Microsoft security alert.
September 8, 2020
Advisory overview
Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 127 vulnerabilities that were fixed in 12 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 12 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Microsoft Internet Explorer Security Update for September 2020
- Severity
- Critical 4
- Qualys ID
- 100410
- Vendor Reference
- KB4570333, KB4571756, KB4574727, KB4577010, KB4577015, KB4577032, KB4577038, KB4577041, KB4577049, KB4577051, KB4577064, KB4577066
- CVE Reference
- CVE-2020-0878, CVE-2020-1012, CVE-2020-1506
- CVSS Scores
- Base 6.8 / Temporal 5.6
- Description
-
Microsoft releases the security update for Internet Explorer September 2020
The KB Articles associated with the update:
KB4577038
KB4577010
KB4577015
KB4577066
KB4577041
KB4570333
KB4571756
KB4577032
KB4577064
KB4574727
KB4577049
KB4577051
QID Detection Logic (Authenticated):
This QID checks for the file version of Mshtml.dll
The following versions of Mshtml.dll with their corresponding KBs are verified:
KB4577038 - 10.0.9200.22975 , 11.0.9600.19811
KB4577010 - 9.0.8112.21488 , 11.0.9600.19811
KB4577015 - 11.0.14393.3930
KB4577066 - 11.0.9600.19811
KB4577041 - 11.0.16299.2107
KB4570333 - 11.0.17763.1457
KB4571756 - 11.0.19041.508
KB4577032 - 11.0.17134.1726
KB4577064 - 9.0.8112.21488
KB4574727 - 11.0.18362.1082
KB4577049 - 11.0.10240.18666
KB4577051 - 11.0.9600.19811
- Consequence
- An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
- Solution
-
Please refer to the Security Update Guide for more information pertaining to these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Security Update Guide Windows
-
Microsoft SharePoint Foundation and SharePoint Server Update September 2020
- Severity
- Critical 4
- Qualys ID
- 110360
- Vendor Reference
- KB3101523, KB4484480, KB4484488, KB4484504, KB4484505, KB4484506, KB4484512, KB4484514, KB4484515, KB4484516, KB4484525, KB4484528, KB4486664, KB4486667
- CVE Reference
- CVE-2020-1198, CVE-2020-1200, CVE-2020-1205, CVE-2020-1210, CVE-2020-1218, CVE-2020-1224, CVE-2020-1227, CVE-2020-1335, CVE-2020-1338, CVE-2020-1345, CVE-2020-1440, CVE-2020-1452, CVE-2020-1453, CVE-2020-1460, CVE-2020-1482, CVE-2020-1514, CVE-2020-1523, CVE-2020-1575, CVE-2020-1576, CVE-2020-1595
- CVSS Scores
- Base 7.5 / Temporal 6.2
- Description
-
Microsoft has released September 2020 security updates to fix multiple security vulnerabilities.
This security update contains the following KBs:
KB4484506
KB4484505
KB4486667
KB4484525
KB4484515
KB4484488
KB4484504
KB4486664
KB4484512
KB4484480
KB4484514
KB4484528
KB3101523
KB4484516QID Detection Logic:
This authenticated QID checks the file versions from above Microsoft KB article with the versions on affected SharePoint system. - Consequence
-
Successful exploitation allows an attacker to execute code remotely.
- Solution
-
Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft SharePoint Foundation and SharePoint Server September 2020
-
Microsoft Office and Microsoft Office Services and Web Apps Security Update September 2020
- Severity
- Critical 4
- Qualys ID
- 110361
- Vendor Reference
- KB4484466, KB4484469, KB4484481, KB4484503, KB4484507, KB4484510, KB4484513, KB4484517, KB4484518, KB4484522, KB4484526, KB4484530, KB4484532, KB4484533, KB4486660, KB4486661, KB4486665
- CVE Reference
- CVE-2020-1193, CVE-2020-1210, CVE-2020-1218, CVE-2020-1224, CVE-2020-1332, CVE-2020-1335, CVE-2020-1338, CVE-2020-1594, CVE-2020-16855
- CVSS Scores
- Base 6.8 / Temporal 5.6
- Description
-
Microsoft has released September 2020 security updates to fix multiple security vulnerabilities.
This security update contains the following KBs:
KB4484466
KB4484530
KB4484469
KB4484507
KB4486665
KB4484526
KB3101523
KB4484503
KB4484510
KB4484533
KB4486661
KB4484481
KB4486660
KB4484522
KB4484518
KB4484513
KB4484532
KB4484517QID Detection Logic:
This authenticated QID checks the file versions from above Microsoft KB article with the versions on affected office system. - Consequence
-
Successful exploitation allows an attacker to execute code remotely.
- Solution
-
Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Office and Microsoft Office Services and Web Apps Security Update September 2020
-
Microsoft Exchange Server Security Update for September 2020
- Severity
- Critical 4
- Qualys ID
- 50101
- Vendor Reference
- KB4577352
- CVE Reference
- CVE-2020-16875
- CVSS Scores
- Base 9 / Temporal 7.4
- Description
-
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory. Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Exchange server.
The security update addresses the vulnerability by correcting how Microsoft Exchange handles objects in memory.
Affected Software:
Microsoft Exchange Server 2016 Cumulative Update 16
Microsoft Exchange Server 2016 Cumulative Update 17
Microsoft Exchange Server 2019 Cumulative Update 5
Microsoft Exchange Server 2019 Cumulative Update 6KB articles covered: 4577352.
QID Detection Logic (authenticated):
The QID checks for the version of file Exsetup.exe if it is lesser than:
The version for Microsoft Exchange Server 2016 Cumulative Update 16 is 15.1.1979.6
The version for Microsoft Exchange Server 2016 Cumulative Update 17 is 15.1.2044.6
The version for Microsoft Exchange Server 2019 Cumulative Update 5 is 15.2.595.6
The version for Microsoft Exchange Server 2019 Cumulative Update 6 is 15.2.659.6 - Consequence
-
Successful exploitation allows a remote attacker to run arbitrary code in the context of the System user. An attacker could then install programs; view, change, or delete data; or create new accounts.
- Solution
-
Customers are advised to refer to CVE-2020-16875 for information pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Download Security Update For Exchange Server 2016 Cumulative Update 16 (KB4577352) Windows
Download Security Update For Exchange Server 2016 Cumulative Update 17 (KB4577352) Windows
Download Security Update For Exchange Server 2019 Cumulative Update 5 (KB4577352) Windows
Download Security Update For Exchange Server 2019 Cumulative Update 6 (KB4577352) WIndows
-
Microsoft Dynamics 365 Security Update for September 2020
- Severity
- Critical 4
- Qualys ID
- 91672
- Vendor Reference
- CVE-2020-16857, CVE-2020-16858, CVE-2020-16859, CVE-2020-16860, CVE-2020-16861, CVE-2020-16862, CVE-2020-16864, CVE-2020-16871, CVE-2020-16872, CVE-2020-16878
- CVE Reference
- CVE-2020-16857, CVE-2020-16858, CVE-2020-16859, CVE-2020-16860, CVE-2020-16861, CVE-2020-16862, CVE-2020-16864, CVE-2020-16871, CVE-2020-16872, CVE-2020-16878
- CVSS Scores
- Base 6.5 / Temporal 4.8
- Description
-
Multiple cross site scripting vulnerabilities exist when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server.
Multiple remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server.
Affected Versions:
Microsoft Dynamics 365 (on-premises) version 8.2
Microsoft Dynamics 365 (on-premises) version 9.0KB Articles: KB4574742, KB4577501
QID Detection Logic:
This authenticated QID flags vulnerable systems by detecting Microsoft.Crm.Setup.Server.exe versions lesser than:
Microsoft Dynamics 365 (on-premises) version 8.2: 8.2.22.14
Microsoft Dynamics 365 (on-premises) version 9.0: 9.0.20.7 - Consequence
- Successful exploitation allows an attacker to execute remote code.
- Solution
-
Customers are advised to refer to KB4577501, KB4574742 for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB4574742
KB4577501
-
Microsoft SQL Server Reporting Services Update for September 2020
- Severity
- Serious 3
- Qualys ID
- 91673
- Vendor Reference
- CVE-2020-1044
- CVE Reference
- CVE-2020-1044
- CVSS Scores
- Base 4 / Temporal 3
- Description
-
A security feature bypass vulnerability exists in SQL Server Reporting Services (SSRS) when the server improperly validates attachments uploaded to reports. To exploit the vulnerability, an authenticated attacker would need to send a specially crafted request to an affected SSRS server.
The update addresses the vulnerability by modifying how SSRS validates attachment uploads.
Affected Software:
SQL Server 2017 Reporting Services
SQL Server 2019 Reporting ServicesQID Detection Logic:
This authenticated QID detects vulnerable file versions of the above mentioned software by fetching SSRS\ReportServer\bin\ReportingServicesService.exe file versions from the HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\SSRS\Setup registry key
SQL Server 2017 Reporting Services: lesser than 2017.140.600.1669.
SQL Server 2019 Reporting Services: lesser than 2018.150.1102.861 - Consequence
-
Successful exploitation allows an authenticated attacker to bypass security restrictions to upload file types that were disallowed by an administrator.
- Solution
-
Customers are advised to refer to CVE-2020-1044 for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
SQL Server 2017 Reporting Services Windows
SQL Server 2019 Reporting Services Windows
-
Microsoft Windows Security Update for September 2020
- Severity
- Critical 4
- Qualys ID
- 91674
- Vendor Reference
- KB4570333, KB4571756, KB4574727, KB4577015, KB4577032, KB4577038, KB4577041, KB4577048, KB4577049, KB4577051, KB4577053, KB4577064, KB4577066, KB4577070, KB4577071
- CVE Reference
- CVE-2020-0648, CVE-2020-0664, CVE-2020-0718, CVE-2020-0761, CVE-2020-0766, CVE-2020-0782, CVE-2020-0790, CVE-2020-0805, CVE-2020-0836, CVE-2020-0837, CVE-2020-0838, CVE-2020-0839, CVE-2020-0856, CVE-2020-0870, CVE-2020-0875, CVE-2020-0886, CVE-2020-0890, CVE-2020-0904, CVE-2020-0908, CVE-2020-0911, CVE-2020-0912, CVE-2020-0914, CVE-2020-0921, CVE-2020-0922, CVE-2020-0928, CVE-2020-0941, CVE-2020-0951, CVE-2020-0989, CVE-2020-0997, CVE-2020-0998, CVE-2020-1013, CVE-2020-1030, CVE-2020-1031, CVE-2020-1033, CVE-2020-1034, CVE-2020-1038, CVE-2020-1039, CVE-2020-1052, CVE-2020-1053, CVE-2020-1074, CVE-2020-1083, CVE-2020-1091, CVE-2020-1097, CVE-2020-1098, CVE-2020-1115, CVE-2020-1119, CVE-2020-1122, CVE-2020-1129, CVE-2020-1130, CVE-2020-1133, CVE-2020-1146, CVE-2020-1152, CVE-2020-1159, CVE-2020-1162, CVE-2020-1169, CVE-2020-1228, CVE-2020-1245, CVE-2020-1250, CVE-2020-1252, CVE-2020-1256, CVE-2020-1285, CVE-2020-1303, CVE-2020-1308, CVE-2020-1319, CVE-2020-1376, CVE-2020-1471, CVE-2020-1491, CVE-2020-1507, CVE-2020-1508, CVE-2020-1532, CVE-2020-1559, CVE-2020-1589, CVE-2020-1590, CVE-2020-1592, CVE-2020-1593, CVE-2020-1596, CVE-2020-1598, CVE-2020-16854, CVE-2020-16879
- CVSS Scores
- Base 9.3 / Temporal 7.7
- Description
-
Microsoft releases the security update for Windows September 2020
The KB Articles associated with the update:
KB4577038
KB4577015
KB4577066
KB4577071
KB4577041
KB4577070
KB4570333
KB4577032
KB4577053
KB4577064
KB4574727
KB4577049
KB4577051
KB4577048
KB4571756
QID Detection Logic (Authenticated):
This QID checks for the file version of ntoskrnl.exe
The following versions of ntoskrnl.exe with their corresponding KBs are verified:
KB4577038 - 6.2.9200.23149
KB4577015 - 10.0.14393.3930
KB4577066 - 6.3.9600.19812
KB4577071 - 6.3.9600.19812
KB4577041 - 10.0.16299.2107
KB4577070 - 6.0.6003.20933
KB4570333 - 10.0.17763.1457
KB4577032 - 10.0.17134.1726
KB4577053 - 6.1.7601.24560
KB4577064 - 6.0.6003.20933
KB4574727 - 10.0.18362.1082
KB4577049 - 10.0.10240.18696
KB4577051 - 6.1.7601.24560
KB4577048 - 6.2.9200.23149
- Consequence
- An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of an affected system.
- Solution
-
Please refer to the Security Update Guide for more information pertaining to these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
Microsoft Security Update Guide Windows
-
Microsoft Visual Studio Security Update for September 2020
- Severity
- Critical 4
- Qualys ID
- 91675
- Vendor Reference
- CVE-2020-1130, CVE-2020-1133, CVE-2020-16856, CVE-2020-16874
- CVE Reference
- CVE-2020-1130, CVE-2020-1133, CVE-2020-16856, CVE-2020-16874
- CVSS Scores
- Base 9.3 / Temporal 6.9
- Description
-
Microsoft has released security update for Visual Studio which resolves multiple security vulnerabilities.
Affected Software:
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)
Microsoft Visual Studio 2019 version 16.7 (includes 16.0 - 16.6)
Microsoft Visual Studio 2019 version 16.0
Microsoft Visual Studio 2015 Update 3
Microsoft Visual Studio 2013 Update 5
Microsoft Visual Studio 2012 Update 5
QID Detection Logic:Authenticated
This QID detects vulnerable versions of Microsoft Visual Studio by checking file version of devenv.exe. - Consequence
- Successful exploitation can affect confidentiality, integrity and availability.
- Solution
-
Customers are advised to refer to CVE-2020-16856,CVE-2020-1133,CVE-2020-16874,CVE-2020-1130 for more information pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2020-1130 WIndows
CVE-2020-1133 WIndows
CVE-2020-16856 WIndows
CVE-2020-16874 WIndows
-
Microsoft OneDrive for Windows Elevation of Privilege Vulnerability
- Severity
- Critical 4
- Qualys ID
- 91676
- Vendor Reference
- CVE-2020-16851, CVE-2020-16852, CVE-2020-16853
- CVE Reference
- CVE-2020-16851, CVE-2020-16852, CVE-2020-16853
- CVSS Scores
- Base 3.6 / Temporal 2.7
- Description
-
Microsoft has released security update for One Drive which resolves multiple security vulnerabilities.
Affected Software:
OneDrive for Windows - Version prior to 20.143.0716.0003QID Detection Logic(Authenticated)
This authenticated QID detects vulnerable versions by checking file version of OneDrive.exe lower than 20.143.0716.0003 and 20.114.0607.0002 - Consequence
- An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file with an elevated status.
- Solution
-
Customers are advised to refer to CVE-2020-16851,CVE-2020-16852,CVE-2020-16853 for more information pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2020-16851 WIndows
CVE-2020-16852 WIndows
CVE-2020-16853 WIndows
-
Microsoft ASP.NET Core Security Feature Bypass Vulnerability September 2020
- Severity
- Serious 3
- Qualys ID
- 91677
- Vendor Reference
- CVE-2020-1045
- CVE Reference
- CVE-2020-1045
- CVSS Scores
- Base 5 / Temporal 3.9
- Description
-
A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.
This security update is rated Important for supported versions of Microsoft .NET Framework.
Affected versions:
.NET Core 2.1.x prior to 2.1.22
.NET Core 3.1.x prior to 3.1.8QID Detection Logic (Authenticated):
The qid looks for sub directories under %programfiles%\dotnet\shared\Microsoft.NETCore.App, %programfiles(x86)%\dotnet\shared\Microsoft.NETCore.App and checks for vulnerable versions in .version file on windows. - Consequence
- Successful exploitation allows attacker to bypass the security feature and allows set a second cookie with the name being percent encoded.
- Solution
-
Customers are advised to refer to CVE-2020-1045 for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
.Net Core 2.1
.Net Core 3.1
-
Microsoft Edge Security Update for September 2020
- Severity
- Critical 4
- Qualys ID
- 91678
- Vendor Reference
- KB4570333, KB4571756, KB4574727, KB4577015, KB4577032, KB4577041, KB4577049
- CVE Reference
- CVE-2020-0878, CVE-2020-1057, CVE-2020-1172, CVE-2020-1180
- CVSS Scores
- Base 9.3 / Temporal 7.7
- Description
-
Microsoft releases the security update for Microsoft Edge September 2020
The KB Articles associated with the update:
KB4577032
KB4570333
KB4574727
KB4577041
KB4571756
KB4577049
KB4577015
QID Detection Logic:Authenticated
This QID checks for the file version of edgehtml.dll - Consequence
-
On successfull exploitation, An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge, and then convince a user to view the website.
Additionally an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. - Solution
-
Please refer to the CVE-2020-0878,
CVE-2020-1057,
CVE-2020-1172,
and CVE-2020-1180 for more information pertaining to these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2020-0878
CVE-2020-1057
CVE-2020-1172
CVE-2020-1180
-
Microsoft Windows Servicing Stack Security Update September 2020
- Severity
- Medium 2
- Qualys ID
- 91679
- Vendor Reference
- ADV990001
- CVE Reference
- N/A
- CVSS Scores
- Base 6.8 / Temporal 5
- Description
-
Servicing stack updates improve the reliability of the update process to mitigate potential issues while installing the latest quality updates and feature updates. If you don't install the latest servicing stack update, there's a risk that your device can't be updated with the latest Microsoft security fixes.
Microsoft has released Servicing Stack security updates for Windows.
QID Detection Logic (Authenticated):
This authenticated QID will check for file version of CbsCore.dll - Consequence
-
Successful exploitation may allow unauthorized disclosure of information, unauthorized modification or disruption of service.
- Solution
-
Customers are advised to refer to advisory ADV990001 for more information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
ADV990001
These new vulnerability checks are included in Qualys vulnerability signature 2.4.979-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
- 100410
- 110360
- 110361
- 50101
- 91672
- 91673
- 91674
- 91675
- 91676
- 91677
- 91678
- 91679
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.