December M$ Patch Tuesday Summary

Microsoft released the last patch cycle for 2020 and initial looks appear to be a light month overall by shear volume, not severity.  M$ released 58 fixes in December, this is well below what we’ve been used to seeing coming out of Redmond each month.   Even with the low number overall, 22 of the 58 are RCEs (Remote Code Execution) vulnerabilities.

As mentioned last month unfortunately MS has removed much of the detail of what each vulnerability is exactly, so we’ve hit the highlights below of each. 

In my professional opinion I rate Exchange as the highest risk with Sharepoint as a close second due to the need for availability outside of network walls. Those patch breakdowns are as follows:    

Exchange RCEs- 

CVE 2020 17143  –  “The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information.”  Attack Complexity: low, Privilege required: low, + no user interaction = patch immediately.  Proof of concept is available for this CVE.

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17143

CVE 2020 17144- “The vulnerability occurs due to improper validation of cmdlet arguments.”  Attack complexity: low, User interaction to exploit is required.  Whereas this is not being publicly exploited right now, there is a proof of concept for this CVE so time is of the essence to to patch, don’t wait.

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17144

CVE 2020 17141- “the attacker must be authenticated.” So prior successful harvesting of credentials or acquisition of an active session is a prerequisite to exploitation.  Proof of concept is available.

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17141

CVE 2020 17117- Not many details available for this one at all, Proof of concept available, no user interaction required however attack complexity is high. 

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17117

CVE 2020 17132– “The vulnerability occurs due to improper validation of cmdlet arguments.”  User authentication is required to exploit, however once acquired Attach complexity is low and no user interaction required.

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17132

CVE 2020 17142- different CVE but a repeat of the details above for CVE-2020-17132.

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17142

Overall summary – Patch Exchange now

Sharepoint RCEs-

CVE 2020 17118- MS rates this one as exploitation likely even though it is not currently being seen in the wild.  A proof of concept is available, Complexity of attack is rated as low however there is some sort of user interaction that is required.  Its Sharepoint, its an RCE, patch ASAP. 

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17118

CVE-2020-17121– “In a network-based attack an attacker can gain access to create a site and could execute code remotely within the kernel. The user would need to have privileges.”  Attack complexity rated as low, privileges required is low and no user interaction makes this CVE concerning.

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17121

Other Patches to Note:

NTFS RCE

CVE 2020 17096– “A local attacker could run a specially crafted application that would elevate the attacker’s privileges.  A remote attacker with SMBv2 access to a vulnerable system could send specially crafted requests over a network to exploit this vulnerability and execute code on the target system.”  This CVE is not currently being exploited in the wild but exploitation is likely even though a proof of concept does not exist.

Lastly don’t forget Adobe Flash EOL is coming 12/31/2020, if not already removed from all aspects of your network there should be a plan in place ready to execute.

https://docs.microsoft.com/en-us/lifecycle/announcements/adobe-flash-end-of-support

References:

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17096

https://www.zdnet.com/article/microsoft-december-2020-patch-tuesday-fixes-58-vulnerabilities/

https://krebsonsecurity.com/2020/12/patch-tuesday-good-riddance-2020-edition/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: