High Threat Security Alert (A20-03-02): Multiple Vulnerabilities in Microsoft Products (March 2020)


 

Published on: 11 March 2020

Last update on: 08 June 2020

  
  

Description:

Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components. The list of security updates can be found at:

https://support.microsoft.com/en-us/help/20200310/security-update-deployment-information-march-10-2020

Reports indicate that active exploitation against the vulnerability in Microsoft Exchange Server (CVE-2020-0688) for remote code execution have been observed. System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

On 13.03.2020, Microsoft has released an out-of-band security update to address the remote code execution vulnerability (CVE-2020-0796) in its Server Message Block 3.1.1 (SMBv3) protocol. The vulnerability affects Windows 10 as well as Windows Server, version 1903 and version 1909. Successful exploitation of the vulnerability could allow an unauthenticated remote attacker to execute arbitrary code on a targeted SMB Server or SMB Client. Users are advised to apply the latest security update on the affected systems immediately to mitigate the elevated risk of cyber attacks. For detailed information, please refer to the Microsoft security advisories at the following URLs:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200005
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796

On 5.6.2020, the Cybersecurity and Infrastructure Security Agency (CISA) discovered that a functional proof-of-concept (PoC) code exploiting CVE-2020-0796 is publicly available. Reports indicated that malicious attackers are targeting unpatched systems with the new PoC. Administrators are strongly recommanded using a firewall to block SMB ports from Internet accesses and to apply the patch as soon as possible.

Please note that Microsoft announced that the extended support for Windows 7 was ceased on 14 January 2020 and no security updates will be provided after that. Users should arrange upgrading the Windows to Windows 10 or migrating to other supported technology

 

Affected Systems:

  • Microsoft Internet Explorer 9, 11
  • Microsoft Edge (EdgeHTML-based)
  • Microsoft Windows 7, 8.1, RT 8.1, 10
  • Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019
  • Microsoft Windows Server, version 1803, version 1903, version 1909
  • Microsoft Office 2010, 2016 for Mac, 2019, 2019 for Mac
  • Microsoft Office 365 ProPlus
  • Microsoft Office Online Server
  • Microsoft Office Web Apps 2010
  • Microsoft Word 2010, 2013, 2013 RT, 2016
  • Microsoft Exchange Server 2016, 2019
  • Microsoft SharePoint Foundation 2010, 2013
  • Microsoft SharePoint Enterprise Server 2013, 2016
  • Microsoft SharePoint Server 2010, 2019
  • Microsoft Business Productivity Servers 2010 Service Pack 2
  • Microsoft Dynamics NAV 2013, 2015, 2016, 2017, 2018
  • Microsoft Dynamics 365 Business Central 2019
  • Microsoft Dynamics 365 BC On Premise
  • Microsoft Remote Desktop Connection Manager 2.7
  • Microsoft Visual Studio 2015, 2017, 2019
  • Azure DevOps Server 2019
  • Application Inspector
  • ChakraCore
  • Team Foundation Server 2017, 2018

 

Impact:

Depending on the vulnerability exploited, a successful attack could lead to remote code execution, elevation of privilege, denial of service, information disclosure, spoofing and tampering.

 

Recommendation:

Patches for affected products, including the vulnerable SMBv3 protocol, are available from the Windows Update / Microsoft Update Catalog. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

To protect systems that are behind that firewall from Internet-based attacks, system administrators should consider blocking TCP port 445 at the enterprise perimeter firewall. System administrators are strongly advised to follow the Microsoft guidelines to prevent SMB traffic entering or leaving the network.

https://support.microsoft.com/en-us/help/3185535/preventing-smb-traffic-from-lateral-connections

 

More Information:

- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796
- https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Mar
- https://support.microsoft.com/en-us/help/20200310/security-update-deployment-information-march-10-2020
- https://www.hkcert.org/my_url/en/alert/20031103a
- https://www.hkcert.org/my_url/en/alert/20031101
- https://kb.cert.org/vuls/id/872016/
- https://www.us-cert.gov/ncas/current-activity/2020/03/12/microsoft-releases-out-band-security-updates-smb-rce-vulnerability
- https://www.us-cert.gov/ncas/current-activity/2020/03/10/microsoft-releases-march-2020-security-updates
- https://www.us-cert.gov/ncas/current-activity/2020/03/10/unpatched-microsoft-exchange-servers-vulnerable-cve-2020-0688
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200005
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0645
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0684
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0690
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0700
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0758
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0762
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0763
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0765
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0768 (to CVE-2020-0781)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0783
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0785 (to CVE-2020-0789)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0791
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0793
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0795
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0797 (to CVE-2020-0804)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0806 (to CVE-2020-0816)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0819
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0820
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0822 (to CVE-2020-0834)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0840 (to CVE-2020-0845)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0847 (to CVE-2020-0855)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0857 (to CVE-2020-0861)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0863 (to CVE-2020-0869)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0871
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0872
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0874
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0876
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0877
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0879 (to CVE-2020-0885)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0887
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0891 (to CVE-2020-0894)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0896 (to CVE-2020-0898)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0902
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0903
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0905

 



Tag: Microsoft , Internet Explorer , Edge , Windows , Windows Server , Microsoft Office , Office 365 , Word , Exchange Server , SharePoint , Business Productivity Server , Dynamics NAV , Dynamics 365 , Remote Desktop Connection Manager , Visual Studio , Azure DevOps , Application Inspector , ChakraCore , Team Foundation Server
Tags