Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2020.0120
Microsoft Patch Day for July 2020 includes 95
vulnerabilities, including the wormable "SIGRed"
15 July 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Windows
Operating System: Windows
Impact/Access: Administrator Compromise -- Remote/Unauthenticated
Execute Arbitrary Code/Commands -- Remote with User Interaction
Increased Privileges -- Existing Account
Access Privileged Data -- Existing Account
Modify Arbitrary Files -- Existing Account
Denial of Service -- Remote/Unauthenticated
Provide Misleading Information -- Remote/Unauthenticated
Access Confidential Data -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2020-1468 CVE-2020-1463 CVE-2020-1438
CVE-2020-1437 CVE-2020-1436 CVE-2020-1435
CVE-2020-1434 CVE-2020-1431 CVE-2020-1430
CVE-2020-1429 CVE-2020-1428 CVE-2020-1427
CVE-2020-1426 CVE-2020-1424 CVE-2020-1423
CVE-2020-1422 CVE-2020-1421 CVE-2020-1420
CVE-2020-1419 CVE-2020-1418 CVE-2020-1415
CVE-2020-1414 CVE-2020-1413 CVE-2020-1412
CVE-2020-1411 CVE-2020-1410 CVE-2020-1409
CVE-2020-1408 CVE-2020-1407 CVE-2020-1406
CVE-2020-1405 CVE-2020-1404 CVE-2020-1402
CVE-2020-1401 CVE-2020-1400 CVE-2020-1399
CVE-2020-1398 CVE-2020-1397 CVE-2020-1396
CVE-2020-1395 CVE-2020-1394 CVE-2020-1393
CVE-2020-1392 CVE-2020-1391 CVE-2020-1390
CVE-2020-1389 CVE-2020-1388 CVE-2020-1387
CVE-2020-1386 CVE-2020-1385 CVE-2020-1384
CVE-2020-1382 CVE-2020-1381 CVE-2020-1375
CVE-2020-1374 CVE-2020-1373 CVE-2020-1372
CVE-2020-1371 CVE-2020-1370 CVE-2020-1369
CVE-2020-1368 CVE-2020-1367 CVE-2020-1366
CVE-2020-1365 CVE-2020-1364 CVE-2020-1363
CVE-2020-1362 CVE-2020-1361 CVE-2020-1360
CVE-2020-1359 CVE-2020-1358 CVE-2020-1357
CVE-2020-1356 CVE-2020-1355 CVE-2020-1354
CVE-2020-1353 CVE-2020-1352 CVE-2020-1351
CVE-2020-1350 CVE-2020-1347 CVE-2020-1346
CVE-2020-1344 CVE-2020-1336 CVE-2020-1333
CVE-2020-1330 CVE-2020-1267 CVE-2020-1249
CVE-2020-1085 CVE-2020-1043 CVE-2020-1042
CVE-2020-1041 CVE-2020-1040 CVE-2020-1036
CVE-2020-1032
Member content until: Friday, August 14 2020
OVERVIEW
Microsoft has released its monthly security patch update for the
month of July 2020.
This update resolves the wormable vulnerability "SIGRed", CVE-2020-1350,
as well as 94 other vulnerabilities. [1]
SIGRed affects Windows servers which are configured as DNS servers. [2]
A mitigation is available if the patch cannot be applied "right away".
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1709 for 32-bit Systems
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 Version 1709 for x64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
IMPACT
Microsoft has given the following details regarding these vulnerabilities.
Details Impact Severity
ADV200008 Tampering Important
CVE-2020-1032 Remote Code Execution Critical
CVE-2020-1036 Remote Code Execution Critical
CVE-2020-1040 Remote Code Execution Critical
CVE-2020-1041 Remote Code Execution Critical
CVE-2020-1042 Remote Code Execution Critical
CVE-2020-1043 Remote Code Execution Critical
CVE-2020-1085 Elevation of Privilege Important
CVE-2020-1249 Elevation of Privilege Important
CVE-2020-1267 Denial of Service Important
CVE-2020-1330 Information Disclosure Important
CVE-2020-1333 Elevation of Privilege Important
CVE-2020-1336 Elevation of Privilege Important
CVE-2020-1344 Elevation of Privilege Important
CVE-2020-1346 Elevation of Privilege Important
CVE-2020-1347 Elevation of Privilege Important
CVE-2020-1350 Remote Code Execution Critical
CVE-2020-1351 Information Disclosure Important
CVE-2020-1352 Elevation of Privilege Important
CVE-2020-1353 Elevation of Privilege Important
CVE-2020-1354 Elevation of Privilege Important
CVE-2020-1355 Remote Code Execution Important
CVE-2020-1356 Elevation of Privilege Important
CVE-2020-1357 Elevation of Privilege Important
CVE-2020-1358 Information Disclosure Important
CVE-2020-1359 Elevation of Privilege Important
CVE-2020-1360 Elevation of Privilege Important
CVE-2020-1361 Information Disclosure Important
CVE-2020-1362 Elevation of Privilege Important
CVE-2020-1363 Elevation of Privilege Important
CVE-2020-1364 Denial of Service Important
CVE-2020-1365 Elevation of Privilege Important
CVE-2020-1366 Elevation of Privilege Important
CVE-2020-1367 Information Disclosure Important
CVE-2020-1368 Elevation of Privilege Important
CVE-2020-1369 Elevation of Privilege Important
CVE-2020-1370 Elevation of Privilege Important
CVE-2020-1371 Elevation of Privilege Important
CVE-2020-1372 Elevation of Privilege Important
CVE-2020-1373 Elevation of Privilege Important
CVE-2020-1374 Remote Code Execution Critical
CVE-2020-1375 Elevation of Privilege Important
CVE-2020-1381 Elevation of Privilege Important
CVE-2020-1382 Elevation of Privilege Important
CVE-2020-1384 Elevation of Privilege Important
CVE-2020-1385 Elevation of Privilege Important
CVE-2020-1386 Information Disclosure Important
CVE-2020-1387 Elevation of Privilege Important
CVE-2020-1388 Elevation of Privilege Important
CVE-2020-1389 Information Disclosure Important
CVE-2020-1390 Elevation of Privilege Important
CVE-2020-1391 Information Disclosure Important
CVE-2020-1392 Elevation of Privilege Important
CVE-2020-1393 Elevation of Privilege Important
CVE-2020-1394 Elevation of Privilege Important
CVE-2020-1395 Elevation of Privilege Important
CVE-2020-1396 Elevation of Privilege Important
CVE-2020-1397 Information Disclosure Important
CVE-2020-1398 Elevation of Privilege Important
CVE-2020-1399 Elevation of Privilege Important
CVE-2020-1400 Remote Code Execution Important
CVE-2020-1401 Remote Code Execution Important
CVE-2020-1402 Elevation of Privilege Important
CVE-2020-1404 Elevation of Privilege Important
CVE-2020-1405 Elevation of Privilege Important
CVE-2020-1406 Elevation of Privilege Important
CVE-2020-1407 Remote Code Execution Important
CVE-2020-1408 Remote Code Execution Important
CVE-2020-1409 Remote Code Execution Critical
CVE-2020-1410 Remote Code Execution Critical
CVE-2020-1411 Elevation of Privilege Important
CVE-2020-1412 Remote Code Execution Important
CVE-2020-1413 Elevation of Privilege Important
CVE-2020-1414 Elevation of Privilege Important
CVE-2020-1415 Elevation of Privilege Important
CVE-2020-1418 Elevation of Privilege Important
CVE-2020-1419 Information Disclosure Important
CVE-2020-1420 Information Disclosure Important
CVE-2020-1421 Remote Code Execution Critical
CVE-2020-1422 Elevation of Privilege Important
CVE-2020-1423 Elevation of Privilege Important
CVE-2020-1424 Elevation of Privilege Important
CVE-2020-1426 Information Disclosure Important
CVE-2020-1427 Elevation of Privilege Important
CVE-2020-1428 Elevation of Privilege Important
CVE-2020-1429 Elevation of Privilege Important
CVE-2020-1430 Elevation of Privilege Important
CVE-2020-1431 Elevation of Privilege Important
CVE-2020-1434 Elevation of Privilege Important
CVE-2020-1435 Remote Code Execution Critical
CVE-2020-1436 Remote Code Execution Critical
CVE-2020-1437 Elevation of Privilege Important
CVE-2020-1438 Elevation of Privilege Important
CVE-2020-1463 Elevation of Privilege Important
CVE-2020-1468 Information Disclosure Important
[1]
MITIGATION
For "SIGRed" CVE-2020-1350, Microsoft advises mitigating or patching
"right away".
Microsoft has provided a mitigation registry key which can be applied
immediately, as well as a complete fix as a software update. [2]
Microsoft recommends updating the software with the version
made available on the Microsoft Update Catalogue for the following
Knowledge Base articles. [1]
KB4565540, KB4565489, KB4565511, KB4565541, KB4565483
KB4565535, KB4565513, KB4565508, KB4565554, KB4565524
KB4565537, KB4565912, KB4566785, KB4566426, KB4566425
KB4558998, KB4565503, KB4565552, KB4558997, KB4565911
KB456555
REFERENCES
[1] Microsoft Security Update Guide
https://portal.msrc.microsoft.com/en-us/security-guidance
[2] CVE-2020-1350 (SIGRed)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350
[3] Checkpoint: SIGRed
https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin:-exploiting-a-17-year-old-bug-in-windows-dns-servers/
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXw5bxuNLKJtyKPYoAQjl8w/+JtoCVARTEIUflRgXmcADsNuWNfwrmlIa
zJ04AmYJ0UTmTepWR3iwFIuV/mx3M0xfh07UbN2pPy+NtzrrtBel7CXW1OhKxDsh
ZLew4O1R3N0h8PXlpL+Oxm34Yt1h0TKFNnvX2gx+hFhIM71xEoKPnFOXUuFNzMnk
CcCYgHAzeFz+P6+/NadxP066qaAp1g6bAzmifaN45ioJ8f1aQWwDZ/M5HiL8EEen
5CB1jipsrO4NsDxgEoGNpJUS+vpPVURI01xm5+l8QIkjvzyy0ghM0wERX+hW5Eux
aQETkGlYFpKY3/SzaVawwqJtYxGWvKo44gFPAR1bXDD51nP+xNM6peyY5AnRAv4q
OMfjSWyR6awOp99FLtq+jXejal5cf9dscw2SAZ/9Hj5UZsrWUcrisqwkWGSM85KC
hI/FHJr2xeYx2jGo5HbypP2lHId5blL7OkSeGuJxPiMFt0iPlvY4LXCZkj/ZynH7
eUe2i6X+jMq9Og3nF/ETYZR7FuZihJFxmZ4ovlLnDlrMv/G9XO1uLR1yONjHpPk5
CG4zcD8RK7123SOoCCbkHSYB55eigZXwivr+6K5wobS0DjBIoD4b27GY/WpWnt4T
k+79GloqLpoZnbnoKWuFXZDnOEDKtZU3tob9rgxDEbmFSXfWjHKCYYEUDTyx3k7A
eQVIICPPQXc=
=HjMV
-----END PGP SIGNATURE-----