Fix now: High risk vulnerabilities at large, July 2020 part 3
SIGRed
Let’s start with SIGRed, announced on 14th July and shot straight up to 38.46 likelihood risk score, with, at the time of writing, proven weaponised exploits available.
| CVE | Description | CVSSv3 Score | Farsight Rating | Last seen (Farsight) |
|---|---|---|---|---|
| CVE-2020-1350 | Windows DNS Server Remote Code Execution Vulnerability | 10.0 | 38.46 | 2020-07-26 |
The patch for this was rolled out amongst the 123 fixes applied by Microsoft in the monthly patch Tuesday release. The vulnerability itself has the potential to give a threat actor access to the host that is running the Microsoft DNS server and could result in administrator level access across the entire corporate network.
We strongly recommend all our customers and readers of this blog to ensure that the monthly Microsoft patch releases are rolled out in a timely manner and use vulnerability scanners to look for vulnerable hosts. Details on the fix here.
.Net RCE
| CVE | Description | CVSSv3 Score | Farsight Rating | Last seen (Farsight) |
|---|---|---|---|---|
| CVE-2020-1147 | .NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability' | 9.8 | 38.46 | 2020-07-02 |
Another Microsoft vulnerability, this time affecting .Net Framework, that can be triggered by uploading a malicious document that takes advantage of the bug that prevents the checking of the source of the XML markup. It has been proven that it can be exploited even by a low privilege user account. Once again this is part of the recent Microsoft patch Tuesday rollout and it, along with CVE-2020-1350 is rated as a must patch by Microsoft. Details for this are here.
Oracle
Oracle also recently released a critical update patch, (July 21st) to many of their products covering over 440 individual bugs. One of those is:
| CVE | Description | CVSSv3 Score | Farsight Rating | Last seen (Farsight) |
|---|---|---|---|---|
| CVE-2020-14609 | Oracle fusion middleware exploit via HTPP | 7.5 | 9.54 | 2020-07-16 |
Whilst not majorly exciting in the community currently, the Farsight ML model is predicting this vulnerability has a potential to be exploited in the future and so customers running Oracle fusion are recommended to remediate this (and the other 443 items if relevant) as soon as possible. Details to be found here. Ultimately this vulnerability could result in the compromise of sensitive data.
Sophos XG Firewall RCE
| CVE | Description | CVSSv3 Score | Farsight Rating | Last seen (Farsight) |
|---|---|---|---|---|
| CVE-2020-15504 | Sophos XG firewall RCE | 9.8 | 38.46 | 2020-07-19 |
A remote code execution bug in Sophos XG firewalls affecting v18.0 MR1 and older. A Hot fix is already available but users of the XG firewall range should double check they are running updated versions of the software. For more details see this article.
Wrap up
This week’s CVE’s to find and fix has been dominated by CVE-2020-1350. As always we recommend customers to ensure their Microsoft Windows environments are updated on a regular basis and to keep abreast of the content of those roll up releases to spot those vulnerabilities that are rated as must patch. However it’s important that we don’t forget other software vendors we are utilising in our organizations and ensure we follow them for any major security updates or announcements. Especially when that software may be protecting very sensitive, and regulated data.
