Microsoft’s September Patch Tuesday saw the technology giant releasing updates to address 129 vulnerabilities: 23 of which were deemed critical, 105 were important, and the rest were moderate in severity. The latest Patch Tuesday addressed vulnerabilities in Microsoft Windows, the Edge browser, ChakraCore, Internet Explorer, SQL Server, Office and Office Services and Web Apps, Microsoft Dynamics, Visual Studio, Exchange Server, ASP.NET, OneDrive, and Azure DevOps.
The most critical ones identified in the Patch Tuesday include:
- SharePoint (CVE-2020-1200, CVE-2020-1210, CVE-2020-1452, CVE-2020-1453, CVE-2020-1576, CVE-2020-1595)
- SharePoint Server (CVE-2020-1460)
- Graphics Device Interface (CVE-2020-1285)
- Dynamics 365 systems (CVE-2020-16857, CVE-2020-16862)
- Media Audio Decoder (CVE-2020-1593, CVE-2020-1508)
- COM for Windows (CVE-2020-0922)
- Text Service Module (CVE-2020-0908)
- Codecs Library (CVE-2020-1319, CVE-2020-1129)
- Camera Codec Pack (CVE-2020-0997)
- Visual Studio (CVE-2020-16874)
Among the vulnerabilities were a crop of RCEs in Microsoft Office products, which particularly concerns students and teachers during the time of COVID-19 and e-learning. “Some of the most severe vulnerabilities in this month’s release include a pair of remote code execution flaws in Microsoft SharePoint and a critical vulnerability in Microsoft Exchange Server. CVE-2020-1210 is a vulnerability in SharePoint due to a failure to check an application package’s source markup. To exploit this flaw, an attacker would need to be able to upload a SharePoint application package to a vulnerable SharePoint site. This vulnerability is reminiscent of a similar SharePoint remote code execution flaw, CVE-2019-0604, that has been exploited in the wild by threat actors since at least April 2019,” stated Satnam Narang, Staff Research Engineer at Tenable, in a recent release to CISO MAG.
He added, “CVE-2020-1576 is another SharePoint flaw patched this month that’s also similar to CVE-2020-1210.CVE-2020-16875 is a memory corruption vulnerability in Microsoft Exchange Server due to improper handling of objects in memory. Exploitation of this flaw would simply require an attacker to send a malicious email containing the exploit code to a vulnerable Exchange server. This vulnerability would allow the attacker to run arbitrary code, which could grant them access to create new accounts, access, modify or remove data, and install programs.”
System administrators are advised to review the threat posed by RCE vulnerabilities as they could be exploited on Windows or SharePoint to corrupt or erase system data.