: 3 critical, 1 important
- CVE 2020 17048 — Chakra Scripting Engine Memory Corruption Vulnerability
- CVE 2020 17052 — Scripting Engine Memory Corruption Vulnerability
- CVE 2020 17058 — Microsoft Browser Memory Corruption Vulnerability
- Microsoft Edge (Chromium)
- see here (latest security patches from the Chromium project)
Windows Security Updates
Windows 7 SP1 and Windows Server 2008 R2
Updates and improvements:
- Corrects DST start date for Fiji Islands to December 20, 2020
- Security updates
Windows 8.1 and Windows Server 2012 R2
Updates and improvements:
- Corrects DST start date for Fiji Islands to December 20, 2020
- Security updates
- Administrators may enable “Save Target As” in Group Policy for Microsoft Edge IE Mode (Monthly Rollup only).
- Fixes an issue with LDAP session authentication (Monthly Rollup only).
Windows 10 version 1809
- Cumulative Update: KB4586793
Updates and improvements:
- Corrects DST start date for Fiji Islands to December 20, 2020
- Security updates
Windows 10 version 1903 and 1909
- Cumulative Update: KB4586786
Updates and improvements:
- Corrects DST start date for Fiji Islands to December 20, 2020
- Fixed an issue with the package frame launcher.
- Security updates
Windows 10 version 2004 and 20H2
- Cumulative Update: KB4586781
Updates and improvements:
- Corrects DST start date for Fiji Islands to December 20, 2020
- Security updates
Other security updates
KB4586768 — 2020-11 Cumulative Security Update for Internet Explorer
KB4586807 — 2020-11 Security Monthly Quality Rollup for Windows Server 2008
KB4586817 — 2020-11 Security Only Quality Update for Windows Server 200
KB4586808 — 2020-11 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012
KB4586834 — 2020-11 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012
KB4586787 — 2020-11 Cumulative Update for Windows 10 Version 1507
KB4586782 — 2020-11 Cumulative Update for Windows 10 Version 1703
KB4586785 — 2020-11 Cumulative Update for Windows 10 Version 1803
KB4586830 — 2020-11 Cumulative Update for Windows Server 2016 and Windows 10 Version 1607
Known Issues
Windows 7 SP1 and Server 2008 R2
- Updates will uninstall if the system is not subscribed to ESU (Extended Security Updates).
- Certain rename operations may fail on Cluster Shared Volumes. Workarounds available.
Windows 8.1 and Server 2012 R2
- Certain rename operations may fail on Cluster Shared Volumes. Workarounds available.
Windows 10 version 1809
- Some Asian language packs may throw the error “0x800f0982 – PSFX_E_MATCHING_COMPONENT_NOT_FOUND”. Microsoft suggest to remove the language packs and reinstall them, update Windows to the latest version, or Reset the PC.
Windows 10 version 1903, 1909, 2004, 20H2
- System and user certificates may be lost when updating from Windows 10 version 1809 or later to a newer version of Windows 10. This happens mainly when managed devices are updated using outdated bundles or media according to Microsoft. Devices that use Windows Update or Windows Update for Business are not impacted. Microsoft suggests to go back to the previous version of Windows to fix the issue.
Security advisories and updates
ADV 990001 — Latest Servicing Stack Updates
Non-security related updates
KB4497165 — 2020-09 Update for Windows Server, version 1909, Windows 10 Version 1909, Windows Server 2019 (1903), and Windows 10 Version 1903
KB4558130 — 2020-09 Update for Windows Server, version 2004 and Windows 10 Version 2004
KB4580419 — 2020-11 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server, version 20H2, Windows 10 Version 20H2, Windows Server, version 2004, and Windows 10 Version 2004
KB4580980 — 2020-11 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server, version 1909, Windows 10 Version 1909, Windows Server 2019 (1903), and Windows 10 Version 1903
KB4585207 — 2020-11 Cumulative Update for .NET Framework 4.8 for Windows Server 2016 and Windows 10 Version 1607
KB4585208 — 2020-11 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1703
KB4585210 — 2020-11 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1803 and Windows Server 2016
KB4586082 — 2020-11 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows Server 2019 and Windows 10 Version 1809
KB4589198 — 2020-11 Update for Windows 10 Version 1507
KB4589206 — 2020-11 Update for Windows 10 Version 1803
KB4589208 — 2020-11 Update for Windows Server 2019 and Windows 10 Version 1809
KB4589210 — 2020-11 Update for Windows Server 2016 and Windows 10 Version 1607
KB4589211 — 2020-11 Update for Windows Server, version 1909, Windows 10 Version 1909, Windows Server 2019 (1903), and Windows 10 Version 1903
KB4589212 — 2020-11 Update for Windows Server, version 20H2, Windows 10 Version 20H2, Windows Server, version 2004, and Windows 10 Version 2004
KB890830 — Windows Malicious Software Removal Tool
KB4585204 — 2020-11 Security and Quality Rollup for .NET Framework 4.6 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008
KB4585205 — 2020-11 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2
KB4585211 — 2020-11 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded 8 Standard and Windows Server 2012
KB4585212 — 2020-11 Security and Quality Rollup for .NET Framework 4.8 for Windows 8.1 and Windows Server 2012 R2
KB4585213 — 2020-11 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012
KB4585214 — 2020-11 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Windows Server 2012 R2
KB4586083 — 2020-11 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2
KB4586084 — 2020-11 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded 8 Standard and Windows Server 2012
KB4586085 — 2020-11 Security and Quality Rollup for .NET Framework 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 and Windows Server 2012 R2
KB4586086 — 2020-11 Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 for Windows Server 2008
Microsoft Office Updates
You find Office update information here.
How to download and install the November 2020 security updates
The November 2020 security patches are already available for all supported versions of Windows and other Microsoft products. Home users get these via Windows Updates or direct downloads, business customers and Enterprises get these via update management systems such as WSUS predominantly.
Updates are installed automatically by default on Home systems, but you can run a manual check for updates to download and install these earlier.
Note: we recommend that you create a backup of important data, better the entire system, before you install updates.
Do this to manually check for updates:
- Open the Start Menu of the Windows operating system, type Windows Update and select the result.
- Select check for updates in the application that opens. Updates may be installed automatically when they are found or offered by Windows; this depends on the operating system and version that is used, and update settings.
Direct update downloads
Below are resource pages with direct download links, if you prefer to download the updates to install them manually.
Windows 7 and Server 2008 R2
- KB4586827 — 2020-11 Security Monthly Quality Rollup for Windows 7
- KB4586805 — 2020-11 Security Only Quality Update for Windows 7
Windows 8.1 and Windows Server 2012 R2
- KB4586845 — 2020-11 Security Monthly Quality Rollup for Windows 8.1
- KB4586823 — 2020-11 Security Only Quality Update for Windows 8.1
Windows 10 (version 1809)
- KB4586793 — 2020-11 Cumulative Update for Windows 10 Version 1809
Windows 10 (version 1903)
- KB4586786 — 2020-11 Cumulative Update for Windows 10 Version 1903
Windows 10 (version 1909)
- KB4586786 — 2020-11 Cumulative Update for Windows 10 Version 1909
Windows 10 (version 2004)
- KB4586781 — 2020-11 Cumulative Update for Windows 10 Version 2004
Windows 10 (version 20H2)
- KB4586781 — 2020-11 Cumulative Update for Windows 10 Version 20H2
Additional resources
- November 2020 Security Updates release notes
- List of software updates for Microsoft products
- List of the latest Windows Updates and Services Packs
- Security Updates Guide
- Microsoft Update Catalog site
- Our in-depth Windows update guide
- How to install optional updates on Windows 10
- Windows 10 Update History
- Windows 8.1 Update History
- Windows 7 Update History
Summary
Article Name
Microsoft Windows Security Updates November 2020 overview
Description
Microsoft released security updates and non-security updates for all supported versions of the company’s Windows operating system, client and server, as well as other company products such as Microsoft Office on the November 2020 Patch Day.
Author
Martin Brinkmann
Publisher
Ghacks Technology News
Logo
Related:
Q118/SQL.injection
Dismiss. Join GitHub today. GitHub is home to over 50 million developers working together to host and review code, manage projects, and build …
Related:
Microsoft Exchange Servers Still Open to Actively Exploited Flaw
Over half of exposed Exchange servers are still vulnerable to a severe bug that allows authenticated attackers to execute code remotely with system privileges – even eight months after Microsoft issued a fix.
The vulnerability in question (CVE-2020-0688) exists in the control panel of Exchange, Microsoft’s mail server and calendaring server. The flaw, which stems from the server failing to properly create unique keys at install time, was fixed as part of Microsoft’s February Patch Tuesday updates – and admins in March were warned that unpatched servers are being exploited in the wild by unnamed advanced persistent threat (APT) actors.
However, new telemetry found that out of 433,464 internet-facing Exchange servers observed, at least 61 percent of Exchange 2010, 2013, 2016 and 2019 servers are still vulnerable to the flaw.
“There are two important efforts that Exchange administrators and infosec teams need to undertake: verifying deployment of the update and checking for signs of compromise,” said Tom Sellers with Rapid7 in a Tuesday analysis.
Speaking of Exchange, we took another look at Exchange CVE-2020-0688 (any user -> SYSTEM on OWA).
It’s STILL 61% unpatched.
This is dangerous as hell and there is a reliable Metasploit module for it.
See the UPDATED information on the ORIGINAL blog:https://t.co/DclWb3T0mZ
— Tom Sellers (@TomSellers) September 29, 2020
Researchers warned in a March advisory that unpatched servers are being exploited in the wild by unnamed APT actors. Attacks first started in late February and targeted “numerous affected organizations,” researchers said. They observed attackers leverage the flaw to run system commands to conduct reconnaissance, deploy webshell backdoors and execute in-memory frameworks, post-exploitation.
Previously, in April, Rapid7 researchers found that more than 80 percent of servers were vulnerable; out of 433,464 internet-facing Exchange servers observed, at least 357,629 were open to the flaw (as of March 24). Researchers used Project Sonar, a scanning tool, to analyze internet-facing Exchange servers and sniff out which were vulnerable to the flaw.
Exchange build number distribution status for flaw. Credit: Rapid7
Sellers urged admins to verify that an update has been deployed. The most reliable method to do so is by checking patch-management software, vulnerability-management tools or the hosts themselves to determine whether the appropriate update has been installed, he said.
“The update for CVE-2020-0688 needs to be installed on any server with the Exchange Control Panel (ECP) enabled,” he said. “This will typically be servers with the Client Access Server (CAS) role, which is where your users would access the Outlook Web App (OWA).”
With the ongoing activity, admins should also determine whether anyone has attempted to exploit the vulnerability in their environment. The exploit code that Sellers tested left log artifacts in the Windows Event Log and the IIS logs (which contain HTTP server API kernel-mode cache hits) on both patched and unpatched servers: “This log entry will include the compromised user account, as well as a very long error message that includes the text invalid viewstate,” he said.
Admins can also review their IIS logs for requests to a path under /ecp (usually /ecp/default.aspx), Sellers said, These should contain the string __VIEWSTATE and __VIEWSTATEGENERATOR – and will have a long string in the middle of the request that is a portion of the exploit payload.
“You will see the username of the compromised account name at the end of the log entry,” he said. “A quick review of the log entries just prior to the exploit attempt should show successful requests (HTTP code 200) to web pages under /owa and then under /ecp.”
On October 14 at 2 PM ET Get the latest information on the rising threats to retail e-commerce security and how to stop them. Register today for this FREE Threatpost webinar, “Retail Security: Magecart and the Rise of e-Commerce Threats.” Magecart and other threat actors are riding the rising wave of online retail usage and racking up big numbers of consumer victims. Find out how websites can avoid becoming the next compromise as we go into the holiday season. Join us Wednesday, Oct. 14, 2-3 PM ET for this LIVE webinar.
Related:
mohtasimhadi/Team_Spectre-Ministerium_Hospital_Solution
Dismiss. Join GitHub today. GitHub is home to over 50 million developers working together to host and review code, manage projects, and build …
Related:
ASHWIN776/Sql_Injection
Vulnerable website hacked with SQL Injection. Contribute to ASHWIN776/Sql_Injection development by creating an account on GitHub.
Related:
eb4nned/python-blind-sqli-tool-and-php-lab
PHP SQL Injection LAB and Python Tool. Contribute to eb4nned/python-blind-sqli-tool-and-php-lab development by creating an account on GitHub.
Related:
Citrix Provisioning Target Device Boot Failure “Error: “Status 0xc000000e. A required device isn't connect or can't be accessed “
While booting a physical Target Device the Target fails with a BSOD:
“Status 0xc000000e. A required device isn’t connected or can’t be accessed”
Although the physical device from which the vDisk was created does boot without error, all subsequent Targets fail.
Related:
Hacme Casino Sql Injection Definition
SQL Injection Vulnerabilities and How to Prevent Them. GitHub – spinkham/Hacme-Casino: Intentionally vulnerable. atacando hacme casino – …