Tuesday, May 12, 2020

Microsoft Patch Tuesday — May 2020: Vulnerability disclosures and Snort coverage


By Jon Munshaw. 

Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 111 vulnerabilities. Fifteen of the flaws Microsoft disclosed are considered critical. There are also 95 "important" vulnerabilities and six low- and moderate-severity vulnerabilities each.

Cisco Talos specifically disclosed CVE-2020-0901, a code execution vulnerability in Excel. This month’s security update also covers security issues in a variety of Microsoft services and software, including SharePoint, Media Foundation and the Chakra scripting engine.

Talos also released a new set of SNORTⓇ rules that provide coverage for some of these vulnerabilities. For more, check out the full Snort rule advisory here.

Critical vulnerabilities 

Microsoft disclosed 15 critical vulnerabilities, five of which we will highlight below.

CVE-2020-1023CVE-2020-1024, CVE-2020-1069 and CVE-2020-1102 are remote code execution vulnerabilities in Microsoft SharePoint. An adversary could exploit any of these vulnerabilities to gain the ability to execute arbitrary code on the victim machine or server, depending on the specific bug. For CVE-2020-1069, an attacker would need to upload a specially crafted packet to a SharePoint server to successfully exploit the bug. The remainder requires the user to open a specially crafted SharePoint file.

CVE-2020-1062 is a memory corruption vulnerability in the Internet Explorer web browser. A user could trigger this vulnerability when they visit a specially crafted, attacker-controlled web page. An adversary could construct the page in such a way that it would corrupt memory on the victim machine, allowing them to execute arbitrary code in the context of the current user. Microsoft's update addresses the way in which Explorer handles objects in memory.

The other critical vulnerabilities disclosed this month are:

Important vulnerabilities 

This release also included 95 important vulnerabilities, one of which we will highlight below.

CVE-2020-1103 is an information disclosure vulnerability in SharePoint that could allow an adversary to carry out cross-site search attacks. The vulnerability arises when users are logged in simultaneously to the same SharePoint server and visit a specially crafted web page. The attacker could then induce the browser to run search queries as the logged-in user, allowing them to obtain information on the logged-in user that could be used in subsequent attacks. 

The remainder of the important vulnerabilities are:

Important vulnerabilities 

There is one moderate vulnerability: CVE-2020-1037, a memory corruption vulnerability in the Chakra Scripting Engine.

Coverage  

In response to these vulnerability disclosures, Talos is releasing a new SNORTⓇ rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up-to-date by downloading the latest rule pack available for purchase on Snort.org.

These rules are: 53916 - 53919, 53924 - 53933, 53940, 53941, 53950, 53951

No comments:

Post a Comment