Wednesday, April 17, 2024

Multiple vulnerabilities in Microsoft products

User Avatar
By Steven Black (n0tst3)
Microsoft Target
Microsoft Target

November 12, 2020

DOCUMENT MANAGEMENT


Reference CERTFR-2020-AVI-739
Title Multiple vulnerabilities in Microsoft products
First version date November 12, 2020
Latest version date November 12, 2020
Source (s) Microsoft Security Bulletin November 11, 2020
Attachment (s) None
Table 1: Document management
A detailed version control can be found at the end of this document.

RISK (S)

  1. Bypass the security feature
  2. Breach of data confidentiality
  3. Denied service
  4. Remote code execution
  5. Identity theft
  6. Privilege escalation
  7. AFFECTED SYSTEMS
  8. AV1 Video Extension
  9. Azure DevOps Server 2019 Update 1.1
  10. Azure Sphere
  11. ChakraCore
  12. HEIF Image Extension
  13. HEVC Video Extensions
  14. Microsoft 365 Apps for Enterprise for 64-bit Systems
  15. Microsoft 365 Apps for Enterprise for 32-bit systems
  16. Microsoft Dynamics 365 (on-premises) version 8.2
  17. Microsoft Dynamics 365 (on-premises) version 9.0
  18. Microsoft Dynamics CRM 2015 (on-premises) version 7.0
  19. Microsoft Exchange Server 2013 Cumulative Update 23
  20. Microsoft Exchange Server 2016 Cumulative Update 17
  21. Microsoft Exchange Server 2016 Cumulative Update 18
  22. Microsoft Exchange Server 2019 Cumulative Update 6
  23. Microsoft Exchange Server 2019 Cumulative Update 7
  24. Microsoft Teams
  25. Microsoft Visual Studio 2017 version 15.9 (includes 15.0 – 15.8)
  26. Microsoft Visual Studio 2019 version 16.0
  27. Microsoft Visual Studio 2019 version 16.4 (includes 16.0 – 16.3)
  28. Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)
  29. Microsoft Visual Studio 2019 version 16.8
  30. Raw Image Extension
  31. Visual Studio Code
  32. WebP Image Extension

ABSTRACT


Multiple vulnerabilities have been corrected in Microsoft products. They allow an attacker to cause an elevation of privilege, a remote code execution, a breach of data confidentiality, a bypass of the security functionality, a denial of service and an impersonation.

SOLUTION


Refer to the publisher’s security bulletin to obtain patches (see Documentation section).

Recommended:  SaltStack Salt REST API Arbitrary Command Execution Exploit

DOCUMENTATION


Reference CVE CVE-2020-16970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16970
Reference CVE CVE-2020-16991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16991
Reference CVE CVE-2020-16993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16993
Reference CVE CVE-2020-16989
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16989
Reference CVE CVE-2020-16986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16986
Reference CVE CVE-2020-16988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16988
Reference CVE CVE-2020-16982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16982
Reference CVE CVE-2020-17018
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17018
Reference CVE CVE-2020-17065
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17065
Reference CVE CVE-2020-17054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17054
Reference CVE CVE-2020-17063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17063
Reference CVE CVE-2020-16994
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16994
Reference CVE CVE-2020-17085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17085
Reference CVE CVE-2020-1325
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1325
Reference CVE CVE-2020-17081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17081
Reference CVE CVE-2020-16981
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16981
Reference CVE CVE-2020-16984
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16984
Reference CVE CVE-2020-17005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17005
Reference CVE CVE-2020-17078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17078
Reference CVE CVE-2020-16987
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16987
Reference CVE CVE-2020-17091
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17091
Reference CVE CVE-2020-17062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17062
Reference CVE CVE-2020-17100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17100
Reference CVE CVE-2020-17048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17048
Reference CVE CVE-2020-17086
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17086
Reference CVE CVE-2020-17101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17101
Reference CVE CVE-2020-17067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17067
Reference CVE CVE-2020-17106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17106
Reference CVE CVE-2020-17104
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17104
Reference CVE CVE-2020-17084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17084
Reference CVE CVE-2020-16985
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16985
Reference CVE CVE-2020-17108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17108
Reference CVE CVE-2020-16983
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16983
Reference CVE CVE-2020-17064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17064
Reference CVE CVE-2020-16992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16992
Reference CVE CVE-2020-17107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17107
Reference CVE CVE-2020-16990
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16990
Reference CVE CVE-2020-17083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17083
Reference CVE CVE-2020-17105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17105
Reference CVE CVE-2020-17079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17079
Reference CVE CVE-2020-17020
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17020
Reference CVE CVE-2020-17006
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17006
Reference CVE CVE-2020-17109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17109
Reference CVE CVE-2020-17110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17110
Reference CVE CVE-2020-17021
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17021

Bookmark
ClosePlease login
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Get Offer
Digital ocean free 200

Discover more infosec

User Avatar
Steven Black (n0tst3)
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

more infosec reads

Subscribe for weekly updates

explore

more

security

Editor Picks

Featured

Cyber Academy

ABOUT US

RiSec represents an autonomous, non-profit alliance comprising of individuals dedicated to enhancing cybersecurity awareness and education. Read more

Contact us: security@realinfosec.net

Social

Subscribe for weekly updates

Copyright © RiSec 2023 All rights reserved.
All trademarks, logos, images and brand names are the property of their respective owners.