Category : Khuyến Mại
I decided to release my Microsoft Patch Tuesday reporting tool as part of a larger open source project ().
I named it Vulristics (from “Vulnerability” and “Heuristics”).
I want this to be an extensible framework for analyzing publicly available information about vulnerabilities.
Let’s say we have a vulnerability ID (CVE ID) and we need to decide whether it is really critical or not.
We will probably go to some vulnerability databases (, , , etc.) and somehow analyze the descriptions and parameters.
Such analysis can be quite complex and not so obvious.
My idea is to formalize it and make it shareable.
It may not be the most efficient way to process data, but it should reflect real human experience, the things that real vulnerability analysts do.
This is the main goal.
– analyze and group Microsoft Patch Tuesday CVEs
– collect and preprocess CVE ID-related data from NVD, Microsoft.com and Vulners.
– get Microsoft Patch Tuesday CVEs and filter vulnerabilities with public exploits (based on Vulners.com).
danger and relevance metrics counting ()and so on.
If you have good ideas please.
The help in coding will be also pretty much appreciated.
NET Framework, SharePoint Server, and Visual Studio ().
Remote Desktop Client ().
Windows DNS Server ().
Windows Graphics Component (, ).
Windows Runtime ().
Windows Kernel ().
Windows DNS Server RCE (), called SIGRed, is the star of this Patch Tuesday.
It’s extremely critical and has existed for 17 years, affecting Windows Server versions from 2003 to 2019.
Getting RCE with only a DNS request is really impressive
Checkpoint guys made a with.
When this vulnerability was released, .
There was a feeling that there would be a public RCE exploit soon
But still there are only several and DoS exploit by , which looks workable, but for some reason is not present in the exploit databases, for example in.
Therefore, , as I mentioned above.
Indeed, searching for exploits and exploit validation are important tasks.
In second place, of course, RDP Client RCE ().
When a client connects to an infected server it become susceptible to an RCE attack
All versions from Windows 7 (and possibly earlier!) to the latest version of Windows 10 (2004) are vulnerable.
Of course, the exploitation of this vulnerability requires social engineering or Man-in-the-Middle attack.
NET Framework, SharePoint Server, .
And Visual Studio RCE () involves the deserialization of XML content
To exploit this vulnerability, an attacker could upload a specially crafted document to a server utilizing an affected product to process content.
VBScript RCE ().
An attacker would have to convince a user to execute malicious code through phishing or to visit a malicious website, where the user would download and execute a crafted file.
In fact, we see tons of these vulnerabilities every Patch Tuesday, but still no exploits.
Windows Graphics Component Elevation of Privilege vulnerabilities (, )
An attacker logs onto a vulnerable system and executes a specially crafted application to run processes in an elevated context.
Remote Code Execution (, , , , , ).
Elevation of Privilege (, , , , , , , ).
RCEs in Hyper-V RemoteFX vGPU (
, , , , ).
Microsoft patch simply disables RemoteFX functionality.
According to Microsoft: “RemoteFX vGPU has been deprecated in Windows Server 2019 and customers are advised to use Discrete Device Assignment (DDA) instead of RemoteFX vGPU.
DDA was introduced in Windows Server 2016.” DirectWrite ().
Jet Database Engine (, , ).
Microsoft Excel ().
Microsoft Graphics ().
Microsoft Graphics Components ()
Microsoft Office ().
Microsoft Outlook ().
Microsoft Project ().
Microsoft SharePoint ().
Microsoft Word (, , ).
PerformancePoint Services ().
Visual Studio Code ESLint Extention ().
Windows Address Book ().
Windows Font Driver Host ().
Windows Font Library ().
Local Security Authority Subsystem Service ().
Windows WalletService ().
Group Policy Services Policy Processing ().
Microsoft Defender ().
Microsoft Office ().
Microsoft OneDrive ().
Visual Studio and Visual Studio Code ().
Windows (, , , ).
Windows ALPC ().
Windows ActiveX Installer Service ().
Windows AppX Deployment Extensions ().
Windows CNG Key Isolation Service (, ).
Windows COM Server ().
Windows Credential Enrollment Manager Service ().
Windows Credential Picker ().
Windows Diagnostics Hub (, ).
Windows Error Reporting Manager ().
Windows Event Logging Service (, ).
Windows Function Discovery Service ().
Windows Kernel (, ).
Windows Lockscreen ().
Windows Mobile Device Management Diagnostics (, ).
Windows Modules Installer ().
Windows Network Connections Service (, , , , ).
Windows Network List Service ().
Windows Network Location Awareness Service ().
Windows Picker Platform ().
Windows Print Workflow Service ().
Windows Profile Service ().
Windows Push Notification Service ().
Windows SharedStream Library ().
Windows Storage Services ().
Windows Subsystem for Linux ().
Windows Sync Host Service ().
Windows System Events Broker ().
Windows UPnP Device Host (, ).
Windows USO Core Worker ().
Windows Update Stack ().
Windows WalletService (, , ).
Windows iSCSI Target Service ().
Connected User Experiences and Telemetry Service ().
Microsoft Edge PDF ().
Microsoft Graphics Component ()
Microsoft Office (, ).
Skype for Business via Internet Explorer ().
Skype for Business via Microsoft Edge (EdgeHTML-based) ().
Windows Agent Activation Runtime ().
Windows Error Reporting ().
Windows GDI ().
Windows Imaging Component ().
Windows Kernel (, , ).
Windows Mobile Device Management Diagnostics ().
Windows Resource Policy ().
Windows WalletService ().
Azure DevOps Server ().
Microsoft SharePoint (, , ).
Microsoft SharePoint Reflective ()
Office Web Apps ().
Microsoft SharePoint ().
RCE in PerformancePoint Services ()
PerformancePoint is a SharePoint component and the vulnerability is similar to the Exploitation more likely SharePoint vulnerability () we discussed above.
Microsoft Word RCEs (, , ).
Exploitation of this vulnerability requires an attacker to send a specially crafted file to a victim, or to convince a user to visit a crafted website hosting a malicious file which the user must open with a vulnerable version of Microsoft Word.
Obviously, this is good for phishing.
Jet Database Engine RCEs (, , )
To exploit this vulnerability, an attacker must convince a victim to open a specially crafted file or visit a malicious website.
Visual Studio Code ESLint Extention RCE ().
To exploit this vulnerability, an attacker would need to convince a user to clone a repository and open it in Visual Studio Code.
Attacker-specified code would execute in the context of the current user, with the same rights and permissions.
Windows Modules Installer Elevation of Privilege () was mentioned by rapid7: “In this particular case, the Servicing Stack Updates released this month should been installed prior to installing the cumulative update/monthly rollup or security update patch.
While it was not explicitly outlined, following these directions from Microsoft for CVE-2020-1346 may have a direct impact on the order of operations when resolving other issues such as CVE-2020-1350.” Hi.
My name is Alexander and I am an Information Security Automation specialist.
You can read more about me.
Currently, the best way to follow me is my Telegram channel.
I update it much more often than this site.
If you haven’t used Telegram yet, give it a try.
You can also discuss my posts or ask a question at.
This entry was posted in , , , and tagged , , , , , , on by.
Leave a Reply.
Required fields are marked Name Email This site uses Akismet to reduce spam.
Search for: Follow me in social networks: My Telegram Channel: My Youtube Channel: My Podcast RSS feed:.
This is my personal blog.
The opinions expressed here are my own and not of my employer.
All product names, logos, and brands are property of their respective owners.
All company, product and service names used here for identification purposes only.
Use of these names, logos, and brands does not imply endorsement.
You can freely use materials of this site, but it would be nice if you place a link on and send message about it at or contact me.