Skip to main content

Fix now: High risk vulnerabilities at large, July 2020 part 3

28.Jul.2020
Simon Roe, Product Manager Outpost24
In the world of CVEs, we have seen a few interesting ones released in the last couple of weeks since our last risk based vulnerability management blog, including the recent big news SIGRed. Read on for more information on how to prioritize these vulnerabilities for patching to mitigate risk.
High risk vulnerabilities

SIGRed

Let’s start with SIGRed, announced on 14th July and shot straight up to 38.46 likelihood risk score, with, at the time of writing, proven weaponised exploits available.

CVE Description CVSSv3 Score Farsight Rating Last seen (Farsight)
CVE-2020-1350 Windows DNS Server Remote Code Execution Vulnerability 10.0 38.46 2020-07-26

 

The patch for this was rolled out amongst the 123 fixes applied by Microsoft in the monthly patch Tuesday release. The vulnerability itself has the potential to give a threat actor access to the host that is running the Microsoft DNS server and could result in administrator level access across the entire corporate network.

We strongly recommend all our customers and readers of this blog to ensure that the monthly Microsoft patch releases are rolled out in a timely manner and use vulnerability scanners to look for vulnerable hosts. Details on the fix here.

 

.Net RCE

 

CVE Description CVSSv3 Score Farsight Rating Last seen (Farsight)
CVE-2020-1147 .NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability' 9.8 38.46 2020-07-02

 

Another Microsoft vulnerability, this time affecting .Net Framework, that can be triggered by uploading a malicious document that takes advantage of the bug that prevents the checking of the source of the XML markup. It has been proven that it can be exploited even by a low privilege user account. Once again this is part of the recent Microsoft patch Tuesday rollout and it, along with CVE-2020-1350 is rated as a must patch by Microsoft. Details for this are here.

 

Oracle

Oracle also recently released a critical update patch, (July 21st) to many of their products covering over 440 individual bugs. One of those is:

 

CVE Description CVSSv3 Score Farsight Rating Last seen (Farsight)
CVE-2020-14609 Oracle fusion middleware exploit via HTPP 7.5 9.54 2020-07-16

 

Whilst not majorly exciting in the community currently, the Farsight ML model is predicting this vulnerability has a potential to be exploited in the future and so customers running Oracle fusion are recommended to remediate this (and the other 443 items if relevant) as soon as possible. Details to be found here. Ultimately this vulnerability could result in the compromise of sensitive data.

 

Sophos XG Firewall RCE

 

CVE Description CVSSv3 Score Farsight Rating Last seen (Farsight)
CVE-2020-15504 Sophos XG firewall RCE 9.8 38.46 2020-07-19

 

 

A remote code execution bug in Sophos XG firewalls affecting v18.0 MR1 and older. A Hot fix is already available but users of the XG firewall range should double check they are running updated versions of the software. For more details see this article.

 

Wrap up

This week’s CVE’s to find and fix has been dominated by CVE-2020-1350. As always we recommend customers to ensure their Microsoft Windows environments are updated on a regular basis and to keep abreast of the content of those roll up releases to spot those vulnerabilities that are rated as must patch. However it’s important that we don’t forget other software vendors we are utilising in our organizations and ensure we follow them for any major security updates or announcements. Especially when that software may be protecting very sensitive, and regulated data.

 

SUBSCRIBE TO OUR EMAIL

Looking for anything in particular?

Type your search word here