{"id": "CVE-2020-17096", "bulletinFamily": "NVD", "title": "CVE-2020-17096", "description": ", aka 'Windows NTFS Remote Code Execution Vulnerability'.", "published": "2020-12-10T00:15:00", "modified": "2020-12-10T19:46:00", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17096", "reporter": "cve@mitre.org", "references": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17096"], "cvelist": ["CVE-2020-17096"], "type": "cve", "lastseen": "2020-12-11T12:50:11", "edition": 2, "viewCount": 54, "enchantments": {"dependencies": {"references": [{"type": "mscve", "idList": ["MS:CVE-2020-17096"]}, {"type": "nessus", "idList": ["SMB_NT_MS20_DEC_4592468.NASL", "SMB_NT_MS20_DEC_4592438.NASL", "SMB_NT_MS20_DEC_4586830.NASL", "SMB_NT_MS20_DEC_4592446.NASL", "SMB_NT_MS20_DEC_4586793.NASL", "SMB_NT_MS20_DEC_4592484.NASL", "SMB_NT_MS20_DEC_4592449.NASL", "SMB_NT_MS20_DEC_4592464.NASL"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:D6BB8795D96ECAD5C95596F19210BB13"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:99D9180FBF3F900ADB0CDC5EF79EC080"]}], "modified": "2020-12-11T12:50:11", "rev": 2}, "score": {"value": 3.9, "vector": "NONE", "modified": "2020-12-11T12:50:11", "rev": 2}, "twitter": {"counter": 33, "tweets": [{"link": "https://twitter.com/ptracesecurity/status/1347042122554339328", "text": "NTFS Remote Code Execution (CVE-2020-17096) Analysis https://t.co/0tyZqwYp8g?amp=1 /hashtag/Pentesting?src=hashtag_click /hashtag/RCE?src=hashtag_click /hashtag/Vulnerability?src=hashtag_click /hashtag/Exploit?src=hashtag_click /hashtag/CyberSecurity?src=hashtag_click /hashtag/Infosec?src=hashtag_click"}, {"link": "https://twitter.com/jukubird/status/1347135232407846914", "text": "NTFS Remote Code Execution (CVE-2020-17096) Analysis"}, {"link": "https://twitter.com/Anastasis_King/status/1347114397228027904", "text": "CVE-2020-17096 : NTFS Remote Code Execution Analysis"}, {"link": "https://twitter.com/ipssignatures/status/1347167605535240194", "text": "The vuln CVE-2020-17096 has a tweet created 0 days ago and retweeted 11 times.\n/Dinosn/status/1346910912171544586\n/hashtag/pow1rtrtwwcve?src=hashtag_click"}, {"link": "https://twitter.com/TigermanRoot/status/1347195906488213505", "text": "NTFS Remote Code Execution (CVE-2020-17096) Analysis - ZecOps Blog"}, {"link": "https://twitter.com/ipssignatures/status/1348013175606816770", "text": "The vuln CVE-2020-17096 has a tweet created 0 days ago and retweeted 11 times.\n/Dinosn/status/1346910912171544586\n/hashtag/pow1rtrtwwcve?src=hashtag_click"}, {"link": "https://twitter.com/ipssignatures/status/1348737950239043586", "text": "The vuln CVE-2020-17096 has a tweet created 0 days ago and retweeted 11 times.\n/Dinosn/status/1346910912171544586\n/hashtag/pow1rtrtwwcve?src=hashtag_click"}, {"link": "https://twitter.com/ipssignatures/status/1348768655312637955", "text": "(Same from about 2 hours ago.)\nI think that the third retweeted(13 times) tweet that contains CVE ID between Jan 10 2021 23:01 UTC and Jan 11 2021 23:00 UTC is:\n/Dinosn/status/1348540893448577026\nIt has CVE-2020-17096. /hashtag/l24_jd2vowepfpg7g?src=hashtag_click"}, {"link": "https://twitter.com/ipssignatures/status/1348798854590771200", "text": "(Same from about 4 hours ago.)\nI think that the third retweeted(13 times) tweet that contains CVE ID between Jan 11 2021 01:01 UTC and Jan 12 2021 01:00 UTC is:\n/Dinosn/status/1348540893448577026\nIt has CVE-2020-17096. /hashtag/l24_jd2vowepfpg7g?src=hashtag_click"}, {"link": "https://twitter.com/cornichecorp/status/1349291246003646466", "text": "NTFS Remote Code Execution (CVE-2020-17096) Analysis /hashtag/Infosec?src=hashtag_click via https://t.co/KDUhFaFE1M?amp=1"}], "modified": "2020-12-11T12:50:11"}, "vulnersScore": 3.9}, "cpe": ["cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:1803", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1903", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2016:1903"], "affectedSoftware": [{"cpeName": "microsoft:windows_10", "name": "microsoft windows 10", "operator": "eq", "version": "1809"}, {"cpeName": "microsoft:windows_10", "name": "microsoft windows 10", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows_10", "name": "microsoft windows 10", "operator": "eq", "version": "1607"}, {"cpeName": "microsoft:windows_rt_8.1", "name": "microsoft windows rt 8.1", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows_server_2016", "name": "microsoft windows server 2016", "operator": "eq", "version": "1903"}, {"cpeName": "microsoft:windows_server_2019", "name": "microsoft windows server 2019", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows_server_2016", "name": "microsoft windows server 2016", "operator": "eq", "version": "1909"}, {"cpeName": "microsoft:windows_server_2012", "name": "microsoft windows server 2012", "operator": "eq", "version": "r2"}, {"cpeName": "microsoft:windows_server_2016", "name": "microsoft windows server 2016", "operator": "eq", "version": "2004"}, {"cpeName": "microsoft:windows_10", "name": "microsoft windows 10", "operator": "eq", "version": "2004"}, {"cpeName": "microsoft:windows_server_2012", "name": "microsoft windows server 2012", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows_8.1", "name": "microsoft windows 8.1", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows_10", "name": "microsoft windows 10", "operator": "eq", "version": "20h2"}, {"cpeName": "microsoft:windows_10", "name": "microsoft windows 10", "operator": "eq", "version": "1903"}, {"cpeName": "microsoft:windows_10", "name": "microsoft windows 10", "operator": "eq", "version": "1909"}, {"cpeName": "microsoft:windows_10", "name": "microsoft windows 10", "operator": "eq", "version": "1803"}, {"cpeName": "microsoft:windows_server_2016", "name": "microsoft windows server 2016", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows_server_2016", "name": "microsoft windows server 2016", "operator": "eq", "version": "20h2"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-noinfo"], "scheme": null}
{"mscve": [{"lastseen": "2020-12-11T14:29:38", "bulletinFamily": "microsoft", "cvelist": ["CVE-2020-17096"], "description": "\n", "edition": 2, "modified": "2020-12-08T08:00:00", "id": "MS:CVE-2020-17096", "href": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17096", "published": "2020-12-08T08:00:00", "title": "Windows NTFS Remote Code Execution Vulnerability", "type": "mscve", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2020-12-12T14:04:43", "description": "The remote Windows host is missing security update 4592495\nor cumulative update 4592484. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2020-17098, CVE-2020-17140)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2020-16996)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2020-17092, CVE-2020-17097)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2020-17096)", "edition": 3, "cvss3": {"score": 8.1, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"}, "published": "2020-12-08T00:00:00", "title": "KB4592495: Windows 8.1 and Windows Server 2012 R2 December 2020 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-17092", "CVE-2020-16996", "CVE-2020-17097", "CVE-2020-17140", "CVE-2020-17096", "CVE-2020-17098"], "modified": "2020-12-08T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_DEC_4592484.NASL", "href": "https://www.tenable.com/plugins/nessus/143560", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143560);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/11\");\n\n script_cve_id(\n \"CVE-2020-16996\",\n \"CVE-2020-17092\",\n \"CVE-2020-17096\",\n \"CVE-2020-17097\",\n \"CVE-2020-17098\",\n \"CVE-2020-17140\"\n );\n script_xref(name:\"MSKB\", value:\"4592495\");\n script_xref(name:\"MSKB\", value:\"4592484\");\n script_xref(name:\"MSFT\", value:\"MS20-4592495\");\n script_xref(name:\"MSFT\", value:\"MS20-4592484\");\n script_xref(name:\"IAVA\", value:\"2020-A-0561\");\n script_xref(name:\"IAVA\", value:\"2020-A-0562\");\n\n script_name(english:\"KB4592495: Windows 8.1 and Windows Server 2012 R2 December 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4592495\nor cumulative update 4592484. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2020-17098, CVE-2020-17140)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2020-16996)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2020-17092, CVE-2020-17097)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2020-17096)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4592495/windows-8-1-update\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4592484/windows-8-1-update\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4592495 or Cumulative Update KB4592484.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"manual\");\n script_set_attribute(attribute:\"cvss_score_rationale\", value:\"Score based on analysis of the vendor advisory.\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-12\";\nkbs = make_list('4592495', '4592484');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.3\",\n sp:0,\n rollup_date:\"12_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4592495, 4592484])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:S/C:C/I:N/A:C"}}, {"lastseen": "2020-12-12T14:04:43", "description": "The remote Windows host is missing security update 4592497\nor cumulative update 4592468. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2020-17098, CVE-2020-17140)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2020-16996)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2020-17092, CVE-2020-17097)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2020-17096)", "edition": 3, "cvss3": {"score": 8.1, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"}, "published": "2020-12-08T00:00:00", "title": "KB4592497: Windows Server 2012 December 2020 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-17092", "CVE-2020-16996", "CVE-2020-17097", "CVE-2020-17140", "CVE-2020-17096", "CVE-2020-17098"], "modified": "2020-12-08T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_DEC_4592468.NASL", "href": "https://www.tenable.com/plugins/nessus/143559", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143559);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/11\");\n\n script_cve_id(\n \"CVE-2020-16996\",\n \"CVE-2020-17092\",\n \"CVE-2020-17096\",\n \"CVE-2020-17097\",\n \"CVE-2020-17098\",\n \"CVE-2020-17140\"\n );\n script_xref(name:\"MSKB\", value:\"4592497\");\n script_xref(name:\"MSKB\", value:\"4592468\");\n script_xref(name:\"MSFT\", value:\"MS20-4592497\");\n script_xref(name:\"MSFT\", value:\"MS20-4592468\");\n script_xref(name:\"IAVA\", value:\"2020-A-0561\");\n script_xref(name:\"IAVA\", value:\"2020-A-0562\");\n\n script_name(english:\"KB4592497: Windows Server 2012 December 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4592497\nor cumulative update 4592468. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2020-17098, CVE-2020-17140)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2020-16996)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2020-17092, CVE-2020-17097)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2020-17096)\");\n # https://support.microsoft.com/en-us/help/4592497/windows-server-2012-update\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d639ba48\");\n # https://support.microsoft.com/en-us/help/4592468/windows-server-2012-update\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d79ac842\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4592497 or Cumulative Update KB4592468.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"manual\");\n script_set_attribute(attribute:\"cvss_score_rationale\", value:\"Score based on analysis of the vendor advisory.\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-12\";\nkbs = make_list('4592497', '4592468');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.2\",\n sp:0,\n rollup_date:\"12_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4592497, 4592468])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:S/C:C/I:N/A:C"}}, {"lastseen": "2020-12-12T14:04:43", "description": "The remote Windows host is missing security update 4592464.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2020-17099)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2020-17098, CVE-2020-17140)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2020-16958, CVE-2020-16959, CVE-2020-16960,\n CVE-2020-16961, CVE-2020-16962, CVE-2020-16963,\n CVE-2020-16964, CVE-2020-17092, CVE-2020-17097)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2020-17096)", "edition": 3, "cvss3": {"score": 8.1, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"}, "published": "2020-12-08T00:00:00", "title": "KB4592464: Windows 10 December 2020 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-16958", "CVE-2020-16964", "CVE-2020-17092", "CVE-2020-17099", "CVE-2020-16963", "CVE-2020-17097", "CVE-2020-16962", "CVE-2020-16961", "CVE-2020-17140", "CVE-2020-17096", "CVE-2020-16960", "CVE-2020-17098", "CVE-2020-16959"], "modified": "2020-12-08T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_DEC_4592464.NASL", "href": "https://www.tenable.com/plugins/nessus/143565", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143565);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/11\");\n\n script_cve_id(\n \"CVE-2020-16958\",\n \"CVE-2020-16959\",\n \"CVE-2020-16960\",\n \"CVE-2020-16961\",\n \"CVE-2020-16962\",\n \"CVE-2020-16963\",\n \"CVE-2020-16964\",\n \"CVE-2020-17092\",\n \"CVE-2020-17096\",\n \"CVE-2020-17097\",\n \"CVE-2020-17098\",\n \"CVE-2020-17099\",\n \"CVE-2020-17140\"\n );\n script_xref(name:\"MSKB\", value:\"4592464\");\n script_xref(name:\"MSFT\", value:\"MS20-4592464\");\n script_xref(name:\"IAVA\", value:\"2020-A-0561\");\n script_xref(name:\"IAVA\", value:\"2020-A-0562\");\n\n script_name(english:\"KB4592464: Windows 10 December 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4592464.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2020-17099)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2020-17098, CVE-2020-17140)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2020-16958, CVE-2020-16959, CVE-2020-16960,\n CVE-2020-16961, CVE-2020-16962, CVE-2020-16963,\n CVE-2020-16964, CVE-2020-17092, CVE-2020-17097)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2020-17096)\");\n # https://support.microsoft.com/en-us/help/4592464/windows-10-update-kb4592464\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3feae7ab\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4592464.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"manual\");\n script_set_attribute(attribute:\"cvss_score_rationale\", value:\"Score based on analysis of the vendor advisory.\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-12\";\nkbs = make_list('4592464');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10240\",\n rollup_date:\"12_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4592464])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:S/C:C/I:N/A:C"}}, {"lastseen": "2020-12-12T14:04:42", "description": "The remote Windows host is missing security update 4586830\nor 4593226. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2020-16958, CVE-2020-16959, CVE-2020-16960,\n CVE-2020-16961, CVE-2020-16962, CVE-2020-16963,\n CVE-2020-16964, CVE-2020-17092, CVE-2020-17097)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2020-17095,\n CVE-2020-17096)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2020-16996, CVE-2020-17099)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2020-17098, CVE-2020-17138,\n CVE-2020-17140)", "edition": 3, "cvss3": {"score": 8.5, "vector": "AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2020-12-08T00:00:00", "title": "KB4586830: Windows 10 Version 1607 and Windows Server 2016 December 2020 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-17095", "CVE-2020-16958", "CVE-2020-16964", "CVE-2020-17092", "CVE-2020-17099", "CVE-2020-17138", "CVE-2020-16963", "CVE-2020-16996", "CVE-2020-17097", "CVE-2020-16962", "CVE-2020-16961", "CVE-2020-17140", "CVE-2020-17096", "CVE-2020-16960", "CVE-2020-17098", "CVE-2020-16959"], "modified": "2020-12-08T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_DEC_4586830.NASL", "href": "https://www.tenable.com/plugins/nessus/143569", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143569);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/11\");\n\n script_cve_id(\n \"CVE-2020-16958\",\n \"CVE-2020-16959\",\n \"CVE-2020-16960\",\n \"CVE-2020-16961\",\n \"CVE-2020-16962\",\n \"CVE-2020-16963\",\n \"CVE-2020-16964\",\n \"CVE-2020-16996\",\n \"CVE-2020-17092\",\n \"CVE-2020-17095\",\n \"CVE-2020-17096\",\n \"CVE-2020-17097\",\n \"CVE-2020-17098\",\n \"CVE-2020-17099\",\n \"CVE-2020-17138\",\n \"CVE-2020-17140\"\n );\n script_xref(name:\"MSKB\", value:\"4586830\");\n script_xref(name:\"MSKB\", value:\"4593226\");\n script_xref(name:\"MSFT\", value:\"MS20-4586830\");\n script_xref(name:\"MSFT\", value:\"MS20-4593226\");\n script_xref(name:\"IAVA\", value:\"2020-A-0561\");\n script_xref(name:\"IAVA\", value:\"2020-A-0562\");\n\n script_name(english:\"KB4586830: Windows 10 Version 1607 and Windows Server 2016 December 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4586830\nor 4593226. It is, therefore, affected by multiple\nvulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2020-16958, CVE-2020-16959, CVE-2020-16960,\n CVE-2020-16961, CVE-2020-16962, CVE-2020-16963,\n CVE-2020-16964, CVE-2020-17092, CVE-2020-17097)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2020-17095,\n CVE-2020-17096)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2020-16996, CVE-2020-17099)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2020-17098, CVE-2020-17138,\n CVE-2020-17140)\");\n # https://support.microsoft.com/en-us/help/4586830/windows-10-update-kb4586830\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f8c32243\");\n # https://support.microsoft.com/en-us/help/4593226/windows-10-update-kb4593226\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?779e1d95\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4586830.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"manual\");\n script_set_attribute(attribute:\"cvss_score_rationale\", value:\"Score based on analysis of the vendor advisory.\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-12\";\nkbs = make_list('4586830', '4593226');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"14393\",\n rollup_date:\"12_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4586830, 4593226])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:H/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-12-12T14:04:43", "description": "The remote Windows host is missing security update 4592446.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2020-17099)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2020-17095,\n CVE-2020-17096)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2020-16958, CVE-2020-16959, CVE-2020-16960,\n CVE-2020-16961, CVE-2020-16962, CVE-2020-16963,\n CVE-2020-16964, CVE-2020-17092, CVE-2020-17097,\n CVE-2020-17103, CVE-2020-17134, CVE-2020-17136)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2020-17094, CVE-2020-17098,\n CVE-2020-17140)", "edition": 3, "cvss3": {"score": 8.5, "vector": "AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2020-12-08T00:00:00", "title": "KB4592446: Windows 10 Version 1803 December 2020 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-17095", "CVE-2020-16958", "CVE-2020-16964", "CVE-2020-17092", "CVE-2020-17136", "CVE-2020-17134", "CVE-2020-17099", "CVE-2020-16963", "CVE-2020-17097", "CVE-2020-16962", "CVE-2020-17103", "CVE-2020-16961", "CVE-2020-17140", "CVE-2020-17096", "CVE-2020-16960", "CVE-2020-17098", "CVE-2020-16959", "CVE-2020-17094"], "modified": "2020-12-08T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_DEC_4592446.NASL", "href": "https://www.tenable.com/plugins/nessus/143571", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143571);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/11\");\n\n script_cve_id(\n \"CVE-2020-16958\",\n \"CVE-2020-16959\",\n \"CVE-2020-16960\",\n \"CVE-2020-16961\",\n \"CVE-2020-16962\",\n \"CVE-2020-16963\",\n \"CVE-2020-16964\",\n \"CVE-2020-17092\",\n \"CVE-2020-17094\",\n \"CVE-2020-17095\",\n \"CVE-2020-17096\",\n \"CVE-2020-17097\",\n \"CVE-2020-17098\",\n \"CVE-2020-17099\",\n \"CVE-2020-17103\",\n \"CVE-2020-17134\",\n \"CVE-2020-17136\",\n \"CVE-2020-17140\"\n );\n script_xref(name:\"MSKB\", value:\"4592446\");\n script_xref(name:\"MSFT\", value:\"MS20-4592446\");\n script_xref(name:\"IAVA\", value:\"2020-A-0561\");\n script_xref(name:\"IAVA\", value:\"2020-A-0562\");\n\n script_name(english:\"KB4592446: Windows 10 Version 1803 December 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4592446.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2020-17099)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2020-17095,\n CVE-2020-17096)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2020-16958, CVE-2020-16959, CVE-2020-16960,\n CVE-2020-16961, CVE-2020-16962, CVE-2020-16963,\n CVE-2020-16964, CVE-2020-17092, CVE-2020-17097,\n CVE-2020-17103, CVE-2020-17134, CVE-2020-17136)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2020-17094, CVE-2020-17098,\n CVE-2020-17140)\");\n # https://support.microsoft.com/en-us/help/4592446/windows-10-update-kb4592446\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e51f32b6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4592446.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"manual\");\n script_set_attribute(attribute:\"cvss_score_rationale\", value:\"Score based on analysis of the vendor advisory.\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-12\";\nkbs = make_list('4592446');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17134\",\n rollup_date:\"12_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4592446])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:H/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-12-23T13:41:05", "description": "The remote Windows host is missing security update 4592449.\nIt is, therefore, affected by multiple vulnerabilities:\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2020-16958, CVE-2020-16959, CVE-2020-16960,\n CVE-2020-16961, CVE-2020-16962, CVE-2020-16963,\n CVE-2020-16964, CVE-2020-17092, CVE-2020-17097,\n CVE-2020-17103, CVE-2020-17134, CVE-2020-17136)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2020-17095,\n CVE-2020-17096)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2020-17139)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2020-17094, CVE-2020-17098,\n CVE-2020-17140)", "edition": 5, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-12-08T00:00:00", "title": "KB4592449: Windows 10 Version 1903 and Windows 10 Version 1909 December 2020 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-17095", "CVE-2020-17131", "CVE-2020-16958", "CVE-2020-16964", "CVE-2020-17092", "CVE-2020-17136", "CVE-2020-17134", "CVE-2020-16963", "CVE-2020-16996", "CVE-2020-17097", "CVE-2020-16962", "CVE-2020-17103", "CVE-2020-16961", "CVE-2020-17140", "CVE-2020-17096", "CVE-2020-16960", "CVE-2020-17139", "CVE-2020-17098", "CVE-2020-16959", "CVE-2020-17094"], "modified": "2020-12-08T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_DEC_4592449.NASL", "href": "https://www.tenable.com/plugins/nessus/143570", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143570);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/22\");\n\n script_cve_id(\n \"CVE-2020-16958\",\n \"CVE-2020-16959\",\n \"CVE-2020-16960\",\n \"CVE-2020-16961\",\n \"CVE-2020-16962\",\n \"CVE-2020-16963\",\n \"CVE-2020-16964\",\n \"CVE-2020-16996\",\n \"CVE-2020-17092\",\n \"CVE-2020-17094\",\n \"CVE-2020-17095\",\n \"CVE-2020-17096\",\n \"CVE-2020-17097\",\n \"CVE-2020-17098\",\n \"CVE-2020-17103\",\n \"CVE-2020-17131\",\n \"CVE-2020-17134\",\n \"CVE-2020-17136\",\n \"CVE-2020-17139\",\n \"CVE-2020-17140\"\n );\n script_xref(name:\"MSKB\", value:\"4592449\");\n script_xref(name:\"MSFT\", value:\"MS20-4592449\");\n script_xref(name:\"IAVA\", value:\"2020-A-0555\");\n script_xref(name:\"IAVA\", value:\"2020-A-0561\");\n script_xref(name:\"IAVA\", value:\"2020-A-0562\");\n\n script_name(english:\"KB4592449: Windows 10 Version 1903 and Windows 10 Version 1909 December 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4592449.\nIt is, therefore, affected by multiple vulnerabilities:\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2020-16958, CVE-2020-16959, CVE-2020-16960,\n CVE-2020-16961, CVE-2020-16962, CVE-2020-16963,\n CVE-2020-16964, CVE-2020-17092, CVE-2020-17097,\n CVE-2020-17103, CVE-2020-17134, CVE-2020-17136)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2020-17095,\n CVE-2020-17096)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2020-17139)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2020-17094, CVE-2020-17098,\n CVE-2020-17140)\");\n # https://support.microsoft.com/en-us/help/4592449/windows-10-update-kb4592449\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c49efc98\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4592449.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-17096\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS20-12';\nkbs = make_list('4592449');\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'18362',\n rollup_date:'12_2020',\n bulletin:bulletin,\n rollup_kb_list:[4592449])\n|| \n smb_check_rollup(os:'10',\n sp:0,\n os_build:'18363',\n rollup_date:'12_2020',\n bulletin:bulletin,\n rollup_kb_list:[4592449])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-12-12T14:04:42", "description": "The remote Windows host is missing security update 4592438.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2020-17095,\n CVE-2020-17096)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2020-17131)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2020-17094, CVE-2020-17098,\n CVE-2020-17140)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2020-17139)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2020-16958, CVE-2020-16959, CVE-2020-16960,\n CVE-2020-16961, CVE-2020-16962, CVE-2020-16963,\n CVE-2020-16964, CVE-2020-17092, CVE-2020-17097,\n CVE-2020-17103, CVE-2020-17134, CVE-2020-17136,\n CVE-2020-17137)", "edition": 3, "cvss3": {"score": 8.5, "vector": "AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2020-12-08T00:00:00", "title": "KB4592438: Windows 10 Version 2004 December 2020 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-17095", "CVE-2020-17131", "CVE-2020-16958", "CVE-2020-16964", "CVE-2020-17092", "CVE-2020-17136", "CVE-2020-17134", "CVE-2020-17137", "CVE-2020-16963", "CVE-2020-16996", "CVE-2020-17097", "CVE-2020-16962", "CVE-2020-17103", "CVE-2020-16961", "CVE-2020-17140", "CVE-2020-17096", "CVE-2020-16960", "CVE-2020-17139", "CVE-2020-17098", "CVE-2020-16959", "CVE-2020-17094"], "modified": "2020-12-08T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_DEC_4592438.NASL", "href": "https://www.tenable.com/plugins/nessus/143558", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143558);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/11\");\n\n script_cve_id(\n \"CVE-2020-16958\",\n \"CVE-2020-16959\",\n \"CVE-2020-16960\",\n \"CVE-2020-16961\",\n \"CVE-2020-16962\",\n \"CVE-2020-16963\",\n \"CVE-2020-16964\",\n \"CVE-2020-16996\",\n \"CVE-2020-17092\",\n \"CVE-2020-17094\",\n \"CVE-2020-17095\",\n \"CVE-2020-17096\",\n \"CVE-2020-17097\",\n \"CVE-2020-17098\",\n \"CVE-2020-17103\",\n \"CVE-2020-17131\",\n \"CVE-2020-17134\",\n \"CVE-2020-17136\",\n \"CVE-2020-17137\",\n \"CVE-2020-17139\",\n \"CVE-2020-17140\"\n );\n script_xref(name:\"MSKB\", value:\"4592438\");\n script_xref(name:\"MSFT\", value:\"MS20-4592438\");\n script_xref(name:\"IAVA\", value:\"2020-A-0555\");\n script_xref(name:\"IAVA\", value:\"2020-A-0561\");\n script_xref(name:\"IAVA\", value:\"2020-A-0562\");\n\n script_name(english:\"KB4592438: Windows 10 Version 2004 December 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4592438.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2020-17095,\n CVE-2020-17096)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2020-17131)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2020-17094, CVE-2020-17098,\n CVE-2020-17140)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2020-17139)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2020-16958, CVE-2020-16959, CVE-2020-16960,\n CVE-2020-16961, CVE-2020-16962, CVE-2020-16963,\n CVE-2020-16964, CVE-2020-17092, CVE-2020-17097,\n CVE-2020-17103, CVE-2020-17134, CVE-2020-17136,\n CVE-2020-17137)\");\n # https://support.microsoft.com/en-us/help/4592438/windows-10-update-kb4592438\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b1f576e6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4592438.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"manual\");\n script_set_attribute(attribute:\"cvss_score_rationale\", value:\"Score based on analysis of the vendor advisory.\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-12\";\nkbs = make_list('4592438');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"19041\",\n rollup_date:\"12_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4592438])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:H/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-15T06:00:03", "description": "The remote Windows host is missing security update 4592440. \nIt is, therefore, affected by multiple vulnerabilities:\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2020-16958, CVE-2020-16959, CVE-2020-16960,\n CVE-2020-16961, CVE-2020-16962, CVE-2020-16963,\n CVE-2020-16964, CVE-2020-17092, CVE-2020-17097,\n CVE-2020-17103, CVE-2020-17134, CVE-2020-17136)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2020-17095,\n CVE-2020-17096)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2020-17094, CVE-2020-17098,\n CVE-2020-17140)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2020-16996, CVE-2020-17099, CVE-2020-17139)", "edition": 5, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-12-08T00:00:00", "title": "KB4592440: Windows 10 Version 1809 and Windows Server 2019 December 2020 Security Update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-17095", "CVE-2020-16958", "CVE-2020-16964", "CVE-2020-17092", "CVE-2020-17136", "CVE-2020-17134", "CVE-2020-17099", "CVE-2020-16963", "CVE-2020-16996", "CVE-2020-17097", "CVE-2020-16962", "CVE-2020-17103", "CVE-2020-16961", "CVE-2020-17140", "CVE-2020-17096", "CVE-2020-16960", "CVE-2020-17139", "CVE-2020-17098", "CVE-2020-16959", "CVE-2020-17094"], "modified": "2020-12-08T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_DEC_4586793.NASL", "href": "https://www.tenable.com/plugins/nessus/143561", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143561);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\n \"CVE-2020-16958\",\n \"CVE-2020-16959\",\n \"CVE-2020-16960\",\n \"CVE-2020-16961\",\n \"CVE-2020-16962\",\n \"CVE-2020-16963\",\n \"CVE-2020-16964\",\n \"CVE-2020-16996\",\n \"CVE-2020-17092\",\n \"CVE-2020-17094\",\n \"CVE-2020-17095\",\n \"CVE-2020-17096\",\n \"CVE-2020-17097\",\n \"CVE-2020-17098\",\n \"CVE-2020-17099\",\n \"CVE-2020-17103\",\n \"CVE-2020-17134\",\n \"CVE-2020-17136\",\n \"CVE-2020-17139\",\n \"CVE-2020-17140\"\n );\n script_xref(name:\"MSKB\", value:\"4592440\");\n script_xref(name:\"MSFT\", value:\"MS20-4592440\");\n script_xref(name:\"IAVA\", value:\"2020-A-0561\");\n script_xref(name:\"IAVA\", value:\"2020-A-0562\");\n\n script_name(english:\"KB4592440: Windows 10 Version 1809 and Windows Server 2019 December 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4592440. \nIt is, therefore, affected by multiple vulnerabilities:\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2020-16958, CVE-2020-16959, CVE-2020-16960,\n CVE-2020-16961, CVE-2020-16962, CVE-2020-16963,\n CVE-2020-16964, CVE-2020-17092, CVE-2020-17097,\n CVE-2020-17103, CVE-2020-17134, CVE-2020-17136)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2020-17095,\n CVE-2020-17096)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2020-17094, CVE-2020-17098,\n CVE-2020-17140)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2020-16996, CVE-2020-17099, CVE-2020-17139)\");\n # https://support.microsoft.com/en-us/help/4592440/windows-10-update-kb4592440\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1972925b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4592440.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-17096\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS20-12';\nkbs = make_list('4592440');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'17763',\n rollup_date:'12_2020',\n bulletin:bulletin,\n rollup_kb_list:[4592440])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "qualysblog": [{"lastseen": "2020-12-12T10:20:59", "bulletinFamily": "blog", "cvelist": ["CVE-2020-17095", "CVE-2020-17096", "CVE-2020-17099", "CVE-2020-17117", "CVE-2020-17118", "CVE-2020-17121", "CVE-2020-17132", "CVE-2020-17141", "CVE-2020-17142", "CVE-2020-17144"], "description": "This month\u2019s Microsoft Patch Tuesday addresses 58 vulnerabilities with 9 of them labeled as Critical. The 9 Critical vulnerabilities cover Exchange, SharePoint, Hyper-V, Chakra Scripting, and several other workstation vulnerabilities. Adobe released patches today for Experience Manager, Prelude, Lightroom and [pre-notification security advisory for Acrobat and Reader](<https://blogs.adobe.com/psirt/?p=1957>).\n\n### Workstation Patches\n\nToday\u2019s Patch Tuesday fixes vulnerabilities that would impact workstations. The Office, Edge, Chakra vulnerabilities should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes multi-user servers that are used as remote desktops for users.\n\n### Microsoft Exchange RCE\n\nMicrosoft patched five Remote Code Execution vulnerabilities in Exchange ([CVE-2020-17141](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17141>), [](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17142>)[CVE-2020-17142](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17142>), [CVE-2020-17144,](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17144>) [CVE-2020-17117](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17117>), [CVE-2020-17132](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17132>)), which would allow an attacker to run code as system by sending a malicious email. Microsoft does rank them as \u201cExploitation Less Likely,\u201d but due to the open attack vector, these patches should be prioritized on all Exchange Servers.\n\n### SharePoint RCE\n\nMicrosoft patched two RCEs ([CVE-2020-17121](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17121>) and [CVE-2020-17118](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17118>)) in SharePoint. [CVE-2020-17121](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17121>) allows an authenticated attacker to gain access to create a site and execute code remotely within the kernel. Because of this, it is highly recommended to prioritize these patches across all SharePoint deployments.\n\n### Hyper-V RCE\n\nMicrosoft also patched an RCE vulnerability in Hyper-V ([CVE-2020-17095](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17095>)) which allows an attacker to run malicious programs on Hyper-V virtual machine to execute arbitrary code on the host system when it fails to properly validate vSMB packet data. This should be prioritized on all Hyper-V systems.\n\n### Windows NTFS RCE\n\nWhile listed as Important, there is a RCE vulnerability ([CVE-2020-17096](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17096>)) in Microsoft Windows. A local attacker could exploit this vulnerability to elevate the attacker's privileges or a remote attacker with SMBv2 access to affected system could send malicious requests over the network. \n\n### Windows Lock Screen Security Bypass\n\nAn important vulnerability is patched by Microsoft ([CVE-2020-17099](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17099>)) where an attacker with physical access to the target system could perform actions on a locked system, thereby executing code from Windows lock screen in the context of the active user session. This patch should be prioritized across all Windows devices.\n\n### Adobe\n\nAdobe issued patches today covering multiple vulnerabilities in [Adobe Experience Manager](<https://helpx.adobe.com/security/products/experience-manager/apsb20-72.html>), [Lightroom](<https://helpx.adobe.com/security/products/lightroom/apsb20-74.html>), [Prelude](<https://helpx.adobe.com/security/products/reader-mobile/apsb20-71.htmlhttps://helpx.adobe.com/security/products/prelude/apsb20-70.html>) and [Pre-notification Security Advisory for Acrobat and Reader](<https://helpx.adobe.com/security/products/acrobat/apsb20-75.html>). The patches for Experience Manager and Acrobat/Reader are labeled as [Priority 2 ](<https://helpx.adobe.com/security/severity-ratings.html>), while the remaining patches are set to [Priority 3](<https://helpx.adobe.com/security/severity-ratings.html>).\n\nWhile none of the vulnerabilities disclosed in Adobe\u2019s release are known to be Actively Attacked today, all patches should be prioritized on systems with these products installed.\n\n### About Patch Tuesday\n\nPatch Tuesday QIDs are published at [Security Alerts](<https://www.qualys.com/research/security-alerts/>), typically late in the evening of [Patch Tuesday](<https://blog.qualys.com/tag/patch-tuesday>).", "modified": "2020-12-08T20:26:44", "published": "2020-12-08T20:26:44", "id": "QUALYSBLOG:D6BB8795D96ECAD5C95596F19210BB13", "href": "https://blog.qualys.com/category/vulnerabilities-research", "type": "qualysblog", "title": "December 2020 Patch Tuesday \u2013 58 Vulnerabilities, 9 Critical, Windows Exchange, Hyper-V, SharePoint, Adobe", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "avleonov": [{"lastseen": "2021-01-11T00:33:50", "bulletinFamily": "blog", "cvelist": ["CVE-2020-1472", "CVE-2020-16898", "CVE-2020-16916", "CVE-2020-16947", "CVE-2020-16952", "CVE-2020-17001", "CVE-2020-17019", "CVE-2020-17042", "CVE-2020-17049", "CVE-2020-17051", "CVE-2020-17056", "CVE-2020-17061", "CVE-2020-17064", "CVE-2020-17065", "CVE-2020-17066", "CVE-2020-17083", "CVE-2020-17084", "CVE-2020-17087", "CVE-2020-17091", "CVE-2020-17095", "CVE-2020-17096", "CVE-2020-17117", "CVE-2020-17118", "CVE-2020-17121", "CVE-2020-17122", "CVE-2020-17123", "CVE-2020-17125", "CVE-2020-17127", "CVE-2020-17128", "CVE-2020-17129", "CVE-2020-17132", "CVE-2020-17141", "CVE-2020-17142", "CVE-2020-17144"], "description": "In this episode I would like to make a status update of my [Vulristics project](<https://github.com/leonov-av/vulristics>). For those who don't know, in this project I retrieve publicly available vulnerability data and analyze it to better understand the severity of these vulnerabilities and better prioritize them. Currently, it is mainly about Microsoft Patch Tuesday vulnerabilities, but I have plans to go further. Also in this episode I want to demonstrate the new Vulristics features on Microsoft Patch Tuesday reports for October, November and December 2020.\n\n\n\n## Patch Tuesdays Automated Data Collection\n\nFirst of all, I dealt with the annoying collecting of the data for Microsoft Patch Tuesdays reports. Previously it took pretty long time. I had to go to Microsoft website and [search for CVE IDs](<https://msrc.microsoft.com/update-guide/vulnerability>). After that, I had to get the comments from various Vulnerability Management vendors and researchers blogs (Tenable, Qualys, Rapid7, ZDI). I wanted this to be as much automated as possible. I have added some code to make CVE search requests on the Microsoft website for a date range (including the second Tuesday of the month). I also figured out how to make searches on the Vulnerability Management vendors blogs. So, now to get a Microsoft Patch Tuesday report it's only necessary to set the year and month. \n\nSimple like this:\n \n \n import functions_report_ms_patch_tuesday_\n \n _functions_report_ms_patch_tuesday.make_ms_patch_tuesday_reports(year=**\"2020\"**, month=**\"December\"**, rewrite_flag=True)\n\n## Vulristics Vulnerability Scoring (VVS)\n\nI decided that CVSS is not suitable for evaluating, sorting and comparing vulnerabilities. I needed something to automatically process hundreds vulnerabilities every month and to highlight the most critical ones. Finally, I decided to make my own scoring - Vulristics Vulnerability Scoring (VVS). \n\nDo you know the perfect formula for counting vulnerability criticality? Well, I don't.  Any scoring that I can make will be subjective and will probably change over time. But at least I can make it transparent and easily changeable, so that everyone can make their own vulnerability scoring most appropriate for a particular organization.\n\nSuch scoring should consider \n\n * CVSS Base score \n * existence of the exploit\n * exploitability of the vulnerability in the wild\n * popularity of the vulnerable software \n * type of the vulnerability\n\nExamples: \n\n2\\.  **Elevation of Privilege** - Windows Kernel Local ([CVE-2020-17087](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17087>)) - Critical [628] \ncomponent| value| weight| comment \n---|---|---|--- \nExploited in the Wild| 1.0| 18| Exploitation in the wild is mentioned at Vulners ([AttackerKB](<https://vulners.com/attackerkb/AKB:B72B19ED-8E0B-4C11-9C2D-95A25BCC42A6>) object), [AttackerKB](<https://attackerkb.com/topics/y8mmBHc710/cve-2020-17087-windows-kernel-local-privilege-escalation-0day>), [Microsoft](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17087>) \nPublic Exploit Exists| 0| 17| Public exploit is NOT found at Vulners website \nCriticality of Vulnerability Type| 0.5| 15| Elevation of Privilege \nVulnerable Product is Common| 1.0| 14| Windows component \nCVSS Base Score| 0.7| 10| NVD Vulnerability Severity Rating is High \n3\\.  **Elevation of Privilege** - Windows Print Spooler ([CVE-2020-17001](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17001>)) - Critical [614] \ncomponent| value| weight| comment \n---|---|---|--- \nExploited in the Wild| 0| 18| Exploitation in the wild is NOT found at Vulners, Microsoft and AttackerKB websites \nPublic Exploit Exists| 1.0| 17| Public exploit is found at Vulners ([Microsoft Windows Local Spooler Bypass](<https://vulners.com/PACKETSTORM/PACKETSTORM:160028>)) \nCriticality of Vulnerability Type| 0.5| 15| Elevation of Privilege \nVulnerable Product is Common| 1.0| 14| Windows component \nCVSS Base Score| 0.7| 10| NVD Vulnerability Severity Rating is High \n \n### Exploitablity in The Wild and Vulners\n\nThe really interesting thing was to detect if the vulnerability is being exploited in real attacks. I made a post in my telegram channel asking for ideas. We can't use Microsoft data directly because they do not update it after the initial vulnerability release. Other good sources are [AttackerKB by Rapid7](<https://attackerkb.com/>) and [US-CERT Bulletins](<https://us-cert.cisa.gov/ncas/current-activity/2020/10/29/microsoft-warns-continued-exploitation-cve-2020-1472>). \n\nI asked my friends from the Vulners team to add this feature and now you can [search for CVEs exploited in the wild](<https://vulners.com/search?query=enchantments.exploitation.wildExploited:true>) based on data from AttackerKB and US-CERT. \n\n\n\nAnd also this data is available in JSON format for the vulnerability:\n \n \n ... \n \"exploitation\": {\n \"wildExploited\": true,\n \"wildExploitedSources\": [\n {\n \"type\": \"cisa\",\n \"idList\": [\n \"CISA:2B970469D89016F563E142BE209443D8\",\n \"CISA:61F2653EF56231DB3AEC3A9E938133FE\",\n \"CISA:990FCFCEB1D9B60F5FAA47A1F537A3CB\"\n ]\n },\n {\n \"type\": \"attackerkb\",\n \"idList\": [\n \"AKB:7C5703D3-9E18-4F5C-A4D2-25E1F09B43CB\"\n ]\n }\n ],\n \"modified\": \"2020-12-25T13:57:26\"\n },\n ... \n \n\nI also added direct AttackerKB processing to Vulristics and some code to filter out false positives in "Exploitablity in The Wild".\n\n### VM Vendor's Comments \n\nWhat about VM Vendor's Comments? Firstly I thought that the existence of the comment from the vendor should be taken into consideration when counting the vulnerability score. But then I decided that it's a bad practice because the vendors are not who makes the criticality but they help you to test your scoring.\n\nFor example, if your score shows that some vulnerability is critical and vulnerability management vendors don't mention it, this means that your scoring has some flaws or the experts of VM vendor don't understand something. \n\n## Microsoft Patch Tuesdays Q4 2020\n\nNow let's take a look on the Vulrisctics Microsoft Patch Tuesday reports for October, November and December 2020.\n\n### October 2020\n\n * All vulnerabilities: 87\n * Urgent: 0\n * Critical: 2\n * High: 20\n * Medium: 63\n * Low: 2\n\nIt has been an interesting month. \n\nMost of the VM vendors and researchers focused on "**Remote Code Execution** - Windows TCP/IP ([CVE-2020-16898](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16898>)) - High [500]", dubbed "Bad Neighbor". It affects all supported versions of Windows OS, and maybe unsupported/earlier versions of Windows as well. Tenable wrote: "According to a blog post from McAfee, Microsoft Active Protections Program (MAPP) members were provided with a test script that successfully demonstrates exploitation of this vulnerability to cause a denial of service (DoS). While the test scenario does not provide the ability to pivot to RCE, an attacker could craft a wormable exploit to achieve RCE. While an additional bug would be required to craft an exploit, it is likely that we will see proof-of-concept (PoC) code released in the near future." However, there has been no news since October.\n\nBut there is a more critical vulnerability with a public exploit "**Remote Code Execution** - Microsoft SharePoint ([CVE-2020-16952](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16952>)) - Critical [640]". It was mentioned by all vendors, but without much emphasis.\n\nAnd the second critical vulnerability is "**Elevation of Privilege** - Windows COM Server ([CVE-2020-16916](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16916>)) - Critical [628]" for which there is a flag of exploitation in the wild in AttackerKB. How much can you believe it? Well AttackerKB is a crowdsourcing platform, so possibly it can be fake.\n\nFor many other vulnerabilities (including 19 RCEs), there are no exploits or signs of exploitation in the wild. Among them, much attention has been paid to RCE in Microsoft Outlook ([CVE-2020-16947](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16947>)). A quote from Tenable: "Because Outlook\u2019s Preview Pane is affected by this flaw, a user does not have to open the message in order for the vulnerability to be exploited. As Outlook is widely used for enterprise email, we highly recommend prioritizing the patching of this CVE."\n\n### November 2020\n\n * All vulnerabilities: 112\n * Urgent: 0\n * Critical: 3\n * High: 17\n * Medium: 90\n * Low: 2\n\n2 vulnerabilities were critical because there is information about them that they are Exploited in the wild. \n\nAll VM vendors initially did not notice "**Security Feature Bypass** - Kerberos KDC ([CVE-2020-17049](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17049>)) - Critical [709]", only ZDI wrote that they don't understand what it is: "What security feature in Kerberos is being bypassed? What is the likelihood?". But then a post appeared with a [detailed description of the exploitation](<https://blog.netspi.com/cve-2020-17049-kerberos-bronze-bit-attack/>). \n\nThe second critical is "**Elevation of Privilege** - Windows Kernel Local ([CVE-2020-17087](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17087>)) - Critical [628]". It was used to escape Google Chrome\u2019s sandbox in order to elevate privileges on the exploited system.\n\nThe third critical vulnerability "**Elevation of Privilege** - Windows Print Spooler ([CVE-2020-17001](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17001>)) - Critical [614]" has a public exploit at Vulners ([Microsoft Windows Local Spooler Bypass](<https://vulners.com/PACKETSTORM/160028>)) \n\nMost of the comments this month were about "**Remote Code Execution** - Windows Network File System ([CVE-2020-17051](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17051>)) - High [513]". A quote from Tenable: "In a blog post by McAfee, there is speculation about combining **CVE-2020-17051** with CVE-2020-17056, a remote kernel data read vulnerability in NFS, in order to bypass address space layout randomization (ASLR), which could increase the probability of a remote exploit". But in fact, we did not see any attacks or exploits for this vulnerability.\n\nAlso worth mentioning RCEs in\n\n * Microsoft Exchange Server ([CVE-2020-17083](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17083>), [CVE-2020-17084](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17084>))\n * Windows Print Spooler ([CVE-2020-17042](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17042>))\n * Microsoft Excel ([CVE-2020-17019](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17019>), [CVE-2020-17064](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17064>), [CVE-2020-17065](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17065>), [CVE-2020-17066](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17066>))\n * Microsoft SharePoint ([CVE-2020-17061](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17061>))\n * Microsoft Teams ([CVE-2020-17091](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17091>))\n\nBut we did not see any attacks or exploits for them either.\n\n### December 2020\n\n * All vulnerabilities: 58\n * Urgent: 0\n * Critical: 1\n * High: 23\n * Medium: 30\n * Low: 4\n\nThere were no vulnerabilities with exploits. \n\nThe critical is only "**Remote Code Execution** - Microsoft Exchange ([CVE-2020-17144](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17144>)) - Critical [705]", because of AttackerKB. How realistic is this? You know, crowdsourcing. Rapid7: **CVE-2020-17144** which is another remote code execution vulnerability also stemming from improper validation for cmdlet arguments, this one only affects Exchange Server 2010 SP3 and does require additional user interaction to successfully execute". Besides this, there were many other Microsoft Exchange RCEs ([CVE-2020-17117](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17117>), [CVE-2020-17132](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17132>), [CVE-2020-17141](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17141>), [CVE-2020-17142](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17142>)).\n\nOther RCEs worth mentioning were in:\n\n * Windows NTFS ([CVE-2020-17096](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17096>)). Tenable: "An RCE in Windows NT File System (NTFS), the file system used in Microsoft Windows and Microsoft Windows Server. No user interaction is required to exploit this vulnerability. Depending on the attacker\u2019s position, there are a few avenues for exploitation. For an attacker that has already established a local position on the vulnerable system, executing a malicious application that exploits the flaw would result in an elevation of privileges. Alternatively, a remote attacker could exploit the flaw by sending malicious requests to a vulnerable system, so long as they could access it over the Server Message Block version 2 protocol (SMBv2). Successful exploitation in this context would grant the attacker arbitrary code execution".\n * Hyper-V ([CVE-2020-17095](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17095>))\n * Microsoft SharePoint ([CVE-2020-17118](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17118>), [CVE-2020-17121](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17121>))\n * Microsoft Excel ([CVE-2020-17122](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17122>), [CVE-2020-17123](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17123>), [CVE-2020-17125](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17125>), [CVE-2020-17127](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17127>), [CVE-2020-17128](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17128>), [CVE-2020-17129](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17129>))\n\nThank you, I will be glad to know your opinion about Vulristics and how it can be further improved. Write to <https://t.me/avleonovchat>.\n\nFull reports are available here:\n\n * [October 2020](<http://avleonov.com/vulristics_reports/october2020_report_avleonov_comments.html>)\n * [November 2020](<http://avleonov.com/vulristics_reports/november2020_report_avleonov_comments.html>)\n * [December 2020](<http://avleonov.com/vulristics_reports/december2020_report_avleonov_comments.html>)\n", "modified": "2021-01-11T01:50:44", "published": "2021-01-11T01:50:44", "id": "AVLEONOV:28E47C69DA4A069031694EB4C2C931BA", "href": "http://feedproxy.google.com/~r/avleonov/~3/mC48TITxRfM/", "type": "avleonov", "title": "Vulristics Vulnerability Score, Automated Data Collection and Microsoft Patch Tuesdays Q4 2020", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "rapid7blog": [{"lastseen": "2020-12-12T10:47:13", "bulletinFamily": "info", "cvelist": ["CVE-2020-16875", "CVE-2020-16958", "CVE-2020-16959", "CVE-2020-16960", "CVE-2020-16961", "CVE-2020-16962", "CVE-2020-16963", "CVE-2020-16964", "CVE-2020-16971", "CVE-2020-16996", "CVE-2020-17002", "CVE-2020-17089", "CVE-2020-17092", "CVE-2020-17094", "CVE-2020-17095", "CVE-2020-17096", "CVE-2020-17097", "CVE-2020-17098", "CVE-2020-17099", "CVE-2020-17103", "CVE-2020-17115", "CVE-2020-17117", "CVE-2020-17118", "CVE-2020-17119", "CVE-2020-17120", "CVE-2020-17121", "CVE-2020-17122", "CVE-2020-17123", "CVE-2020-17124", "CVE-2020-17125", "CVE-2020-17126", "CVE-2020-17127", "CVE-2020-17128", "CVE-2020-17129", "CVE-2020-17130", "CVE-2020-17131", "CVE-2020-17132", "CVE-2020-17133", "CVE-2020-17134", "CVE-2020-17135", "CVE-2020-17136", "CVE-2020-17137", "CVE-2020-17138", "CVE-2020-17139", "CVE-2020-17140", "CVE-2020-17141", "CVE-2020-17142", "CVE-2020-17143", "CVE-2020-17144", "CVE-2020-17145", "CVE-2020-17147", "CVE-2020-17148", "CVE-2020-17150", "CVE-2020-17152", "CVE-2020-17153", "CVE-2020-17156", "CVE-2020-17158", "CVE-2020-17159", "CVE-2020-17160"], "description": "\n\nWe close off our 2020 year of Patch Tuesdays with 58 vulnerabilities being addressed. While it's a higher count than our typical December months (high thirties), it's still a nice breath of fresh air given how the past year has been. We do, however, get to celebrate that none of the reported vulnerabilities covered this month has been publicly exploited nor previously publicly disclosed and only 9 of the 58 vulnerabilities have been marked as Critical by Microsoft.\n\nIn terms of actionables, standard procedures can be followed here in terms of how to prioritize which sets of patches to apply first with two exceptions.\n\n## Microsoft Office vulnerabilities\n\nA fair amount of remote code executions targeting Microsoft Excel are being patched up today and while none of them have the Preview Pane set as an attack vector, the volume of remote code execution vulnerabilities pertaining to Microsoft Office this month may suggest a slight re-jig of priorities. That's our first (minor) exception.\n\nThe next exception is likely the most notable piece behind this December 2020 Patch Tuesday: Microsoft Exchange Server.\n\n## Microsoft Exchange Server vulnerabilities\n\nWhile there are a total of six vulnerabilities from Microsoft Exchange Server this month, two of them garner a CVSS score of 9.1 ([CVE-2020-17132](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17132>), [CVE-2020-17142](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17142>)) and one is noted by Microsoft has having a higher chance of exploitability ([CVE-2020-17144](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17144>)). These three warrant an additional examination and may be grounds for prioritizing patching.\n\nThere is currently suspicion that [CVE-2020-17132](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17132>) helps address the patch bypass of [CVE-2020-16875](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16875>) (CVSS 8.4) from September 2020. As well, both [CVE-2020-17132](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17132>) and [CVE-2020-17142](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17142>) are remote code execution vulnerabilities occurring due to improper validation of cmdlet arguments that affect all supported (as of writing) versions of Microsoft Exchange. One important note to consider is while these vulnerabilities have received a CVSS score of 9.1 and do not require additional user interaction, an attacker must be in an authenticated role in order to exploit this vulnerability.\n\nIn contrast, [CVE-2020-17144](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17144>) which is another remote code execution vulnerability also stemming from improper validation for cmdlet arguments, this one only affects Exchange Server 2010 SP3 and does require additional user interaction to successfully execute. This is extra interesting as [Microsoft Exchange Server 2010 passed end of life back on October 22, 2020](<https://techcommunity.microsoft.com/t5/exchange-team-blog/microsoft-extending-end-of-support-for-exchange-server-2010-to/ba-p/753591>). The introduction of this post-EOL patch for Microsoft Exchange Server 2010 coupled with Microsoft noting this vulnerability to be more likely exploitable does suggest prioritizing this patch a bit earlier.\n\n## New Summary Tables\n\nIn an attempt to provide a bit more summarizing tables, here are this month's patched vulnerabilities split by the product family.\n\n### Azure Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | has_faq \n---|---|---|---|---|--- \n[CVE-2020-17160](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17160>) | Azure Sphere Security Feature Bypass Vulnerability | False | False | 7.4 | True \n[CVE-2020-16971](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16971>) | Azure SDK for Java Security Feature Bypass Vulnerability | False | False | 7.4 | False \n \n### Browser Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | has_faq \n---|---|---|---|---|--- \n[CVE-2020-17153](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17153>) | Microsoft Edge for Android Spoofing Vulnerability | False | False | 4.3 | True \n[CVE-2020-17131](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17131>) | Chakra Scripting Engine Memory Corruption Vulnerability | False | False | 4.2 | False \n \n### Developer Tools Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | has_faq \n---|---|---|---|---|--- \n[CVE-2020-17148](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17148>) | Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability | False | False | 7.8 | True \n[CVE-2020-17150](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17150>) | Visual Studio Code Remote Code Execution Vulnerability | False | False | 7.8 | False \n[CVE-2020-17156](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17156>) | Visual Studio Remote Code Execution Vulnerability | False | False | 7.8 | True \n[CVE-2020-17159](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17159>) | Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability | False | False | 7.8 | False \n[CVE-2020-17002](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17002>) | Azure SDK for C Security Feature Bypass Vulnerability | False | False | 7.4 | False \n[CVE-2020-17135](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17135>) | Azure DevOps Server Spoofing Vulnerability | False | False | 6.4 | False \n[CVE-2020-17145](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17145>) | Azure DevOps Server and Team Foundation Services Spoofing Vulnerability | False | False | 5.4 | False \n \n### ESU Windows Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | has_faq \n---|---|---|---|---|--- \n[CVE-2020-17140](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17140>) | Windows SMB Information Disclosure Vulnerability | False | False | 8.1 | True \n[CVE-2020-16958](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16958>) | Windows Backup Engine Elevation of Privilege Vulnerability | False | False | 7.8 | False \n[CVE-2020-16959](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16959>) | Windows Backup Engine Elevation of Privilege Vulnerability | False | False | 7.8 | False \n[CVE-2020-16960](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16960>) | Windows Backup Engine Elevation of Privilege Vulnerability | False | False | 7.8 | False \n[CVE-2020-16961](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16961>) | Windows Backup Engine Elevation of Privilege Vulnerability | False | False | 7.8 | False \n[CVE-2020-16962](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16962>) | Windows Backup Engine Elevation of Privilege Vulnerability | False | False | 7.8 | False \n[CVE-2020-16963](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16963>) | Windows Backup Engine Elevation of Privilege Vulnerability | False | False | 7.8 | False \n[CVE-2020-16964](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16964>) | Windows Backup Engine Elevation of Privilege Vulnerability | False | False | 7.8 | False \n[CVE-2020-17098](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17098>) | Windows GDI+ Information Disclosure Vulnerability | False | False | 5.5 | True \n \n### Exchange Server Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | has_faq \n---|---|---|---|---|--- \n[CVE-2020-17132](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17132>) | Microsoft Exchange Remote Code Execution Vulnerability | False | False | 9.1 | True \n[CVE-2020-17142](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17142>) | Microsoft Exchange Remote Code Execution Vulnerability | False | False | 9.1 | True \n[CVE-2020-17143](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17143>) | Microsoft Exchange Information Disclosure Vulnerability | False | False | 8.8 | True \n[CVE-2020-17141](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17141>) | Microsoft Exchange Remote Code Execution Vulnerability | False | False | 8.4 | True \n[CVE-2020-17144](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17144>) | Microsoft Exchange Remote Code Execution Vulnerability | False | False | 8.4 | True \n[CVE-2020-17117](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17117>) | Microsoft Exchange Remote Code Execution Vulnerability | False | False | 6.6 | False \n \n### Microsoft Dynamics Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | has_faq \n---|---|---|---|---|--- \n[CVE-2020-17152](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17152>) | Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability | False | False | 8.8 | True \n[CVE-2020-17158](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17158>) | Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability | False | False | 8.8 | True \n[CVE-2020-17147](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17147>) | Dynamics CRM Webclient Cross-site Scripting Vulnerability | False | False | 8.7 | True \n[CVE-2020-17133](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17133>) | Microsoft Dynamics Business Central/NAV Information Disclosure | False | False | 6.5 | True \n \n### Microsoft Office Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | has_faq \n---|---|---|---|---|--- \n[CVE-2020-17121](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17121>) | Microsoft SharePoint Remote Code Execution Vulnerability | False | False | 8.8 | True \n[CVE-2020-17118](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17118>) | Microsoft SharePoint Remote Code Execution Vulnerability | False | False | 8.1 | False \n[CVE-2020-17115](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17115>) | Microsoft SharePoint Spoofing Vulnerability | False | False | 8 | True \n[CVE-2020-17122](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17122>) | Microsoft Excel Remote Code Execution Vulnerability | False | False | 7.8 | True \n[CVE-2020-17123](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17123>) | Microsoft Excel Remote Code Execution Vulnerability | False | False | 7.8 | True \n[CVE-2020-17124](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17124>) | Microsoft PowerPoint Remote Code Execution Vulnerability | False | False | 7.8 | True \n[CVE-2020-17125](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17125>) | Microsoft Excel Remote Code Execution Vulnerability | False | False | 7.8 | True \n[CVE-2020-17127](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17127>) | Microsoft Excel Remote Code Execution Vulnerability | False | False | 7.8 | True \n[CVE-2020-17128](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17128>) | Microsoft Excel Remote Code Execution Vulnerability | False | False | 7.8 | True \n[CVE-2020-17129](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17129>) | Microsoft Excel Remote Code Execution Vulnerability | False | False | 7.8 | True \n[CVE-2020-17089](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17089>) | Microsoft SharePoint Elevation of Privilege Vulnerability | False | False | 7.1 | False \n[CVE-2020-17119](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17119>) | Microsoft Outlook Information Disclosure Vulnerability | False | False | 6.5 | True \n[CVE-2020-17130](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17130>) | Microsoft Excel Security Feature Bypass Vulnerability | False | False | 6.5 | True \n[CVE-2020-17126](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17126>) | Microsoft Excel Information Disclosure Vulnerability | False | False | 5.5 | True \n[CVE-2020-17120](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17120>) | Microsoft SharePoint Information Disclosure Vulnerability | False | False | 5.3 | True \n \n### Windows Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | has_faq \n---|---|---|---|---|--- \n[CVE-2020-17095](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17095>) | Hyper-V Remote Code Execution Vulnerability | False | False | 8.5 | True \n[CVE-2020-17092](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17092>) | Windows Network Connections Service Elevation of Privilege Vulnerability | False | False | 7.8 | False \n[CVE-2020-17134](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17134>) | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | False | False | 7.8 | False \n[CVE-2020-17136](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17136>) | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | False | False | 7.8 | False \n[CVE-2020-17137](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17137>) | DirectX Graphics Kernel Elevation of Privilege Vulnerability | False | False | 7.8 | False \n[CVE-2020-17139](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17139>) | Windows Overlay Filter Security Feature Bypass Vulnerability | False | False | 7.8 | False \n[CVE-2020-17096](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17096>) | Windows NTFS Remote Code Execution Vulnerability | False | False | 7.5 | True \n[CVE-2020-17103](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17103>) | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | False | False | 7 | False \n[CVE-2020-17099](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17099>) | Windows Lock Screen Security Feature Bypass Vulnerability | False | False | 6.8 | True \n[CVE-2020-16996](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16996>) | Kerberos Security Feature Bypass Vulnerability | False | False | 6.5 | True \n[CVE-2020-17094](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17094>) | Windows Error Reporting Information Disclosure Vulnerability | False | False | 5.5 | True \n[CVE-2020-17138](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17138>) | Windows Error Reporting Information Disclosure Vulnerability | False | False | 5.5 | True \n[CVE-2020-17097](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17097>) | Windows Digital Media Receiver Elevation of Privilege Vulnerability | False | False | 3.3 | False \n \n## Summary Graphs\n\n", "modified": "2020-12-08T21:36:27", "published": "2020-12-08T21:36:27", "id": "RAPID7BLOG:99D9180FBF3F900ADB0CDC5EF79EC080", "href": "https://blog.rapid7.com/2020/12/08/patch-tuesday-december-2020/", "type": "rapid7blog", "title": "Patch Tuesday - December 2020", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}