Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2020.0206.2 Microsoft Patch Tuesday update for Microsoft Windows for November 2020 16 November 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Windows Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Increased Privileges -- Existing Account Denial of Service -- Remote/Unauthenticated Provide Misleading Information -- Existing Account Unauthorised Access -- Remote/Unauthenticated Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2020-17113 CVE-2020-17110 CVE-2020-17109 CVE-2020-17108 CVE-2020-17107 CVE-2020-17106 CVE-2020-17105 CVE-2020-17102 CVE-2020-17101 CVE-2020-17090 CVE-2020-17088 CVE-2020-17087 CVE-2020-17086 CVE-2020-17082 CVE-2020-17081 CVE-2020-17079 CVE-2020-17078 CVE-2020-17077 CVE-2020-17076 CVE-2020-17075 CVE-2020-17074 CVE-2020-17073 CVE-2020-17071 CVE-2020-17070 CVE-2020-17069 CVE-2020-17068 CVE-2020-17057 CVE-2020-17056 CVE-2020-17055 CVE-2020-17051 CVE-2020-17049 CVE-2020-17047 CVE-2020-17046 CVE-2020-17045 CVE-2020-17044 CVE-2020-17043 CVE-2020-17042 CVE-2020-17041 CVE-2020-17040 CVE-2020-17038 CVE-2020-17037 CVE-2020-17036 CVE-2020-17035 CVE-2020-17034 CVE-2020-17033 CVE-2020-17032 CVE-2020-17031 CVE-2020-17030 CVE-2020-17029 CVE-2020-17028 CVE-2020-17027 CVE-2020-17026 CVE-2020-17025 CVE-2020-17024 CVE-2020-17014 CVE-2020-17013 CVE-2020-17012 CVE-2020-17011 CVE-2020-17010 CVE-2020-17007 CVE-2020-17004 CVE-2020-17001 CVE-2020-17000 CVE-2020-16999 CVE-2020-16998 CVE-2020-16997 CVE-2020-1599 Member content until: Friday, December 11 2020 Reference: ASB-2020.0197 ESB-2020.3800.2 ESB-2020.3685 ESB-2020.3676 Revision History: November 16 2020: CVE-2020-17049 was updated to address known issue, guidance for deploying issue has been updated November 11 2020: Initial Release OVERVIEW Microsoft has released its monthly security patch update for the month of November 2020. This update resolves 67 vulnerabilities across the following products: [1] AV1 Video Extension HEIF Image Extension HEVC Video Extensions Raw Image Extension WebP Image Extension Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1903 for 32-bit Systems Windows 10 Version 1903 for ARM64-based Systems Windows 10 Version 1903 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for x64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2019 Windows Server 2019 (Server Core installation) IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2020-1599 Spoofing Important CVE-2020-16997 Information Disclosure Important CVE-2020-16998 Elevation of Privilege Important CVE-2020-16999 Information Disclosure Important CVE-2020-17000 Information Disclosure Important CVE-2020-17001 Elevation of Privilege Important CVE-2020-17004 Information Disclosure Important CVE-2020-17007 Elevation of Privilege Important CVE-2020-17010 Elevation of Privilege Important CVE-2020-17011 Elevation of Privilege Important CVE-2020-17012 Elevation of Privilege Important CVE-2020-17013 Information Disclosure Important CVE-2020-17014 Elevation of Privilege Important CVE-2020-17024 Elevation of Privilege Important CVE-2020-17025 Elevation of Privilege Important CVE-2020-17026 Elevation of Privilege Important CVE-2020-17027 Elevation of Privilege Important CVE-2020-17028 Elevation of Privilege Important CVE-2020-17029 Information Disclosure Important CVE-2020-17030 Information Disclosure Important CVE-2020-17031 Elevation of Privilege Important CVE-2020-17032 Elevation of Privilege Important CVE-2020-17033 Elevation of Privilege Important CVE-2020-17034 Elevation of Privilege Important CVE-2020-17035 Elevation of Privilege Important CVE-2020-17036 Information Disclosure Important CVE-2020-17037 Elevation of Privilege Important CVE-2020-17038 Elevation of Privilege Important CVE-2020-17040 Security Feature Bypass Important CVE-2020-17041 Elevation of Privilege Important CVE-2020-17042 Remote Code Execution Critical CVE-2020-17043 Elevation of Privilege Important CVE-2020-17044 Elevation of Privilege Important CVE-2020-17045 Information Disclosure Important CVE-2020-17046 Denial of Service Low CVE-2020-17047 Denial of Service Important CVE-2020-17049 Security Feature Bypass Important CVE-2020-17051 Remote Code Execution Critical CVE-2020-17055 Elevation of Privilege Important CVE-2020-17056 Information Disclosure Important CVE-2020-17057 Elevation of Privilege Important CVE-2020-17068 Remote Code Execution Important CVE-2020-17069 Information Disclosure Important CVE-2020-17070 Elevation of Privilege Important CVE-2020-17071 Information Disclosure Important CVE-2020-17073 Elevation of Privilege Important CVE-2020-17074 Elevation of Privilege Important CVE-2020-17075 Elevation of Privilege Important CVE-2020-17076 Elevation of Privilege Important CVE-2020-17077 Elevation of Privilege Important CVE-2020-17078 Remote Code Execution Critical CVE-2020-17079 Remote Code Execution Critical CVE-2020-17081 Information Disclosure Important CVE-2020-17082 Remote Code Execution Critical CVE-2020-17086 Remote Code Execution Important CVE-2020-17087 Elevation of Privilege Important CVE-2020-17088 Elevation of Privilege Important CVE-2020-17090 Security Feature Bypass Important CVE-2020-17101 Remote Code Execution Critical CVE-2020-17102 Information Disclosure Important CVE-2020-17105 Remote Code Execution Critical CVE-2020-17106 Remote Code Execution Critical CVE-2020-17107 Remote Code Execution Critical CVE-2020-17108 Remote Code Execution Critical CVE-2020-17109 Remote Code Execution Critical CVE-2020-17110 Remote Code Execution Critical CVE-2020-17113 Information Disclosure Important CVE-2020-17049 has been updated to address a known issue with Kdc registry [2] MITIGATION Microsoft recommends updating the software to the latest available version available on the Microsoft Update Catalog. [1]. KB4586785, KB4586793, KB4586808, KB4586845, KB4586781 KB4586834, KB4586830, KB4586787, KB4586823, KB4586786 REFERENCES [1] Security Update Guide https://portal.msrc.microsoft.com/en-us/security-guidance [2] Kerberos KDC Security Feature Bypass Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBX7H/reNLKJtyKPYoAQgE8A//SO+3QURx/sSuCz8kJ6/5mOruTnczh5cr 5r2YoloAP2vone36Itr5MjJKeYHqXumyyjctc0E5xJkvEqAq90nNd32PZDFQOVGA O0sG6S/F7KNHJLiG0phxe58tpe+XS60dPzGyLOFpzv9NuSw7s01Ud+34yEWuIJ7+ GKMSJIdBFYxGbSF4vTb5+Gr5izcZR9rVxrasyyKsO+QgWqxQbKVvOV7oF5ZdCiRE 18yeWZ5pvs8RFEtW7watjnl6E9roZkpaalj59aM/XMBwv6JcOyZr2f9Kq4i4nXVe eu4p1IoGNgdZBna/nW+VOP0npo3qE8I+7bnybYxOIhfbzdk4XXDkWryX4X2JCmpI mcd7hZsg+VgDIyCJE8W80KYT5vH7P3Qw0lAWLd89jFprrrbRYnQzGgAW67zA4JSP NLvH+D8v/Fyp3JQ5BVK5biSJoCcHzGwW4amJeFxOkp/sxRiwq3FVvPrJpuL9/JR2 gI76/vcgkqY7nTcF6pABV7I7t931vplLuC6Ev70njwFGPLrDLxMDuaHti+eNca46 hxp0IPU8LgyPn4nNATZYuoq7zjuUS6Evv6LA2YvOr6paDT0icxcQzDwNSBejqkoK vuPydxXBoIo0dpV1wLpNS6n6S0EeXkxLn91DvGTDYbSCnVZsZN9BlS9SFNnLC7YW T7vKIvHEkac= =gIcE -----END PGP SIGNATURE-----