CVE-2020-16996

2020-12-10T00:00:00

Description

Kerberos Security Feature Bypass Vulnerability #### Notes Author| Note ---|--- [mdeslaur](<https://launchpad.net/~mdeslaur>) | this is a Microsoft-specific issue

Affected Package

OS	OS Version	Package Name	Package Version
ubuntu	upstream	krb5	any

{"id": "UB:CVE-2020-16996", "vendorId": null, "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2020-16996", "description": "Kerberos Security Feature Bypass Vulnerability\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | this is a Microsoft-specific issue\n", "published": "2020-12-10T00:00:00", "modified": "2020-12-10T00:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 4.0}, "severity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "href": "https://ubuntu.com/security/CVE-2020-16996", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16996", "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16996", "https://nvd.nist.gov/vuln/detail/CVE-2020-16996", "https://launchpad.net/bugs/cve/CVE-2020-16996", "https://security-tracker.debian.org/tracker/CVE-2020-16996"], "cvelist": ["CVE-2020-16996"], "immutableFields": [], "lastseen": "2022-08-04T13:24:01", "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-16996"]}, {"type": "ibm", "idList": ["F34133DBAC4F6FEF866DB845BED95244FB18E8AD56C9EDC4C9EFFFDFD49046C8"]}, {"type": "kaspersky", "idList": ["KLA12024"]}, {"type": "mscve", "idList": ["MS:CVE-2020-16996"]}, {"type": "nessus", "idList": ["SMB_NT_MS20_DEC_4586793.NASL", "SMB_NT_MS20_DEC_4586830.NASL", "SMB_NT_MS20_DEC_4592438.NASL", "SMB_NT_MS20_DEC_4592449.NASL", "SMB_NT_MS20_DEC_4592468.NASL", "SMB_NT_MS20_DEC_4592484.NASL"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:99D9180FBF3F900ADB0CDC5EF79EC080"]}, {"type": "thn", "idList": ["THN:BCD236457064C9D8673B1536BE370718"]}], "rev": 4}, "score": {"value": 2.5, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2020-16996"]}, {"type": "ibm", "idList": ["F34133DBAC4F6FEF866DB845BED95244FB18E8AD56C9EDC4C9EFFFDFD49046C8"]}, {"type": "kaspersky", "idList": ["KLA12024"]}, {"type": "mscve", "idList": ["MS:CVE-2020-16996"]}, {"type": "nessus", "idList": ["SMB_NT_MS20_DEC_4592438.NASL"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:99D9180FBF3F900ADB0CDC5EF79EC080"]}, {"type": "thn", "idList": ["THN:BCD236457064C9D8673B1536BE370718"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2020-16996", "epss": "0.000640000", "percentile": "0.259640000", "modified": "2023-03-16"}], "vulnersScore": 2.5}, "_state": {"dependencies": 1659900789, "score": 1659843777, "epss": 1679073339}, "_internal": {"score_hash": "a1c46c2d9067f4e0b5a641cfc1ae6d63"}, "affectedPackage": [{"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "krb5"}], "bugs": []}

{"cve": [{"lastseen": "2023-02-09T15:08:51", "description": "Kerberos Security Feature Bypass Vulnerability", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-12-10T00:15:00", "type": "cve", "title": "CVE-2020-16996", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16996"], "modified": "2021-03-03T21:13:00", "cpe": ["cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2016:1909", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:1903", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2012:-"], "id": "CVE-2020-16996", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16996", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*"]}], "mscve": [{"lastseen": "2023-03-17T02:35:00", "description": "Kerberos Security Feature Bypass Vulnerability", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-12-08T08:00:00", "type": "mscve", "title": "Kerberos Security Feature Bypass Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16996"], "modified": "2021-03-12T08:00:00", "id": "MS:CVE-2020-16996", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16996", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}], "ibm": [{"lastseen": "2023-02-27T21:44:24", "description": "## Summary\n\nMultiple Vulnerabilities identified in MS Windows Server platforms. Information about vulnerabilities has been published in the provider security update guide. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nMain Product version (s)| Affected Supporting Product Version(s) \n---|--- \nIBM Cloud Pak System V2.3| Microsoft Windows Server 2012 Microsoft Windows Server 2016 Microsoft Windows Server 2019 \n \n\n\n## Remediation/Fixes\n\nInformation about vulnerabilities in MS Windows Server platforms has been published in the provider security updates. If you are running specific configurations, recommendation is to review your environment. Consult Security Update Guide to search for available patches corresponding to the platform in use in your environment, see [MS Security TechCenter - December 2020](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16996> \"Kerberos Security Feature Bypass Vulnerability\" ). \n\n \n\n\n \n\n\n## Workarounds and Mitigations\n\nnone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-06T23:03:35", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in Windows Server supporting products bundled with Cloud Pak Systems", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16996"], "modified": "2021-04-06T23:03:35", "id": "F34133DBAC4F6FEF866DB845BED95244FB18E8AD56C9EDC4C9EFFFDFD49046C8", "href": "https://www.ibm.com/support/pages/node/6440675", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2023-02-10T14:55:02", "description": "The remote Windows host is missing security update 4592497 or cumulative update 4592468. It is, therefore, affected by multiple vulnerabilities:\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2020-17098, CVE-2020-17140)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2020-16996)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2020-17092, CVE-2020-17097)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2020-17096)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-08T00:00:00", "type": "nessus", "title": "KB4592497: Windows Server 2012 December 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16996", "CVE-2020-17092", "CVE-2020-17096", "CVE-2020-17097", "CVE-2020-17098", "CVE-2020-17140"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_DEC_4592468.NASL", "href": "https://www.tenable.com/plugins/nessus/143559", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143559);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-16996\",\n \"CVE-2020-17092\",\n \"CVE-2020-17096\",\n \"CVE-2020-17097\",\n \"CVE-2020-17098\",\n \"CVE-2020-17140\"\n );\n script_xref(name:\"MSKB\", value:\"4592497\");\n script_xref(name:\"MSKB\", value:\"4592468\");\n script_xref(name:\"MSFT\", value:\"MS20-4592497\");\n script_xref(name:\"MSFT\", value:\"MS20-4592468\");\n script_xref(name:\"IAVA\", value:\"2020-A-0561-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0562-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"KB4592497: Windows Server 2012 December 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4592497\nor cumulative update 4592468. It is, therefore, affected by\nmultiple vulnerabilities:\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2020-17098, CVE-2020-17140)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2020-16996)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2020-17092, CVE-2020-17097)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2020-17096)\");\n # https://support.microsoft.com/en-us/help/4592497/windows-server-2012-update\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d639ba48\");\n # https://support.microsoft.com/en-us/help/4592468/windows-server-2012-update\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d79ac842\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4592497 or Cumulative Update KB4592468.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-17096\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS20-12';\nkbs = make_list('4592497', '4592468');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit('SMB/ProductName', exit_code:1);\nif ('Windows 8' >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.2',\n sp:0,\n rollup_date:'12_2020',\n bulletin:bulletin,\n rollup_kb_list:[4592497, 4592468])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-10T14:54:13", "description": "The remote Windows host is missing security update 4592495 or cumulative update 4592484. It is, therefore, affected by multiple vulnerabilities:\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2020-17098, CVE-2020-17140)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2020-16996)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2020-17092, CVE-2020-17097)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2020-17096)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-08T00:00:00", "type": "nessus", "title": "KB4592495: Windows 8.1 and Windows Server 2012 R2 December 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16996", "CVE-2020-17092", "CVE-2020-17096", "CVE-2020-17097", "CVE-2020-17098", "CVE-2020-17140"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_DEC_4592484.NASL", "href": "https://www.tenable.com/plugins/nessus/143560", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143560);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-16996\",\n \"CVE-2020-17092\",\n \"CVE-2020-17096\",\n \"CVE-2020-17097\",\n \"CVE-2020-17098\",\n \"CVE-2020-17140\"\n );\n script_xref(name:\"MSKB\", value:\"4592495\");\n script_xref(name:\"MSKB\", value:\"4592484\");\n script_xref(name:\"MSFT\", value:\"MS20-4592495\");\n script_xref(name:\"MSFT\", value:\"MS20-4592484\");\n script_xref(name:\"IAVA\", value:\"2020-A-0561-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0562-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"KB4592495: Windows 8.1 and Windows Server 2012 R2 December 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4592495\nor cumulative update 4592484. It is, therefore, affected by\nmultiple vulnerabilities:\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2020-17098, CVE-2020-17140)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2020-16996)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2020-17092, CVE-2020-17097)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2020-17096)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4592495/windows-8-1-update\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4592484/windows-8-1-update\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4592495 or Cumulative Update KB4592484.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-17096\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-12';\nkbs = make_list('4592495', '4592484');\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit('SMB/ProductName', exit_code:1);\nif ('Windows 8' >< productname && '8.1' >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.3',\n sp:0,\n rollup_date:'12_2020',\n bulletin:bulletin,\n rollup_kb_list:[4592495, 4592484])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-10T14:56:01", "description": "The remote Windows host is missing security update 4593226.\nIt is, therefore, affected by multiple vulnerabilities:\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964, CVE-2020-17092, CVE-2020-17097)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2020-17095, CVE-2020-17096)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2020-16996, CVE-2020-17099)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2020-17098, CVE-2020-17138, CVE-2020-17140)", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 9.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-12-08T00:00:00", "type": "nessus", "title": "KB4593226: Windows 10 Version 1607 and Windows Server 2016 December 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16958", "CVE-2020-16959", "CVE-2020-16960", "CVE-2020-16961", "CVE-2020-16962", "CVE-2020-16963", "CVE-2020-16964", "CVE-2020-16996", "CVE-2020-17092", "CVE-2020-17095", "CVE-2020-17096", "CVE-2020-17097", "CVE-2020-17098", "CVE-2020-17099", "CVE-2020-17138", "CVE-2020-17140"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_DEC_4586830.NASL", "href": "https://www.tenable.com/plugins/nessus/143569", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143569);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-16958\",\n \"CVE-2020-16959\",\n \"CVE-2020-16960\",\n \"CVE-2020-16961\",\n \"CVE-2020-16962\",\n \"CVE-2020-16963\",\n \"CVE-2020-16964\",\n \"CVE-2020-16996\",\n \"CVE-2020-17092\",\n \"CVE-2020-17095\",\n \"CVE-2020-17096\",\n \"CVE-2020-17097\",\n \"CVE-2020-17098\",\n \"CVE-2020-17099\",\n \"CVE-2020-17138\",\n \"CVE-2020-17140\"\n );\n script_xref(name:\"MSKB\", value:\"4593226\");\n script_xref(name:\"MSFT\", value:\"MS20-4593226\");\n script_xref(name:\"IAVA\", value:\"2020-A-0561-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0562-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"KB4593226: Windows 10 Version 1607 and Windows Server 2016 December 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4593226.\nIt is, therefore, affected by multiple vulnerabilities:\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2020-16958, CVE-2020-16959, CVE-2020-16960,\n CVE-2020-16961, CVE-2020-16962, CVE-2020-16963,\n CVE-2020-16964, CVE-2020-17092, CVE-2020-17097)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2020-17095,\n CVE-2020-17096)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2020-16996, CVE-2020-17099)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2020-17098, CVE-2020-17138,\n CVE-2020-17140)\");\n # https://support.microsoft.com/en-us/help/4593226/windows-10-update-kb4593226\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?779e1d95\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4586830.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"manual\");\n script_set_attribute(attribute:\"cvss_score_rationale\", value:\"Score based on analysis of the vendor advisory.\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS20-12';\nkbs = make_list('4593226');\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'14393',\n rollup_date:'12_2020',\n bulletin:bulletin,\n rollup_kb_list:[4593226])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-10T14:54:12", "description": "The remote Windows host is missing security update 4592438.\nIt is, therefore, affected by multiple vulnerabilities:\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2020-17095, CVE-2020-17096)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2020-17131)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2020-17094, CVE-2020-17098, CVE-2020-17140)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2020-17139)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964, CVE-2020-17092, CVE-2020-17097, CVE-2020-17103, CVE-2020-17134, CVE-2020-17136, CVE-2020-17137)", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 9.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-12-08T00:00:00", "type": "nessus", "title": "KB4592438: Windows 10 Version 2004 December 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16958", "CVE-2020-16959", "CVE-2020-16960", "CVE-2020-16961", "CVE-2020-16962", "CVE-2020-16963", "CVE-2020-16964", "CVE-2020-16996", "CVE-2020-17092", "CVE-2020-17094", "CVE-2020-17095", "CVE-2020-17096", "CVE-2020-17097", "CVE-2020-17098", "CVE-2020-17103", "CVE-2020-17131", "CVE-2020-17134", "CVE-2020-17136", "CVE-2020-17137", "CVE-2020-17139", "CVE-2020-17140"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_DEC_4592438.NASL", "href": "https://www.tenable.com/plugins/nessus/143558", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143558);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-16958\",\n \"CVE-2020-16959\",\n \"CVE-2020-16960\",\n \"CVE-2020-16961\",\n \"CVE-2020-16962\",\n \"CVE-2020-16963\",\n \"CVE-2020-16964\",\n \"CVE-2020-16996\",\n \"CVE-2020-17092\",\n \"CVE-2020-17094\",\n \"CVE-2020-17095\",\n \"CVE-2020-17096\",\n \"CVE-2020-17097\",\n \"CVE-2020-17098\",\n \"CVE-2020-17103\",\n \"CVE-2020-17131\",\n \"CVE-2020-17134\",\n \"CVE-2020-17136\",\n \"CVE-2020-17137\",\n \"CVE-2020-17139\",\n \"CVE-2020-17140\"\n );\n script_xref(name:\"MSKB\", value:\"4592438\");\n script_xref(name:\"MSFT\", value:\"MS20-4592438\");\n script_xref(name:\"IAVA\", value:\"2020-A-0561-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0562-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0555-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"KB4592438: Windows 10 Version 2004 December 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4592438.\nIt is, therefore, affected by multiple vulnerabilities:\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2020-17095,\n CVE-2020-17096)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2020-17131)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2020-17094, CVE-2020-17098,\n CVE-2020-17140)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2020-17139)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2020-16958, CVE-2020-16959, CVE-2020-16960,\n CVE-2020-16961, CVE-2020-16962, CVE-2020-16963,\n CVE-2020-16964, CVE-2020-17092, CVE-2020-17097,\n CVE-2020-17103, CVE-2020-17134, CVE-2020-17136,\n CVE-2020-17137)\");\n # https://support.microsoft.com/en-us/help/4592438/windows-10-update-kb4592438\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b1f576e6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4592438.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-17096\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-17095\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS20-12';\nkbs = make_list('4592438');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'19041',\n rollup_date:'12_2020',\n bulletin:bulletin,\n rollup_kb_list:[4592438])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-10T14:54:36", "description": "The remote Windows host is missing security update 4592440. It is, therefore, affected by multiple vulnerabilities:\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964, CVE-2020-17092, CVE-2020-17097, CVE-2020-17103, CVE-2020-17134, CVE-2020-17136)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2020-17095, CVE-2020-17096)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2020-17094, CVE-2020-17098, CVE-2020-17140)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2020-16996, CVE-2020-17099, CVE-2020-17139)", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 9.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-12-08T00:00:00", "type": "nessus", "title": "KB4592440: Windows 10 Version 1809 and Windows Server 2019 December 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16958", "CVE-2020-16959", "CVE-2020-16960", "CVE-2020-16961", "CVE-2020-16962", "CVE-2020-16963", "CVE-2020-16964", "CVE-2020-16996", "CVE-2020-17092", "CVE-2020-17094", "CVE-2020-17095", "CVE-2020-17096", "CVE-2020-17097", "CVE-2020-17098", "CVE-2020-17099", "CVE-2020-17103", "CVE-2020-17134", "CVE-2020-17136", "CVE-2020-17139", "CVE-2020-17140"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_DEC_4586793.NASL", "href": "https://www.tenable.com/plugins/nessus/143561", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143561);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-16958\",\n \"CVE-2020-16959\",\n \"CVE-2020-16960\",\n \"CVE-2020-16961\",\n \"CVE-2020-16962\",\n \"CVE-2020-16963\",\n \"CVE-2020-16964\",\n \"CVE-2020-16996\",\n \"CVE-2020-17092\",\n \"CVE-2020-17094\",\n \"CVE-2020-17095\",\n \"CVE-2020-17096\",\n \"CVE-2020-17097\",\n \"CVE-2020-17098\",\n \"CVE-2020-17099\",\n \"CVE-2020-17103\",\n \"CVE-2020-17134\",\n \"CVE-2020-17136\",\n \"CVE-2020-17139\",\n \"CVE-2020-17140\"\n );\n script_xref(name:\"MSKB\", value:\"4592440\");\n script_xref(name:\"MSFT\", value:\"MS20-4592440\");\n script_xref(name:\"IAVA\", value:\"2020-A-0561-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0562-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"KB4592440: Windows 10 Version 1809 and Windows Server 2019 December 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4592440. \nIt is, therefore, affected by multiple vulnerabilities:\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2020-16958, CVE-2020-16959, CVE-2020-16960,\n CVE-2020-16961, CVE-2020-16962, CVE-2020-16963,\n CVE-2020-16964, CVE-2020-17092, CVE-2020-17097,\n CVE-2020-17103, CVE-2020-17134, CVE-2020-17136)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2020-17095,\n CVE-2020-17096)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2020-17094, CVE-2020-17098,\n CVE-2020-17140)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2020-16996, CVE-2020-17099, CVE-2020-17139)\");\n # https://support.microsoft.com/en-us/help/4592440/windows-10-update-kb4592440\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1972925b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4592440.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-17096\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-17095\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS20-12';\nkbs = make_list('4592440');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'17763',\n rollup_date:'12_2020',\n bulletin:bulletin,\n rollup_kb_list:[4592440])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-02-10T14:54:13", "description": "The remote Windows host is missing security update 4592449.\nIt is, therefore, affected by multiple vulnerabilities:\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964, CVE-2020-17092, CVE-2020-17097, CVE-2020-17103, CVE-2020-17134, CVE-2020-17136)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2020-17095, CVE-2020-17096)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2020-17139)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2020-17094, CVE-2020-17098, CVE-2020-17140)", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 9.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-12-08T00:00:00", "type": "nessus", "title": "KB4592449: Windows 10 Version 1903 and Windows 10 Version 1909 December 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16958", "CVE-2020-16959", "CVE-2020-16960", "CVE-2020-16961", "CVE-2020-16962", "CVE-2020-16963", "CVE-2020-16964", "CVE-2020-16996", "CVE-2020-17092", "CVE-2020-17094", "CVE-2020-17095", "CVE-2020-17096", "CVE-2020-17097", "CVE-2020-17098", "CVE-2020-17103", "CVE-2020-17131", "CVE-2020-17134", "CVE-2020-17136", "CVE-2020-17139", "CVE-2020-17140"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_DEC_4592449.NASL", "href": "https://www.tenable.com/plugins/nessus/143570", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143570);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2020-16958\",\n \"CVE-2020-16959\",\n \"CVE-2020-16960\",\n \"CVE-2020-16961\",\n \"CVE-2020-16962\",\n \"CVE-2020-16963\",\n \"CVE-2020-16964\",\n \"CVE-2020-16996\",\n \"CVE-2020-17092\",\n \"CVE-2020-17094\",\n \"CVE-2020-17095\",\n \"CVE-2020-17096\",\n \"CVE-2020-17097\",\n \"CVE-2020-17098\",\n \"CVE-2020-17103\",\n \"CVE-2020-17131\",\n \"CVE-2020-17134\",\n \"CVE-2020-17136\",\n \"CVE-2020-17139\",\n \"CVE-2020-17140\"\n );\n script_xref(name:\"MSKB\", value:\"4592449\");\n script_xref(name:\"MSFT\", value:\"MS20-4592449\");\n script_xref(name:\"IAVA\", value:\"2020-A-0561-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0562-S\");\n script_xref(name:\"IAVA\", value:\"2020-A-0555-S\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2020-0138\");\n\n script_name(english:\"KB4592449: Windows 10 Version 1903 and Windows 10 Version 1909 December 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4592449.\nIt is, therefore, affected by multiple vulnerabilities:\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2020-16958, CVE-2020-16959, CVE-2020-16960,\n CVE-2020-16961, CVE-2020-16962, CVE-2020-16963,\n CVE-2020-16964, CVE-2020-17092, CVE-2020-17097,\n CVE-2020-17103, CVE-2020-17134, CVE-2020-17136)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2020-17095,\n CVE-2020-17096)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2020-17139)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2020-17094, CVE-2020-17098,\n CVE-2020-17140)\");\n # https://support.microsoft.com/en-us/help/4592449/windows-10-update-kb4592449\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c49efc98\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4592449.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-17096\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-17095\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS20-12';\nkbs = make_list('4592449');\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'18362',\n rollup_date:'12_2020',\n bulletin:bulletin,\n rollup_kb_list:[4592449])\n|| \n smb_check_rollup(os:'10',\n sp:0,\n os_build:'18363',\n rollup_date:'12_2020',\n bulletin:bulletin,\n rollup_kb_list:[4592449])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "thn": [{"lastseen": "2022-05-09T12:38:42", "description": "[![Microsoft Windows Security Update](https://thehackernews.com/images/-wZcaIEHX7Zo/X9BZDmYe2-I/AAAAAAAABMU/Pg1oyzktpWMoZFhMfp5peSGqQMfOdZQqwCLcBGAsYHQ/s728-e1000/Update-Microsoft-Windows.jpg)](<https://thehackernews.com/images/-wZcaIEHX7Zo/X9BZDmYe2-I/AAAAAAAABMU/Pg1oyzktpWMoZFhMfp5peSGqQMfOdZQqwCLcBGAsYHQ/s0/Update-Microsoft-Windows.jpg>)\n\nMicrosoft on Tuesday released fixes for 58 newly discovered security flaws spanning as many as 11 products and services as part of its final [Patch Tuesday of 2020](<https://msrc.microsoft.com/update-guide/releaseNote/2020-Dec>), effectively bringing their CVE total to 1,250 for the year.\n\nOf these 58 patches, nine are rated as Critical, 46 are rated as Important, and three are rated Moderate in severity.\n\nThe December security release addresses issues in Microsoft Windows, Edge browser, ChakraCore, Microsoft Office, Exchange Server, Azure DevOps, Microsoft Dynamics, Visual Studio, Azure SDK, and Azure Sphere.\n\nFortunately, none of these flaws this month have been reported as publicly known or being actively exploited in the wild.\n\nThe fixes for December concern a number of remote code execution (RCE) flaws in Microsoft Exchange (CVE-2020-17132), SharePoint (CVE-2020-17118 and CVE-2020-17121), Excel (CVE-2020-17123), and Hyper-V virtualization software (CVE-2020-17095), as well as a patch for a security feature bypass in Kerberos (CVE-2020-16996), and a number of privilege escalation flaws in Windows Backup Engine and Windows Cloud Files Mini Filter Driver.\n\nCVE-2020-17095 also carries the highest CVSS score of 8.5 among all vulnerabilities addressed in this month's release.\n\n\"To exploit this vulnerability, an attacker could run a specially crafted application on a Hyper-V guest that could cause the Hyper-V host operating system to execute arbitrary code when it fails to properly validate vSMB packet data,\" Microsoft [noted](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17095>).\n\nAdditionally included as part of this month's release is an [advisory](<https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV200013>) for a [DNS cache poisoning](<https://blog.cloudflare.com/sad-dns-explained/>) vulnerability (CVE-2020-25705) discovered by security researchers from Tsinghua University and the University of California last month.\n\nDubbed a Side-channel AttackeD DNS attack (or [SAD DNS attack](<https://thehackernews.com/2020/11/sad-dns-new-flaws-re-enable-dns-cache.html>)), the flaw could enable an attacker to spoof the DNS packet, which can be cached by the DNS Forwarder or the DNS Resolver, thereby re-enabling DNS cache poisoning attacks.\n\nTo mitigate the risk, Microsoft recommends a Registry workaround that involves changing the maximum UDP packet size to 1,221 bytes (4C5 Hexadecimal).\n\n\"For responses larger than 4C5 or 1221, the DNS resolver would now switch to TCP,\" the Windows maker stated in its advisory.\n\nSince the attack relies on sending spoofed UDP (User Datagram Protocol) messages to defeat source port randomization for DNS requests, implementing the tweak will cause larger DNS queries to switch to TCP, thus mitigating the flaw.\n\nIt's highly advised that Windows users and system administrators apply the latest security patches to resolve the threats associated with these issues.\n\nTo install the latest security updates, Windows users can head to Start > Settings > Update & Security > Windows Update, or by selecting Check for Windows updates.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 9.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-12-09T04:57:00", "type": "thn", "title": "Microsoft Releases Windows Update (Dec 2020) to Fix 58 Security Flaws", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16996", "CVE-2020-17095", "CVE-2020-17118", "CVE-2020-17121", "CVE-2020-17123", "CVE-2020-17132", "CVE-2020-25705"], "modified": "2020-12-09T04:58:40", "id": "THN:BCD236457064C9D8673B1536BE370718", "href": "https://thehackernews.com/2020/12/microsoft-releases-windows-update-dec.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2023-02-08T15:49:08", "description": "### *Detect date*:\n12/08/2020\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, bypass security restrictions, execute arbitrary code.\n\n### *Affected products*:\nWindows Server, version 2004 (Server Core installation) \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows Server 2012 \nWindows Server 2012 R2 (Server Core installation) \nWindows Server, version 1909 (Server Core installation) \nWindows 10 Version 1607 for 32-bit Systems \nWindows Server 2016 \nWindows Server 2019 (Server Core installation) \nWindows 10 Version 20H2 for 32-bit Systems \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 10 Version 20H2 for ARM64-based Systems \nWindows 10 Version 2004 for 32-bit Systems \nWindows 10 Version 1809 for x64-based Systems \nWindows 8.1 for 32-bit systems \nWindows 10 for x64-based Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 20H2 for x64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1903 for x64-based Systems \nWindows 10 Version 1909 for x64-based Systems \nWindows 10 Version 1809 for 32-bit Systems \nWindows 10 Version 1903 for ARM64-based Systems \nWindows 10 Version 1909 for ARM64-based Systems \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows 7 for x64-based Systems Service Pack 1 \nWindows RT 8.1 \nWindows 10 Version 1803 for 32-bit Systems \nWindows Server 2016 (Server Core installation) \nWindows Server 2012 (Server Core installation) \nWindows Server 2019 \nWindows 10 Version 1909 for 32-bit Systems \nWindows 8.1 for x64-based systems \nWindows 10 Version 2004 for ARM64-based Systems \nWindows 10 Version 1903 for 32-bit Systems \nWindows 10 for 32-bit Systems \nWindows 10 Version 2004 for x64-based Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows Server 2012 R2 \nWindows Server, version 1903 (Server Core installation) \nWindows 10 Version 1803 for ARM64-based Systems \nWindows 10 Version 1803 for x64-based Systems \nWindows Server, version 20H2 (Server Core Installation)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2020-17103](<https://nvd.nist.gov/vuln/detail/CVE-2020-17103>) \n[CVE-2020-16964](<https://nvd.nist.gov/vuln/detail/CVE-2020-16964>) \n[CVE-2020-16960](<https://nvd.nist.gov/vuln/detail/CVE-2020-16960>) \n[CVE-2020-17140](<https://nvd.nist.gov/vuln/detail/CVE-2020-17140>) \n[CVE-2020-16962](<https://nvd.nist.gov/vuln/detail/CVE-2020-16962>) \n[CVE-2020-16963](<https://nvd.nist.gov/vuln/detail/CVE-2020-16963>) \n[CVE-2020-16961](<https://nvd.nist.gov/vuln/detail/CVE-2020-16961>) \n[CVE-2020-17099](<https://nvd.nist.gov/vuln/detail/CVE-2020-17099>) \n[CVE-2020-17098](<https://nvd.nist.gov/vuln/detail/CVE-2020-17098>) \n[CVE-2020-17097](<https://nvd.nist.gov/vuln/detail/CVE-2020-17097>) \n[CVE-2020-17096](<https://nvd.nist.gov/vuln/detail/CVE-2020-17096>) \n[CVE-2020-17095](<https://nvd.nist.gov/vuln/detail/CVE-2020-17095>) \n[CVE-2020-17094](<https://nvd.nist.gov/vuln/detail/CVE-2020-17094>) \n[CVE-2020-17092](<https://nvd.nist.gov/vuln/detail/CVE-2020-17092>) \n[CVE-2020-17138](<https://nvd.nist.gov/vuln/detail/CVE-2020-17138>) \n[CVE-2020-17139](<https://nvd.nist.gov/vuln/detail/CVE-2020-17139>) \n[CVE-2020-17134](<https://nvd.nist.gov/vuln/detail/CVE-2020-17134>) \n[CVE-2020-17136](<https://nvd.nist.gov/vuln/detail/CVE-2020-17136>) \n[CVE-2020-17137](<https://nvd.nist.gov/vuln/detail/CVE-2020-17137>) \n[CVE-2020-16996](<https://nvd.nist.gov/vuln/detail/CVE-2020-16996>) \n[CVE-2020-16959](<https://nvd.nist.gov/vuln/detail/CVE-2020-16959>) \n[CVE-2020-16958](<https://nvd.nist.gov/vuln/detail/CVE-2020-16958>) \n[ADV200013](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/ADV200013>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2020-17103](<https://vulners.com/cve/CVE-2020-17103>)7.2High \n[CVE-2020-16964](<https://vulners.com/cve/CVE-2020-16964>)7.2High \n[CVE-2020-16960](<https://vulners.com/cve/CVE-2020-16960>)7.2High \n[CVE-2020-17140](<https://vulners.com/cve/CVE-2020-17140>)4.0Warning \n[CVE-2020-16962](<https://vulners.com/cve/CVE-2020-16962>)7.2High \n[CVE-2020-16963](<https://vulners.com/cve/CVE-2020-16963>)7.2High \n[CVE-2020-16961](<https://vulners.com/cve/CVE-2020-16961>)7.2High \n[CVE-2020-17099](<https://vulners.com/cve/CVE-2020-17099>)4.6Warning \n[CVE-2020-17098](<https://vulners.com/cve/CVE-2020-17098>)2.1Warning \n[CVE-2020-17097](<https://vulners.com/cve/CVE-2020-17097>)4.6Warning \n[CVE-2020-17096](<https://vulners.com/cve/CVE-2020-17096>)9.0Critical \n[CVE-2020-17095](<https://vulners.com/cve/CVE-2020-17095>)9.0Critical \n[CVE-2020-17094](<https://vulners.com/cve/CVE-2020-17094>)2.1Warning \n[CVE-2020-17092](<https://vulners.com/cve/CVE-2020-17092>)7.2High \n[CVE-2020-17138](<https://vulners.com/cve/CVE-2020-17138>)2.1Warning \n[CVE-2020-17139](<https://vulners.com/cve/CVE-2020-17139>)4.6Warning \n[CVE-2020-17134](<https://vulners.com/cve/CVE-2020-17134>)4.6Warning \n[CVE-2020-17136](<https://vulners.com/cve/CVE-2020-17136>)4.6Warning \n[CVE-2020-17137](<https://vulners.com/cve/CVE-2020-17137>)4.6Warning \n[CVE-2020-16996](<https://vulners.com/cve/CVE-2020-16996>)4.0Warning \n[CVE-2020-16959](<https://vulners.com/cve/CVE-2020-16959>)7.2High \n[CVE-2020-16958](<https://vulners.com/cve/CVE-2020-16958>)7.2High\n\n### *KB list*:\n[4592449](<http://support.microsoft.com/kb/4592449>) \n[4592440](<http://support.microsoft.com/kb/4592440>) \n[4592438](<http://support.microsoft.com/kb/4592438>) \n[4592484](<http://support.microsoft.com/kb/4592484>) \n[4593226](<http://support.microsoft.com/kb/4593226>) \n[4592495](<http://support.microsoft.com/kb/4592495>) \n[4592497](<http://support.microsoft.com/kb/4592497>) \n[4592446](<http://support.microsoft.com/kb/4592446>) \n[4592464](<http://support.microsoft.com/kb/4592464>) \n[4592468](<http://support.microsoft.com/kb/4592468>) \n[5000822](<http://support.microsoft.com/kb/5000822>) \n[5000847](<http://support.microsoft.com/kb/5000847>) \n[5000808](<http://support.microsoft.com/kb/5000808>) \n[5000803](<http://support.microsoft.com/kb/5000803>) \n[5000848](<http://support.microsoft.com/kb/5000848>) \n[5000802](<http://support.microsoft.com/kb/5000802>) \n[5000853](<http://support.microsoft.com/kb/5000853>) \n[5000840](<http://support.microsoft.com/kb/5000840>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 9.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-12-08T00:00:00", "type": "kaspersky", "title": "KLA12024 Multiple vulnerabilities in Microsoft Windows", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16958", "CVE-2020-16959", "CVE-2020-16960", "CVE-2020-16961", "CVE-2020-16962", "CVE-2020-16963", "CVE-2020-16964", "CVE-2020-16996", "CVE-2020-17092", "CVE-2020-17094", "CVE-2020-17095", "CVE-2020-17096", "CVE-2020-17097", "CVE-2020-17098", "CVE-2020-17099", "CVE-2020-17103", "CVE-2020-17134", "CVE-2020-17136", "CVE-2020-17137", "CVE-2020-17138", "CVE-2020-17139", "CVE-2020-17140"], "modified": "2021-03-24T00:00:00", "id": "KLA12024", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12024/", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "rapid7blog": [{"lastseen": "2020-12-12T10:47:13", "description": "![Patch Tuesday - December 2020](https://blog.rapid7.com/content/images/2020/12/patches-2.jpg)\n\nWe close off our 2020 year of Patch Tuesdays with 58 vulnerabilities being addressed. While it's a higher count than our typical December months (high thirties), it's still a nice breath of fresh air given how the past year has been. We do, however, get to celebrate that none of the reported vulnerabilities covered this month has been publicly exploited nor previously publicly disclosed and only 9 of the 58 vulnerabilities have been marked as Critical by Microsoft.\n\nIn terms of actionables, standard procedures can be followed here in terms of how to prioritize which sets of patches to apply first with two exceptions.\n\n## Microsoft Office vulnerabilities\n\nA fair amount of remote code executions targeting Microsoft Excel are being patched up today and while none of them have the Preview Pane set as an attack vector, the volume of remote code execution vulnerabilities pertaining to Microsoft Office this month may suggest a slight re-jig of priorities. That's our first (minor) exception.\n\nThe next exception is likely the most notable piece behind this December 2020 Patch Tuesday: Microsoft Exchange Server.\n\n## Microsoft Exchange Server vulnerabilities\n\nWhile there are a total of six vulnerabilities from Microsoft Exchange Server this month, two of them garner a CVSS score of 9.1 ([CVE-2020-17132](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17132>), [CVE-2020-17142](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17142>)) and one is noted by Microsoft has having a higher chance of exploitability ([CVE-2020-17144](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17144>)). These three warrant an additional examination and may be grounds for prioritizing patching.\n\nThere is currently suspicion that [CVE-2020-17132](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17132>) helps address the patch bypass of [CVE-2020-16875](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16875>) (CVSS 8.4) from September 2020. As well, both [CVE-2020-17132](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17132>) and [CVE-2020-17142](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17142>) are remote code execution vulnerabilities occurring due to improper validation of cmdlet arguments that affect all supported (as of writing) versions of Microsoft Exchange. One important note to consider is while these vulnerabilities have received a CVSS score of 9.1 and do not require additional user interaction, an attacker must be in an authenticated role in order to exploit this vulnerability.\n\nIn contrast, [CVE-2020-17144](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17144>) which is another remote code execution vulnerability also stemming from improper validation for cmdlet arguments, this one only affects Exchange Server 2010 SP3 and does require additional user interaction to successfully execute. This is extra interesting as [Microsoft Exchange Server 2010 passed end of life back on October 22, 2020](<https://techcommunity.microsoft.com/t5/exchange-team-blog/microsoft-extending-end-of-support-for-exchange-server-2010-to/ba-p/753591>). The introduction of this post-EOL patch for Microsoft Exchange Server 2010 coupled with Microsoft noting this vulnerability to be more likely exploitable does suggest prioritizing this patch a bit earlier.\n\n## New Summary Tables\n\nIn an attempt to provide a bit more summarizing tables, here are this month's patched vulnerabilities split by the product family.\n\n### Azure Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | has_faq \n---|---|---|---|---|--- \n[CVE-2020-17160](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17160>) | Azure Sphere Security Feature Bypass Vulnerability | False | False | 7.4 | True \n[CVE-2020-16971](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16971>) | Azure SDK for Java Security Feature Bypass Vulnerability | False | False | 7.4 | False \n \n### Browser Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | has_faq \n---|---|---|---|---|--- \n[CVE-2020-17153](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17153>) | Microsoft Edge for Android Spoofing Vulnerability | False | False | 4.3 | True \n[CVE-2020-17131](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17131>) | Chakra Scripting Engine Memory Corruption Vulnerability | False | False | 4.2 | False \n \n### Developer Tools Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | has_faq \n---|---|---|---|---|--- \n[CVE-2020-17148](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17148>) | Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability | False | False | 7.8 | True \n[CVE-2020-17150](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17150>) | Visual Studio Code Remote Code Execution Vulnerability | False | False | 7.8 | False \n[CVE-2020-17156](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17156>) | Visual Studio Remote Code Execution Vulnerability | False | False | 7.8 | True \n[CVE-2020-17159](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17159>) | Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability | False | False | 7.8 | False \n[CVE-2020-17002](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17002>) | Azure SDK for C Security Feature Bypass Vulnerability | False | False | 7.4 | False \n[CVE-2020-17135](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17135>) | Azure DevOps Server Spoofing Vulnerability | False | False | 6.4 | False \n[CVE-2020-17145](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17145>) | Azure DevOps Server and Team Foundation Services Spoofing Vulnerability | False | False | 5.4 | False \n \n### ESU Windows Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | has_faq \n---|---|---|---|---|--- \n[CVE-2020-17140](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17140>) | Windows SMB Information Disclosure Vulnerability | False | False | 8.1 | True \n[CVE-2020-16958](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16958>) | Windows Backup Engine Elevation of Privilege Vulnerability | False | False | 7.8 | False \n[CVE-2020-16959](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16959>) | Windows Backup Engine Elevation of Privilege Vulnerability | False | False | 7.8 | False \n[CVE-2020-16960](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16960>) | Windows Backup Engine Elevation of Privilege Vulnerability | False | False | 7.8 | False \n[CVE-2020-16961](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16961>) | Windows Backup Engine Elevation of Privilege Vulnerability | False | False | 7.8 | False \n[CVE-2020-16962](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16962>) | Windows Backup Engine Elevation of Privilege Vulnerability | False | False | 7.8 | False \n[CVE-2020-16963](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16963>) | Windows Backup Engine Elevation of Privilege Vulnerability | False | False | 7.8 | False \n[CVE-2020-16964](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16964>) | Windows Backup Engine Elevation of Privilege Vulnerability | False | False | 7.8 | False \n[CVE-2020-17098](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17098>) | Windows GDI+ Information Disclosure Vulnerability | False | False | 5.5 | True \n \n### Exchange Server Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | has_faq \n---|---|---|---|---|--- \n[CVE-2020-17132](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17132>) | Microsoft Exchange Remote Code Execution Vulnerability | False | False | 9.1 | True \n[CVE-2020-17142](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17142>) | Microsoft Exchange Remote Code Execution Vulnerability | False | False | 9.1 | True \n[CVE-2020-17143](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17143>) | Microsoft Exchange Information Disclosure Vulnerability | False | False | 8.8 | True \n[CVE-2020-17141](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17141>) | Microsoft Exchange Remote Code Execution Vulnerability | False | False | 8.4 | True \n[CVE-2020-17144](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17144>) | Microsoft Exchange Remote Code Execution Vulnerability | False | False | 8.4 | True \n[CVE-2020-17117](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17117>) | Microsoft Exchange Remote Code Execution Vulnerability | False | False | 6.6 | False \n \n### Microsoft Dynamics Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | has_faq \n---|---|---|---|---|--- \n[CVE-2020-17152](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17152>) | Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability | False | False | 8.8 | True \n[CVE-2020-17158](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17158>) | Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability | False | False | 8.8 | True \n[CVE-2020-17147](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17147>) | Dynamics CRM Webclient Cross-site Scripting Vulnerability | False | False | 8.7 | True \n[CVE-2020-17133](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17133>) | Microsoft Dynamics Business Central/NAV Information Disclosure | False | False | 6.5 | True \n \n### Microsoft Office Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | has_faq \n---|---|---|---|---|--- \n[CVE-2020-17121](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17121>) | Microsoft SharePoint Remote Code Execution Vulnerability | False | False | 8.8 | True \n[CVE-2020-17118](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17118>) | Microsoft SharePoint Remote Code Execution Vulnerability | False | False | 8.1 | False \n[CVE-2020-17115](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17115>) | Microsoft SharePoint Spoofing Vulnerability | False | False | 8 | True \n[CVE-2020-17122](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17122>) | Microsoft Excel Remote Code Execution Vulnerability | False | False | 7.8 | True \n[CVE-2020-17123](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17123>) | Microsoft Excel Remote Code Execution Vulnerability | False | False | 7.8 | True \n[CVE-2020-17124](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17124>) | Microsoft PowerPoint Remote Code Execution Vulnerability | False | False | 7.8 | True \n[CVE-2020-17125](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17125>) | Microsoft Excel Remote Code Execution Vulnerability | False | False | 7.8 | True \n[CVE-2020-17127](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17127>) | Microsoft Excel Remote Code Execution Vulnerability | False | False | 7.8 | True \n[CVE-2020-17128](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17128>) | Microsoft Excel Remote Code Execution Vulnerability | False | False | 7.8 | True \n[CVE-2020-17129](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17129>) | Microsoft Excel Remote Code Execution Vulnerability | False | False | 7.8 | True \n[CVE-2020-17089](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17089>) | Microsoft SharePoint Elevation of Privilege Vulnerability | False | False | 7.1 | False \n[CVE-2020-17119](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17119>) | Microsoft Outlook Information Disclosure Vulnerability | False | False | 6.5 | True \n[CVE-2020-17130](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17130>) | Microsoft Excel Security Feature Bypass Vulnerability | False | False | 6.5 | True \n[CVE-2020-17126](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17126>) | Microsoft Excel Information Disclosure Vulnerability | False | False | 5.5 | True \n[CVE-2020-17120](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17120>) | Microsoft SharePoint Information Disclosure Vulnerability | False | False | 5.3 | True \n \n### Windows Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Disclosed | CVSS3 | has_faq \n---|---|---|---|---|--- \n[CVE-2020-17095](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17095>) | Hyper-V Remote Code Execution Vulnerability | False | False | 8.5 | True \n[CVE-2020-17092](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17092>) | Windows Network Connections Service Elevation of Privilege Vulnerability | False | False | 7.8 | False \n[CVE-2020-17134](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17134>) | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | False | False | 7.8 | False \n[CVE-2020-17136](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17136>) | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | False | False | 7.8 | False \n[CVE-2020-17137](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17137>) | DirectX Graphics Kernel Elevation of Privilege Vulnerability | False | False | 7.8 | False \n[CVE-2020-17139](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17139>) | Windows Overlay Filter Security Feature Bypass Vulnerability | False | False | 7.8 | False \n[CVE-2020-17096](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17096>) | Windows NTFS Remote Code Execution Vulnerability | False | False | 7.5 | True \n[CVE-2020-17103](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17103>) | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | False | False | 7 | False \n[CVE-2020-17099](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17099>) | Windows Lock Screen Security Feature Bypass Vulnerability | False | False | 6.8 | True \n[CVE-2020-16996](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16996>) | Kerberos Security Feature Bypass Vulnerability | False | False | 6.5 | True \n[CVE-2020-17094](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17094>) | Windows Error Reporting Information Disclosure Vulnerability | False | False | 5.5 | True \n[CVE-2020-17138](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17138>) | Windows Error Reporting Information Disclosure Vulnerability | False | False | 5.5 | True \n[CVE-2020-17097](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17097>) | Windows Digital Media Receiver Elevation of Privilege Vulnerability | False | False | 3.3 | False \n \n## Summary Graphs\n\n![Patch Tuesday - December 2020](https://blog.rapid7.com/content/images/2020/12/output_18_2.png)![Patch Tuesday - December 2020](https://blog.rapid7.com/content/images/2020/12/output_20_2.png)![Patch Tuesday - December 2020](https://blog.rapid7.com/content/images/2020/12/output_25_1.png)![Patch Tuesday - December 2020](https://blog.rapid7.com/content/images/2020/12/output_26_1.png)", "cvss3": {}, "published": "2020-12-08T21:36:27", "type": "rapid7blog", "title": "Patch Tuesday - December 2020", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-16875", "CVE-2020-16958", "CVE-2020-16959", "CVE-2020-16960", "CVE-2020-16961", "CVE-2020-16962", "CVE-2020-16963", "CVE-2020-16964", "CVE-2020-16971", "CVE-2020-16996", "CVE-2020-17002", "CVE-2020-17089", "CVE-2020-17092", "CVE-2020-17094", "CVE-2020-17095", "CVE-2020-17096", "CVE-2020-17097", "CVE-2020-17098", "CVE-2020-17099", "CVE-2020-17103", "CVE-2020-17115", "CVE-2020-17117", "CVE-2020-17118", "CVE-2020-17119", "CVE-2020-17120", "CVE-2020-17121", "CVE-2020-17122", "CVE-2020-17123", "CVE-2020-17124", "CVE-2020-17125", "CVE-2020-17126", "CVE-2020-17127", "CVE-2020-17128", "CVE-2020-17129", "CVE-2020-17130", "CVE-2020-17131", "CVE-2020-17132", "CVE-2020-17133", "CVE-2020-17134", "CVE-2020-17135", "CVE-2020-17136", "CVE-2020-17137", "CVE-2020-17138", "CVE-2020-17139", "CVE-2020-17140", "CVE-2020-17141", "CVE-2020-17142", "CVE-2020-17143", "CVE-2020-17144", "CVE-2020-17145", "CVE-2020-17147", "CVE-2020-17148", "CVE-2020-17150", "CVE-2020-17152", "CVE-2020-17153", "CVE-2020-17156", "CVE-2020-17158", "CVE-2020-17159", "CVE-2020-17160"], "modified": "2020-12-08T21:36:27", "id": "RAPID7BLOG:99D9180FBF3F900ADB0CDC5EF79EC080", "href": "https://blog.rapid7.com/2020/12/08/patch-tuesday-december-2020/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}