[ad_1]
Microsoft has broken its long streak of Patch Tuesday updates with a slimmer version, compared to the last few months, October 2020, which contains fixes for 87 vulnerabilities, 11 of them rated critical.
As always, the October update covers a multitude of software products, including Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, Microsoft JET Database Engine, Azure Functions, Open Source Software, Microsoft Exchange Server, Visual Studio, PowerShellGet, Microsoft. NET Framework, Microsoft Dynamics, Adobe Flash Player, and the Microsoft Windows Codec Library.
Six of the Common Vulnerabilities and Exposures (CVE) listed in the October update have already been publicly disclosed, meaning malicious actors unfortunately have an advantage in weaponizing them.
“Public disclosure could mean a couple of things,” said Todd Schell, Ivanti’s senior product manager. “It may be that a demonstration of exploitation was made at an event or by a researcher. It could also mean that a proof of concept code has been made available. In any case, a public disclosure means that threat actors have an early warning of a vulnerability and this gives them an advantage.
“The average time to exploit a vulnerability is 22 days, according to a research study from the RAND Institute. If a threat actor receives advance notice of a vulnerability, it could have a lead of days or even weeks, meaning an exploit may not be far behind. This is a risk indicator that can help companies prioritize what to act first from a threat perspective. “
Five of the publicly released updates affect Windows 10 and its corresponding server editions – these are CVE 2020-16898, -16909, -16901, -16885, and -16938. The sixth, CVE-2020-16937, affects the .NET Framework.
Of the six publicly disclosed vulnerabilities, threat researchers are evaluating CVE-2020-16898 as the most dangerous. Nicknamed “Bad Neighbor” by McAfee, it is a Remote Code Execution (RCE) vulnerability in Windows 10 and Windows Server 2019 that exists when the Windows TCP / IP stack incorrectly handles ICMPv6 router ad packets. It can be exploited successfully by sending a specially crafted package to a remote Windows computer.
Steve Povolny, head of advanced threat research at McAfee, said the most obvious impact would be for consumers running Windows 10 machines, but that with automated updates this would quickly be minimized. He added that Shodan.io queries had suggested that the number of publicly exposed Windows Server 2019 machines was probably in the hundreds, probably because most are behind firewalls or hosted by cloud service providers, so they don’t appear in the scans.
“Patching is always the first and most effective course of action,” Povolny wrote. “If this is not possible, the best mitigation is to disable IPv6, either at the NIC or at the network edge by removing IPv6 traffic if it is not essential. Additionally, ICMPv6 router advertisements can be blocked or removed at the network perimeter. Windows Defender and Windows Firewall cannot block proof of concept when enabled. “
Ivanti’s Schell also pointed to CVEs 2020-16947 and -16891 as the ones to watch out for. The first is an RCE vulnerability in Microsoft Outlook, which is easily exploited when viewing specially crafted email, and the second is an RCE vulnerability in Windows Hyper-V.
Recorded Future’s Allan Liska also highlighted CVE 2020-16911, an RCE vulnerability that exists in the way the Windows Graphics Device Interface handles objects in memory, exploitable by luring the target to a compromised website with a specially crafted document, and -16909, a privilege escalation. Vulnerability in Windows Bug Report affecting Windows 10 and Windows Servers 2016 and 2019.
Although lighter than it has been for many months, October Patch Tuesday still deserves a lot of attention, according to Gill Langston, chief security expert at SolarWinds MSP, who said: “I recommend addressing Windows TCP / IP vulnerabilities first. , with the highest priority in any Internet-oriented systems. Then patch those RDP servers as Remote Desktop seems to be one of the most popular attack vectors these days.
“Next, focus on patching your Hyper-V systems and then patching workstations, especially those running Outlook, and finally your SharePoint servers, which should be a regular part of your routine by now, considering the volume of vulnerabilities from SharePoint that fixed this year. “
Justin Knapp, Automox Product Marketing Manager, added: “This may not be a record month in terms of total quantity, but October presents a family challenge that continues to persist in the form of delayed patch deployments, unfortunately increasing the risk at a time when the frequency of attack increases.
“With remote working further complicating things, we are witnessing a major shift in the IT landscape to lean on cloud-based solutions for distribution just to keep pace with the never-ending flow of updates in an increasingly distributed workforce. “.
