By Jon Munshaw, with contributions from Alex McDonnell and Nick Biasini.
Microsoft released its monthly security update Tuesday, disclosing just under 100 vulnerabilities across its array of products.
Fourteen of the vulnerabilities are considered “critical" while the vast remainder are ranked as “important.” Users of all Microsoft and Windows products are urged to update their software as soon as possible to avoid possible exploitation of all these bugs.
The security updates cover several different products including the SharePoint document management system, Azure Sphere and the Windows camera codec, which allows users to view a variety of video files on their machines.
Talos also released a new set of SNORTⓇ rules that provide coverage for some of these vulnerabilities. For complete details, check out the latest Snort advisory here.
Talos would like to specifically highlight two remote code execution vulnerabilities in SharePoint. CVE-2020-16951 and CVE-2020-16952 exists when SharePoint improperly checks the source markup of an application package. An adversary could exploit these bugs to run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.
There are also two newly discovered vulnerabilities in the Windows 10 operating system that could allow a remote, unauthenticated attacker to send a crafted IPv6 packet and either crash a Windows system (CVE-2020-16899) or execute code on the target system (CVE-2020-16898). CVE-2020-16898 is more likely to be exploited on the latest software release and older versions of Windows than 16899, according to Microsoft.
Also worth noting is CVE-2020-16891, a remote code execution vulnerability in Windows Hyper-V that could allow an attacker to cause the Hyper-V host operating system to execute arbitrary code.
For a complete list of all the vulnerabilities Microsoft disclosed this month, check out its update page.
In response to these vulnerability disclosures, Talos is releasing a new SNORTⓇ rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.
The rules included in this release that protect against the exploitation of many of these vulnerabilities are 55942, 55943, 55979, 55980, 55982 - 55984, 55989, 55990, 55993 and 55994.