Hash: SHA256

                         AUSCERT Security Bulletin

  Microsoft patch day for Extended Support Update products for July 2020
                               15 July 2020


        AusCERT Security Bulletin Summary

Product:              Extended Support Update products
Operating System:     Windows
Impact/Access:        Administrator Compromise        -- Remote/Unauthenticated      
                      Execute Arbitrary Code/Commands -- Remote with User Interaction
                      Increased Privileges            -- Existing Account            
                      Access Privileged Data          -- Existing Account            
                      Overwrite Arbitrary Files       -- Existing Account            
                      Denial of Service               -- Remote/Unauthenticated      
                      Access Confidential Data        -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2020-1468 CVE-2020-1438 CVE-2020-1437
                      CVE-2020-1436 CVE-2020-1435 CVE-2020-1430
                      CVE-2020-1428 CVE-2020-1427 CVE-2020-1421
                      CVE-2020-1419 CVE-2020-1412 CVE-2020-1410
                      CVE-2020-1409 CVE-2020-1408 CVE-2020-1407
                      CVE-2020-1403 CVE-2020-1402 CVE-2020-1401
                      CVE-2020-1400 CVE-2020-1397 CVE-2020-1396
                      CVE-2020-1390 CVE-2020-1389 CVE-2020-1384
                      CVE-2020-1374 CVE-2020-1373 CVE-2020-1371
                      CVE-2020-1365 CVE-2020-1360 CVE-2020-1359
                      CVE-2020-1354 CVE-2020-1351 CVE-2020-1350
                      CVE-2020-1346 CVE-2020-1333 CVE-2020-1267
                      CVE-2020-1085 CVE-2020-1043 CVE-2020-1042
                      CVE-2020-1041 CVE-2020-1040 CVE-2020-1036
Member content until: Friday, August 14 2020
Reference:            ASB-2020.120


        Microsoft has released its monthly security patch update for the month of July 2020.
        This includes the "SIGRed" wormable vulnerability for
        Windows Server 2008 Extended Support Update (ESU), which should be patched
        "right away". [2]
        This update resolves 44 vulnerabilities across the following products: [1]
         Internet Explorer 9
         Windows 7 for 32-bit Systems Service Pack 1
         Windows 7 for x64-based Systems Service Pack 1
         Windows Server 2008 R2 for x64-based Systems Service Pack 1
         Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
         Windows Server 2008 for 32-bit Systems Service Pack 2
         Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
         Windows Server 2008 for x64-based Systems Service Pack 2
         Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)


        Microsoft has given the following details regarding these vulnerabilities.
         Details         Impact                   Severity
         ADV200008       Tampering                Important
         CVE-2020-1032   Remote Code Execution    Critical
         CVE-2020-1036   Remote Code Execution    Critical
         CVE-2020-1040   Remote Code Execution    Critical
         CVE-2020-1041   Remote Code Execution    Critical
         CVE-2020-1042   Remote Code Execution    Critical
         CVE-2020-1043   Remote Code Execution    Critical
         CVE-2020-1085   Elevation of Privilege   Important
         CVE-2020-1267   Denial of Service        Important
         CVE-2020-1333   Elevation of Privilege   Important
         CVE-2020-1346   Elevation of Privilege   Important
         CVE-2020-1350   Remote Code Execution    Critical
         CVE-2020-1351   Information Disclosure   Important
         CVE-2020-1354   Elevation of Privilege   Important
         CVE-2020-1359   Elevation of Privilege   Important
         CVE-2020-1360   Elevation of Privilege   Important
         CVE-2020-1365   Elevation of Privilege   Important
         CVE-2020-1371   Elevation of Privilege   Important
         CVE-2020-1373   Elevation of Privilege   Important
         CVE-2020-1374   Remote Code Execution    Critical
         CVE-2020-1384   Elevation of Privilege   Important
         CVE-2020-1389   Information Disclosure   Important
         CVE-2020-1390   Elevation of Privilege   Important
         CVE-2020-1396   Elevation of Privilege   Important
         CVE-2020-1397   Information Disclosure   Important
         CVE-2020-1400   Remote Code Execution    Important
         CVE-2020-1401   Remote Code Execution    Important
         CVE-2020-1402   Elevation of Privilege   Important
         CVE-2020-1403   Remote Code Execution    Moderate
         CVE-2020-1407   Remote Code Execution    Important
         CVE-2020-1408   Remote Code Execution    Important
         CVE-2020-1409   Remote Code Execution    Critical
         CVE-2020-1410   Remote Code Execution    Critical
         CVE-2020-1412   Remote Code Execution    Important
         CVE-2020-1419   Information Disclosure   Important
         CVE-2020-1421   Remote Code Execution    Critical
         CVE-2020-1427   Elevation of Privilege   Important
         CVE-2020-1428   Elevation of Privilege   Important
         CVE-2020-1430   Elevation of Privilege   Important
         CVE-2020-1435   Remote Code Execution    Critical
         CVE-2020-1436   Remote Code Execution    Critical
         CVE-2020-1437   Elevation of Privilege   Important
         CVE-2020-1438   Elevation of Privilege   Important
         CVE-2020-1468   Information Disclosure   Important


        Microsoft recommends applying the CVE-2020-1350 patch or mitigation
        "right away". [2]
        Microsoft recommends updating the software with the version made
        available on the Microsoft Update Catalogue for the following
        Knowledge Base articles. [1]
         KB4565529, KB4565536, KB4565354, KB4565353, KB4565524
         KB4565479, KB4565539


        [1] Security Update Guide

        [2] CVE-2020-1350 (SIGRed)

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

Australian Computer Emergency Response Team
The University of Queensland
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
Comment: http://www.auscert.org.au/render.html?it=1967