Tuesday, November 10, 2020

Microsoft Patch Tuesday for Nov. 2020 — Snort rules and prominent vulnerabilities

 

By Jon Munshaw, with contributions from Joe Marshall.

Microsoft released its monthly security update Tuesday, disclosing just over 110 vulnerabilities across its products. This is a slight jump from last month when Microsoft disclosed one of their lowest vulnerability totals in months.  

Eighteen of the vulnerabilities are considered “critical" while the vast remainder are ranked as “important,” with two also considered of “low” importance. Users of all Microsoft and Windows products are urged to update their software as soon as possible to avoid possible exploitation of all these bugs.  

The security updates cover several different products and services, including the HEVC video file extension, the Azure Sphere platform and Microsoft Exchange servers.

Talos also released a new set of SNORTⓇ rules that provide coverage for some of these vulnerabilities. For complete details, check out the latest Snort advisory here

One of the most serious vulnerabilities exists in the Windows Network File System. CVE-2020-17051 received a CVSS severity score of 9.8 out of a possible 10. An adversary could exploit this vulnerability to execute remote code on the victim machine, without any user interaction or stolen credentials from the victim machine.  

There is also a remote code execution vulnerability (CVE-2020-17042) in the Windows print spooler features, one of the oldest features across Windows machines. This vulnerability affects versions of the Windows operating system and Windows Server dating back several years, including some versions of Windows 7 and Windows Server 2008.  

The Microsoft scripting engine also contains a critical vulnerability that could allow an adversary to corrupt memory in a way that would allow them to remotely execute code. CVE-2020-17052 can be exploited by tricking a user into opening an attacker-created web page on some versions of Internet Explorer or Microsoft Edge, which can corrupt the victim machine’s memory and open the door for additional attacks. 

This month’s release also contains official patches for multiple vulnerabilities in Microsoft Azure Sphere that Cisco Talos researchers discovered. For more information on these bugs, check out our other blog post here. These vulnerabilities could lead to a variety of conditions, including providing adversaries the ability to remotely execute code and to expose otherwise sensitive information. 

For a complete list of all the vulnerabilities Microsoft disclosed this month, check out its update page

In response to these vulnerability disclosures, Talos is releasing a new SNORTⓇ rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org. 

The rules included in this release that protect against the exploitation of many of these vulnerabilities are 56161 - 56264, 56230, 56231, 56254, 56255, 56286 - 56289, 56295, 56296, 56309, 56301 - 56305, 56310 and 56312. 

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.