Tuesday, September 8, 2020

Microsoft Patch Tuesday for Sept. 2020 — Snort rules and prominent vulnerabilities



By Jon Munshaw. 

Microsoft released its monthly security update Tuesday, disclosing more than 120 vulnerabilities across its array of products. 

Twenty-three of the vulnerabilities are considered “critical" while the vast remainder are ranked as “important.” Users of all Microsoft and Windows products are urged to update their software as soon as possible to avoid possible exploitation of all these bugs.

The security updates cover several different products including the Microsoft Office suite of products, Windows Media Audo Decoder and the Hyper-V virtual machine software. 

Talos also released a new set of SNORTⓇ rules that provide coverage for some of these vulnerabilities. For complete details, check out the latest Snort advisory here

One of the most severe vulnerabilities exists in Microsoft COM. CVE-2020-0922 received a CVSS severity score of 8.8 out of a possible 10. An adversary could exploit this bug to gain the ability to remotely execute code on the victim machine after a user opens an attacker-controlled web page that contains specially crafted JavaScript. 

A similar attack vector could allow a user to exploit CVE-2020-1508 and CVE-2020-1593, both code execution bugs in Media Audio Decoder. If a user visits a specially crafted, attacker-controlled web page, the attacker could then take control of the affected system. 

The ChakraCore scripting engine also contains two remote code execution vulnerabilities that an attacker could use to execute code in the context of the current user. CVE-2020-1057 and CVE-2020-1172 both address how the scripting engine handles objects in memory. 

Among the important vulnerabilities, we would like to highlight four vulnerabilities in Office products — three that affect Excel and one that affects Word. CVE-2020-1193, CVE-2020-1218, CVE-2020-1332 and CVE-2020-1594 are all likely to be exploited via phishing emails with malicious attachments. If a user were to open one of these attachments for the corresponding affected software, the adversary could then gain the ability to execute code on the victim machine.

Talos specifically discovered one vulnerability: CVE-2020-1115, a privilege escalation vulnerability in the Windows 10 Common Log File System.

For a complete list of all the vulnerabilities Microsoft disclosed this month, check out their update page.

In response to these vulnerability disclosures, Talos is releasing a new SNORTⓇ rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org. 

The rules included in this release that protect against the exploitation of many of these vulnerabilities are 55139 - 55146, 55161, 55162, 55187, 55188 and 55206. 

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.