Posted: 14 Min ReadThreat Intelligence

Microsoft Patch Tuesday – January 2020

This month the vendor has patched 49 vulnerabilities, 8 of which are rated Critical.

This month the vendor has patched 49 vulnerabilities, 8 of which are rated Critical.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the January 2020 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance

 

This month's update covers vulnerabilities in:

  • Internet Explorer
  • Microsoft Office
  • Microsoft Windows
  • Microsoft Windows Kernel
  • Windows Hyper-V
  • Microsoft Graphics Component
  • ASP .NET
  • .NET Framework
  • Microsoft Dynamics
  • Microsoft OneDrive for Android

 

The following is a breakdown of the issues being addressed this month:

  1. Security Update for Internet Explorer

    Internet Explorer Memory Corruption Vulnerability (CVE-2020-0640) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
  2. Cumulative Security Updates for Microsoft Office

    Microsoft Office Online Spoofing Vulnerability (CVE-2020-0647) MS Rating: Important

    A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications correctly. An attacker could exploit the vulnerability by sending a specially crafted request to an affected site.

    Microsoft Excel Remote Code Execution Vulnerability (CVE-2020-0650) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

    Microsoft Excel Remote Code Execution Vulnerability (CVE-2020-0651) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

    Microsoft Excel Remote Code Execution Vulnerability (CVE-2020-0652) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

    Microsoft Excel Remote Code Execution Vulnerability (CVE-2020-0653) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.
  3. Cumulative Security Updates for Microsoft Windows

    Windows RDP Gateway Server Remote Code Execution Vulnerability (CVE-2020-0610) MS Rating: Critical

    A remote code execution vulnerability exists in the Windows Remote Desktop Protocol (RDP) Gateway Server when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction.

    Remote Desktop Client Remote Code Execution Vulnerability (CVE-2020-0611) MS Rating: Critical

    A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client.

    Windows RDP Gateway Server Remote Code Execution Vulnerability (CVE-2020-0609) MS Rating: Critical

    A remote code execution vulnerability exists in the Windows Remote Desktop Protocol (RDP) Gateway Server when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction.

    Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601) MS Rating: Important

    A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32. dll) validates Elliptic Curve Cryptography (ECC) certificates.

    Windows Remote Desktop Protocol (RDP) Gateway Server Denial of Service Vulnerability (CVE-2020-0612) MS Rating: Important

    A denial of service vulnerability exists in Remote Desktop Protocol (RDP) Gateway Server when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP Gateway service on the target system to stop responding.

    Windows Search Indexer Privilege Escalation Vulnerability (CVE-2020-0613) MS Rating: Important

    A privilege escalation vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

    Windows Search Indexer Privilege Escalation Vulnerability (CVE-2020-0614) MS Rating: Important

    A privilege escalation vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

    Windows Common Log File System Driver Information Disclosure Vulnerability (CVE-2020-0615) MS Rating: Important

    An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed.

    Microsoft Windows Denial of Service Vulnerability (CVE-2020-0616) MS Rating: Important

    A denial of service vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.

    Microsoft Cryptographic Services Privilege Escalation Vulnerability (CVE-2020-0620) MS Rating: Important

    A privilege escalation vulnerability exists when Microsoft Cryptographic Services improperly handles files. An attacker could exploit the vulnerability to overwrite or modify a protected file leading to a privilege escalation.

    Windows Security Bypass Vulnerability (CVE-2020-0621) MS Rating: Important

    A security bypass vulnerability exists in Windows 10 when third party filters are called during a password update. Successful exploitation of the vulnerability could allow a user to make use of a blocked password for their account.

    Windows Search Indexer Privilege Escalation Vulnerability (CVE-2020-0623) MS Rating: Important

    A privilege escalation vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

    Windows Search Indexer Privilege Escalation Vulnerability (CVE-2020-0625) MS Rating: Important

    A privilege escalation vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

    Windows Search Indexer Privilege Escalation Vulnerability (CVE-2020-0626) MS Rating: Important

    A privilege escalation vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

    Windows Search Indexer Privilege Escalation Vulnerability (CVE-2020-0627) MS Rating: Important

    A privilege escalation vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

    Windows Search Indexer Privilege Escalation Vulnerability (CVE-2020-0628) MS Rating: Important

    A privilege escalation vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

    Windows Search Indexer Privilege Escalation Vulnerability (CVE-2020-0629) MS Rating: Important

    A privilege escalation vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

    Windows Search Indexer Privilege Escalation Vulnerability (CVE-2020-0630) MS Rating: Important

    A privilege escalation vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

    Windows Search Indexer Privilege Escalation Vulnerability (CVE-2020-0631) MS Rating: Important

    A privilege escalation vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

    Windows Search Indexer Privilege Escalation Vulnerability (CVE-2020-0632) MS Rating: Important

    A privilege escalation vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

    Windows Search Indexer Privilege Escalation Vulnerability (CVE-2020-0633) MS Rating: Important

    A privilege escalation vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

    Windows Common Log File System Driver Privilege Escalation Vulnerability (CVE-2020-0634) MS Rating: Important

    A privilege escalation vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

    Windows Privilege Escalation Vulnerability (CVE-2020-0635) MS Rating: Important

    A privilege escalation vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links. An attacker who successfully exploited this vulnerability could potentially set certain items to run at a higher level and thereby elevate permissions.

    Windows Subsystem for Linux Privilege Escalation Vulnerability (CVE-2020-0636) MS Rating: Important

    A privilege escalation vulnerability exists in the way that the Windows Subsystem for Linux handles files. An attacker who successfully exploited the vulnerability could execute code with elevated privileges.

    Remote Desktop Web Access Information Disclosure Vulnerability (CVE-2020-0637) MS Rating: Important

    An information disclosure vulnerability exists when Remote Desktop Web Access improperly handles credential information. An attacker who successfully exploited this vulnerability could obtain legitimate users' credentials.

    Update Notification Manager Privilege Escalation Vulnerability (CVE-2020-0638) MS Rating: Important

    A privilege escalation vulnerability exists in the way the Update Notification Manager handles files. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.

    Windows Common Log File System Driver Information Disclosure Vulnerability (CVE-2020-0639) MS Rating: Important

    An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed.

    Microsoft Windows Privilege Escalation Vulnerability (CVE-2020-0641) MS Rating: Important

    A privilege escalation vulnerability exists in Windows Media Service that allows file creation in arbitrary locations.

    Windows Privilege Escalation Vulnerability (CVE-2020-0644) MS Rating: Important

    A privilege escalation vulnerability exists when Microsoft Windows implements predictable memory section names. An attacker who successfully exploited this vulnerability could run arbitrary code as system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
  4. Cumulative Security Updates for Microsoft Windows Kernel

    Win32k Information Disclosure Vulnerability (CVE-2020-0608) MS Rating: Important

    An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

    Win32k Privilege Escalation Vulnerability (CVE-2020-0642) MS Rating: Important

    An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability.

    Win32k Privilege Escalation Vulnerability (CVE-2020-0624) MS Rating: Important

    A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
  5. Security Update for Windows Hyper-V

    Hyper-V Denial of Service Vulnerability (CVE-2020-0617) MS Rating: Important

    A denial of service vulnerability exists when Microsoft Hyper-V Virtual PCI on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash.
  6. Cumulative Security Updates for Microsoft Graphics Component

    Microsoft Graphics Components Information Disclosure Vulnerability ( CVE-2020-0607 ) MS Rating: Important

    An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information that could be useful for further exploitation.

     

    Microsoft Graphics Component Information Disclosure Vulnerability (CVE-2020-0622) MS Rating: Important

    An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

    Windows GDI+ Information Disclosure Vulnerability (CVE-2020-0643) MS Rating: Important

    A privilege escalation vulnerability exists when Microsoft Windows implements predictable memory section names. An attacker who successfully exploited this vulnerability could run arbitrary code as system.
  7. Cumulative Security Updates for ASP .NET

    ASP.NET Core Remote Code Execution Vulnerability (CVE-2020-0603) MS Rating: Critical

    A remote code execution vulnerability exists in ASP. NET Core software when the software fails to handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

    ASP.NET Core Denial of Service Vulnerability (CVE-2020-0602) MS Rating: Important

    A denial of service vulnerability exists when ASP. NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application.
  8. Cumulative Security Updates for .NET Framework

    .NET Core Remote Code Execution Vulnerability (CVE-2020-0605) MS Rating: Critical

    A remote code execution vulnerability exists in . NET software when the software fails to check the source markup of a file.

    .NET Framework Remote Code Execution Injection Vulnerability (CVE-2020-0606) MS Rating: Critical

    A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.

    .NET Framework Remote Code Execution Injection Vulnerability (CVE-2020-0646) MS Rating: Critical

    A remote code execution vulnerability exists when the Microsoft . NET Framework fails to validate input properly.
  9. Security Update for Microsoft Dynamics

    Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability (CVE-2020-0656) MS Rating: Important

    A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server.
  10. Security Update for Microsoft OneDrive for Android

    Microsoft OneDrive for Android Security Bypass Vulnerability (CVE-2020-0654) MS Rating: Important

    A security bypass vulnerability exists in Microsoft OneDrive App for Android. This could allow an attacker to bypass the passcode or fingerprint requirements of the App.

More information is available on Symantec's free Security Center portal and to our customers through the DeepSight Threat Management System.

About the Author

Preethi Koroth

Threat Analysis Engineer

Preethi Koroth is a member of Symantec's Cyber Security Services organization which provides round-the-clock monitoring and protection services against cyber attacks.