peangdao – stock.adobe.com
Microsoft has dropped an almost trivially sized update for the final Patch Tuesday of 2020 – in comparison to some of the behemoths seen this year – with fixes for a mere 58 common vulnerabilities and exposures (CVEs), but with nine critical bugs disclosed, security teams should as always pay prompt attention to patching them.
The most important vulnerabilities, none of which appear to be being exploited in the wild by malicious actors, exist in Exchange, SharePoint, Hyper-V, Chakra Scripting, and a small number of other workstation vulnerabilities.
Among them are five remote code execution (RCE) vulnerabilities in Exchange (CVEs 2020-17141, -17142, –17144, -17117 and -17132), which could allow an attacker to run code as system by sending a malicious email, and should be prioritised on all Exchange servers; two RCE’s in SharePoint, (CVEs 2020-17121 and -17118) that could enable an authenticated attacker to gain access to create a site and execute code remotely within the kernel; and one RCE vulnerability in Hyper-V (CVE-2020-17095) that, if exploited, gives the ability to run malicious programs on a Hyper-V virtual machine and execute arbitrary code on the host when it fails to correctly validate vSMB packet data.
“From a priority standpoint, I recommend focusing on the on-premise Exchange servers under your management, then turn towards your SharePoint installations. Then give special attention to any internet-facing systems for the SMBv2 vulnerability, and then get those Hyper-V servers patched. Desktops and Office products can be patched on their regular patch schedule,” said Gil Langston, head security nerd at SolarWinds MSP.
Reflecting on the lighter load for security teams as the year closes out, Langston said: “This is the final Patch Tuesday of 2020, a year full of 100+ vulnerabilities fixed in almost every month. As with many things in December, it is a little quieter. There were roughly half as many vulnerabilities this month, and none that have active attacks or require emergency patching. I am sure that comes as a relief to many of you as things start to wind down for the holidays.
“This year has been one of the highest vulnerability counts I have seen since I started reviewing the patch releases some years ago. This is likely due to the additional attention vulnerabilities have been getting from the increasing amount of research teams that participate in vulnerability research programs like Microsoft’s,” he said.
“This is a good thing, as discovering and patching them early greatly reduces the risk to environments that maintain a good patch schedule. And with the increasing complexity and volume of attacks we have seen this year, defenders need all the help they can get.”
Recorded Future’s Allan Liska agreed: “This has been a busy year for Microsoft vulnerabilities. Prior to December’s Patch Tuesday release, Microsoft had announced 1,198 total vulnerabilities in 2020, an average of almost 109 vulnerabilities per month,” he said.
“Compare this to 800 vulnerabilities disclosed in all of 2019, an average of just over 66 per month. So, if you feel like you have been a lot busier in 2020 managing your vulnerability programme, you are not imagining things.”
Looking back at the bumper crop of vulnerabilities Microsoft disclosed across the entirety of 2020, Liska said there had been a number of highly impactful and well-exploited bugs, many of which remain highly dangerous.
These include CVE-2020-0674, disclosed in February, a memory corruption vulnerability in the Internet Explorer scripting engine; CVE-2020-1472 or Zerologon, first published in August but that sprang to prominence in September as a “near perfect” elevation of privilege vulnerability that is now being exploited by ransomware gangs including Clop and Ryuk; CVE-2020-0796, or GhostSMB, another RCE vulnerability that is wormable and to which many thousands of systems remain at risk; and CVE-2020-1350, an RCE vulnerability in Windows DNS server that is complicated to exploit but is particularly dangerous because it is being used in advanced operations by competent nation-state actors.
In this e-guide, we will explore the links between ransomware attacks, data breaches and identity theft. First, Nicholas Fearn investigates the phenomenon of the double extortion attack, and shares some insider advice on how to stop them, while we’ll explore the top five ways data backups can protect against ransomware in the first place.
The antitrust lawsuits allege Facebook impeded competition by buying up rivals to control the market.
Although 5G is still years away from mainstream adoption, some enterprises have started rolling out use cases that can deliver …
CIO dashboards can be a vital tool for assessing metrics in real time to gain insight on IT performance and support better …
While no zero-day exploits were included in the red team tools, FireEye released detection rules and known vulnerabilities to …
Enterprises struggle to get the most out of their security operation centers. Using the proper SOC metrics and KPIs can help. …
Companies looking to introduce security testing earlier into software development must look past myths and understand what to …
The Aruba Fabric Composer is best suited for a CX switching fabric within a small and midsize data center. The company also …
Network performance is a top issue among IT teams and remote workers amid the pandemic and can correlate with other technical …
The Apstra acquisition could help Juniper sell networking hardware and software to heterogeneous data centers and large-scale …
Colocation facility costs can include anything from power fees and bandwidth service charges to connectivity expenses, change …
In any multi-tenant IT environment, noisy neighbors can be an issue. Here’s a closer look at how the challenges differ in the …
Use this data center selection checklist to make fair and comprehensive comparisons between colocation data center providers …
Raj Verma, CEO of SingleStore, explains why the vendor rebranded from MemSQL and how its platform is more than just an in-memory …
Collibra CEO discusses the importance of data governance for enterprises and how to tie data governance to business terminology …
The enterprise edition of the MySQL database is being enhanced on Oracle Cloud Infrastructure to enable users to run analytics …
All Rights Reserved, Copyright 2000 – 2020, TechTarget
Privacy Policy
Cookie Preferences
Do Not Sell My Personal Info
