– CVE-2020-16898 – Windows TCP/IP Remote Code Execution Vulnerability
This patch corrects a problem in the TCP/IP stack caused by the way it handles ICMPv6 router advertisements. A specially crafted ICMPv6 router advertisement could cause code execution on an affected system. Since the code execution occurs in the TCP/IP stack, it is assumed the attacker could execute arbitrary code with elevated privileges. If you’re running an IPv6 network, you know that filtering router advertisements is not a practical workaround. Microsoft also gives this bug its highest exploitability rating, so exploits are likely. You should definitely test and deploy this patch as soon as possible.
– CVE-2020-16947 – Microsoft Outlook Remote Code Execution Vulnerability
This vulnerability was reported through the ZDI program, and it could allow code execution on affected versions of Outlook just by viewing a specially crafted e-mail. The Preview Pane is an attack vector here, so you don’t even need to open the mail to be impacted. The specific flaw exists within the parsing of HTML content in an email. The issue results from the lack of proper validation of the length of user-supplied data before copying it to a fixed-length heap-based buffer. Although Microsoft gives this an XI rating of 2, we have a working proof-of-concept. Patch this one quickly.
– CVE-2020-16891 – Windows Hyper-V Remote Code Execution Vulnerability
This patch corrects a bug that allows an attacker to run a specially crafted program on an affected guest OS to execute arbitrary code on the host OS. The write up doesn’t say at what permission level the code execution occurs, but that shouldn’t stop you from rolling this out to your Hyper-V servers quickly.
– CVE-2020-16909 – Windows Error Reporting Elevation of Privilege Vulnerability
This is one of the six bugs listed as publicly known for this month. The patch corrects an escalation of privilege (EoP) in the Windows Error Reporting (WER) component that could allow an authenticated attacker to execute arbitrary code with escalated privileges. Although this CVE is not listed as being publicly exploited, bugs in this component have been reported as being used in the wild in fileless attacks. Regardless, this and the other bugs in the WER component being fixed this month should not be ignored.