Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2020.0120 Microsoft Patch Day for July 2020 includes 95 vulnerabilities, including the wormable "SIGRed" 15 July 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Windows Operating System: Windows Impact/Access: Administrator Compromise -- Remote/Unauthenticated Execute Arbitrary Code/Commands -- Remote with User Interaction Increased Privileges -- Existing Account Access Privileged Data -- Existing Account Modify Arbitrary Files -- Existing Account Denial of Service -- Remote/Unauthenticated Provide Misleading Information -- Remote/Unauthenticated Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2020-1468 CVE-2020-1463 CVE-2020-1438 CVE-2020-1437 CVE-2020-1436 CVE-2020-1435 CVE-2020-1434 CVE-2020-1431 CVE-2020-1430 CVE-2020-1429 CVE-2020-1428 CVE-2020-1427 CVE-2020-1426 CVE-2020-1424 CVE-2020-1423 CVE-2020-1422 CVE-2020-1421 CVE-2020-1420 CVE-2020-1419 CVE-2020-1418 CVE-2020-1415 CVE-2020-1414 CVE-2020-1413 CVE-2020-1412 CVE-2020-1411 CVE-2020-1410 CVE-2020-1409 CVE-2020-1408 CVE-2020-1407 CVE-2020-1406 CVE-2020-1405 CVE-2020-1404 CVE-2020-1402 CVE-2020-1401 CVE-2020-1400 CVE-2020-1399 CVE-2020-1398 CVE-2020-1397 CVE-2020-1396 CVE-2020-1395 CVE-2020-1394 CVE-2020-1393 CVE-2020-1392 CVE-2020-1391 CVE-2020-1390 CVE-2020-1389 CVE-2020-1388 CVE-2020-1387 CVE-2020-1386 CVE-2020-1385 CVE-2020-1384 CVE-2020-1382 CVE-2020-1381 CVE-2020-1375 CVE-2020-1374 CVE-2020-1373 CVE-2020-1372 CVE-2020-1371 CVE-2020-1370 CVE-2020-1369 CVE-2020-1368 CVE-2020-1367 CVE-2020-1366 CVE-2020-1365 CVE-2020-1364 CVE-2020-1363 CVE-2020-1362 CVE-2020-1361 CVE-2020-1360 CVE-2020-1359 CVE-2020-1358 CVE-2020-1357 CVE-2020-1356 CVE-2020-1355 CVE-2020-1354 CVE-2020-1353 CVE-2020-1352 CVE-2020-1351 CVE-2020-1350 CVE-2020-1347 CVE-2020-1346 CVE-2020-1344 CVE-2020-1336 CVE-2020-1333 CVE-2020-1330 CVE-2020-1267 CVE-2020-1249 CVE-2020-1085 CVE-2020-1043 CVE-2020-1042 CVE-2020-1041 CVE-2020-1040 CVE-2020-1036 CVE-2020-1032 Member content until: Friday, August 14 2020 OVERVIEW Microsoft has released its monthly security patch update for the month of July 2020. This update resolves the wormable vulnerability "SIGRed", CVE-2020-1350, as well as 94 other vulnerabilities. [1] SIGRed affects Windows servers which are configured as DNS servers. [2] A mitigation is available if the patch cannot be applied "right away". Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1709 for 32-bit Systems Windows 10 Version 1709 for ARM64-based Systems Windows 10 Version 1709 for x64-based Systems Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1903 for 32-bit Systems Windows 10 Version 1903 for ARM64-based Systems Windows 10 Version 1903 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2019 Windows Server 2019 (Server Core installation) IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity ADV200008 Tampering Important CVE-2020-1032 Remote Code Execution Critical CVE-2020-1036 Remote Code Execution Critical CVE-2020-1040 Remote Code Execution Critical CVE-2020-1041 Remote Code Execution Critical CVE-2020-1042 Remote Code Execution Critical CVE-2020-1043 Remote Code Execution Critical CVE-2020-1085 Elevation of Privilege Important CVE-2020-1249 Elevation of Privilege Important CVE-2020-1267 Denial of Service Important CVE-2020-1330 Information Disclosure Important CVE-2020-1333 Elevation of Privilege Important CVE-2020-1336 Elevation of Privilege Important CVE-2020-1344 Elevation of Privilege Important CVE-2020-1346 Elevation of Privilege Important CVE-2020-1347 Elevation of Privilege Important CVE-2020-1350 Remote Code Execution Critical CVE-2020-1351 Information Disclosure Important CVE-2020-1352 Elevation of Privilege Important CVE-2020-1353 Elevation of Privilege Important CVE-2020-1354 Elevation of Privilege Important CVE-2020-1355 Remote Code Execution Important CVE-2020-1356 Elevation of Privilege Important CVE-2020-1357 Elevation of Privilege Important CVE-2020-1358 Information Disclosure Important CVE-2020-1359 Elevation of Privilege Important CVE-2020-1360 Elevation of Privilege Important CVE-2020-1361 Information Disclosure Important CVE-2020-1362 Elevation of Privilege Important CVE-2020-1363 Elevation of Privilege Important CVE-2020-1364 Denial of Service Important CVE-2020-1365 Elevation of Privilege Important CVE-2020-1366 Elevation of Privilege Important CVE-2020-1367 Information Disclosure Important CVE-2020-1368 Elevation of Privilege Important CVE-2020-1369 Elevation of Privilege Important CVE-2020-1370 Elevation of Privilege Important CVE-2020-1371 Elevation of Privilege Important CVE-2020-1372 Elevation of Privilege Important CVE-2020-1373 Elevation of Privilege Important CVE-2020-1374 Remote Code Execution Critical CVE-2020-1375 Elevation of Privilege Important CVE-2020-1381 Elevation of Privilege Important CVE-2020-1382 Elevation of Privilege Important CVE-2020-1384 Elevation of Privilege Important CVE-2020-1385 Elevation of Privilege Important CVE-2020-1386 Information Disclosure Important CVE-2020-1387 Elevation of Privilege Important CVE-2020-1388 Elevation of Privilege Important CVE-2020-1389 Information Disclosure Important CVE-2020-1390 Elevation of Privilege Important CVE-2020-1391 Information Disclosure Important CVE-2020-1392 Elevation of Privilege Important CVE-2020-1393 Elevation of Privilege Important CVE-2020-1394 Elevation of Privilege Important CVE-2020-1395 Elevation of Privilege Important CVE-2020-1396 Elevation of Privilege Important CVE-2020-1397 Information Disclosure Important CVE-2020-1398 Elevation of Privilege Important CVE-2020-1399 Elevation of Privilege Important CVE-2020-1400 Remote Code Execution Important CVE-2020-1401 Remote Code Execution Important CVE-2020-1402 Elevation of Privilege Important CVE-2020-1404 Elevation of Privilege Important CVE-2020-1405 Elevation of Privilege Important CVE-2020-1406 Elevation of Privilege Important CVE-2020-1407 Remote Code Execution Important CVE-2020-1408 Remote Code Execution Important CVE-2020-1409 Remote Code Execution Critical CVE-2020-1410 Remote Code Execution Critical CVE-2020-1411 Elevation of Privilege Important CVE-2020-1412 Remote Code Execution Important CVE-2020-1413 Elevation of Privilege Important CVE-2020-1414 Elevation of Privilege Important CVE-2020-1415 Elevation of Privilege Important CVE-2020-1418 Elevation of Privilege Important CVE-2020-1419 Information Disclosure Important CVE-2020-1420 Information Disclosure Important CVE-2020-1421 Remote Code Execution Critical CVE-2020-1422 Elevation of Privilege Important CVE-2020-1423 Elevation of Privilege Important CVE-2020-1424 Elevation of Privilege Important CVE-2020-1426 Information Disclosure Important CVE-2020-1427 Elevation of Privilege Important CVE-2020-1428 Elevation of Privilege Important CVE-2020-1429 Elevation of Privilege Important CVE-2020-1430 Elevation of Privilege Important CVE-2020-1431 Elevation of Privilege Important CVE-2020-1434 Elevation of Privilege Important CVE-2020-1435 Remote Code Execution Critical CVE-2020-1436 Remote Code Execution Critical CVE-2020-1437 Elevation of Privilege Important CVE-2020-1438 Elevation of Privilege Important CVE-2020-1463 Elevation of Privilege Important CVE-2020-1468 Information Disclosure Important [1] MITIGATION For "SIGRed" CVE-2020-1350, Microsoft advises mitigating or patching "right away". Microsoft has provided a mitigation registry key which can be applied immediately, as well as a complete fix as a software update. [2] Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1] KB4565540, KB4565489, KB4565511, KB4565541, KB4565483 KB4565535, KB4565513, KB4565508, KB4565554, KB4565524 KB4565537, KB4565912, KB4566785, KB4566426, KB4566425 KB4558998, KB4565503, KB4565552, KB4558997, KB4565911 KB456555 REFERENCES [1] Microsoft Security Update Guide https://portal.msrc.microsoft.com/en-us/security-guidance [2] CVE-2020-1350 (SIGRed) https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350 [3] Checkpoint: SIGRed https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin:-exploiting-a-17-year-old-bug-in-windows-dns-servers/ AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXw5bxuNLKJtyKPYoAQjl8w/+JtoCVARTEIUflRgXmcADsNuWNfwrmlIa zJ04AmYJ0UTmTepWR3iwFIuV/mx3M0xfh07UbN2pPy+NtzrrtBel7CXW1OhKxDsh ZLew4O1R3N0h8PXlpL+Oxm34Yt1h0TKFNnvX2gx+hFhIM71xEoKPnFOXUuFNzMnk CcCYgHAzeFz+P6+/NadxP066qaAp1g6bAzmifaN45ioJ8f1aQWwDZ/M5HiL8EEen 5CB1jipsrO4NsDxgEoGNpJUS+vpPVURI01xm5+l8QIkjvzyy0ghM0wERX+hW5Eux aQETkGlYFpKY3/SzaVawwqJtYxGWvKo44gFPAR1bXDD51nP+xNM6peyY5AnRAv4q OMfjSWyR6awOp99FLtq+jXejal5cf9dscw2SAZ/9Hj5UZsrWUcrisqwkWGSM85KC hI/FHJr2xeYx2jGo5HbypP2lHId5blL7OkSeGuJxPiMFt0iPlvY4LXCZkj/ZynH7 eUe2i6X+jMq9Og3nF/ETYZR7FuZihJFxmZ4ovlLnDlrMv/G9XO1uLR1yONjHpPk5 CG4zcD8RK7123SOoCCbkHSYB55eigZXwivr+6K5wobS0DjBIoD4b27GY/WpWnt4T k+79GloqLpoZnbnoKWuFXZDnOEDKtZU3tob9rgxDEbmFSXfWjHKCYYEUDTyx3k7A eQVIICPPQXc= =HjMV -----END PGP SIGNATURE-----