Microsoft released its updated version recently for its users. It fixed 120 vulnerabilities in 13 products in this new version. Out of these 120, 17 are rated as most critical. The rate at which Microsoft is patching its vulnerabilities is probably putting a lot of pressure on its CVE team.
Out of the patched vulnerabilities so far, two were reported as zero-days- CVE-2020-1464 and CVE-2020-1380.
The first bug CVE-2020-1464 affects the Windows Operating system. It exploits a problem in which windows validate file signatures. The attacker can bypass security and present spoofed signatures to trick the operating system into thinking it is legitimate. Microsoft has not made much information public about this vulnerability to ensure no misuse of the information by hackers.
The second bug CVE-2020-1380 is a Remote Code Execution (REC) bug. The vulnerability is present in the scripting engine in the Internet Explorer. The vulnerability could corrupt memory so that it could give the attacker access to execute arbitrary code in the context of the current user.
An already designed website could be used to exploit the bug and convince the target to view it. The attacker also had the power to embed an ActiveX control marked “safe for initialization” in an engine of the Microsoft Office document that hosts the IE rendering engine. The attacker could successfully access gain to affected systems, install programs, create new accounts with full user rights, and perform many other privileged actions. It also impacts other Microsoft apps like Microsoft office suite. Kaspersky, an internet security firm, traced the bug.
Some other major bugs that were fixed were:
CVE-2020-1046 is a remote code execution vulnerability that exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. The attacker would need to be able to upload a specially crafted file to a web application to exploit this vulnerability.
CVE-2020-1472 exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. An unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access to exploit this vulnerability.
CVE-2020-1585 is a remote code execution bug that exploits a vulnerability in the way Microsoft Windows Codecs Library handles objects in memory. By exploiting this vulnerability, an attacker could take full control of the affected system. This could give the attacker access to install programs, modify data, or create new accounts with full user rights. However, a required condition is that a program must possess a specially crafted image file.
CVE-2020-1530 vulnerability occurs when Windows Remote Access improperly handles memory. An attacker would first have to gain execution on the victim system to exploit this vulnerability. An attacker could then run a specially crafted application to elevate privileges.
The list is enormous, and one update addresses all these vulnerabilities. The rate at which Microsoft is patching the exploits is predicted to reach more than 1300 vulnerabilities in one year.