Η Microsoft κυκλοφόρησε τις ενημερώσεις ασφαλείας για τον Οκτώβριο, το γνωστό Patch Tuesday, που διορθώνει 87 ευπάθειες σε διάφορα προϊόντα της.
Σύμφωνα με την εταιρεία, το πιο επικίνδυνο σφάλμα που διορθώθηκε με αυτό το patch είναι το CVE-2020-16898. Πρόκειται για μια ευπάθεια που επιτρέπει την απομακρυσμένη εκτέλεση κώδικα (RCE) στο Windows TCP/IP stack. Η CVE-2020-16898 μπορεί να επιτρέψει στους επιτιθέμενους να πάρουν τον έλεγχο Windows συστημάτων στέλνοντας κακόβουλα ICMPv6 Router Advertisement packets σε έναν μη ενημερωμένο υπολογιστή, μέσω σύνδεσης δικτύου.
Η επικίνδυνη ευπάθεια ανακαλύφθηκε από μηχανικούς της ίδιας της Microsoft. Οι ευάλωτες εκδόσεις ήταν τα Windows 10 και Windows Server 2019.
Ως προς τη σοβαρότητα, η ευπάθεια έχει λάβει βαθμολογία 9,8/10. Γι’ αυτό το λόγο, η εταιρεία την έχει χαρακτηρίσει κρίσιμη και επικίνδυνη, αν χρησιμοποιηθεί από κάποιον εγκληματία του κυβερνοχώρου.
Ένα «νέο αστέρι» φωτίζεται στο νυχτερινό ουρανό
Mark Zuckerberg: Έγινε ο δεύτερος πλουσιότερος άνθρωπος! 💰💰
Ανακαλύψτε το Νέο Ανθρωποειδές Ρομπότ GR-2!
Η εγκατάσταση του Patch Tuesday είναι απαραίτητη για τη διόρθωση της ευπάθειας.
Ένα άλλο σημαντικό σφάλμα είναι το CVE-2020-16947, μια ευπάθεια που, επίσης, επιτρέπει την απομακρυσμένη εκτέλεση κώδικα στο Outlook. Η εταιρεία λέει ότι αυτό το σφάλμα μπορεί να αξιοποιηθεί, εξαπατώντας έναν χρήστη “ώστε να ανοίξει ένα ειδικά κατασκευασμένο αρχείο με μια ευάλωτη έκδοση του Microsoft Outlook software”.
Οι ευπάθειες που διορθώνονται στο Patch Tuesday Οκτωβρίου βρίσκονται στον ακόλουθο πίνακα (από το ZDNet):
Tag | CVE ID | CVE Title |
---|---|---|
Adobe Flash Player | ADV200012 | October 2020 Adobe Flash Security Update |
.NET Framework | CVE-2020-16937 | .NET Framework Information Disclosure Vulnerability |
Azure | CVE-2020-16995 | Network Watcher Agent Virtual Machine Extension for Linux Elevation of Privilege Vulnerability |
Azure | CVE-2020-16904 | Azure Functions Elevation of Privilege Vulnerability |
Group Policy | CVE-2020-16939 | Group Policy Elevation of Privilege Vulnerability |
Micrοsoft Dynamics | CVE-2020-16978 | Micrοsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability |
Micrοsoft Dynamics | CVE-2020-16956 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability |
Micrοsoft Dynamics | CVE-2020-16943 | Dynamics 365 Commerce Elevation of Privilege Vulnerability |
Microsoft Exchange Server | CVE-2020-16969 | Micrοsoft Exchange Information Disclosure Vulnerability |
Microsoft Graphics Component | CVE-2020-16911 | GDI+ Remote Code Execution Vulnerability |
Micrοsoft Graphics Component | CVE-2020-16914 | Windows GDI+ Information Disclosure Vulnerability |
Micrοsoft Graphics Component | CVE-2020-16923 | Micrοsoft Graphics Components Remote Code Execution Vulnerability |
Microsoft Graphics Component | CVE-2020-1167 | Micrοsoft Graphics Components Remote Code Execution Vulnerability |
Micrοsoft NTFS | CVE-2020-16938 | Windows Kernel Information Disclosure Vulnerability |
Microsoft Office | CVE-2020-16933 | Microsoft Word Security Feature Bypass Vulnerability |
Micrοsoft Office | CVE-2020-16929 | Micrοsoft Excel Remote Code Execution Vulnerability |
Microsoft Office | CVE-2020-16934 | Micrοsoft Office Click-to-Run Elevation of Privilege Vulnerability |
Micrοsoft Office | CVE-2020-16932 | Micrοsoft Excel Remote Code Execution Vulnerability |
Microsoft Office | CVE-2020-16930 | Microsoft Excel Remote Code Execution Vulnerability |
Micrοsoft Office | CVE-2020-16955 | Microsoft Office Click-to-Run Elevation of Privilege Vulnerability |
Micrοsoft Office | CVE-2020-16928 | Micrοsoft Office Click-to-Run Elevation of Privilege Vulnerability |
Microsoft Office | CVE-2020-16957 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability |
Micrοsoft Office | CVE-2020-16918 | Base3D Remote Code Execution Vulnerability |
Microsoft Office | CVE-2020-16949 | Micrοsoft Outlook Denial of Service Vulnerability |
Micrοsoft Office | CVE-2020-16947 | Micrοsoft Outlook Remote Code Execution Vulnerability |
Microsoft Office | CVE-2020-16931 | Microsoft Excel Remote Code Execution Vulnerability |
Micrοsoft Office | CVE-2020-16954 | Microsoft Office Remote Code Execution Vulnerability |
Micrοsoft Office | CVE-2020-17003 | Base3D Remote Code Execution Vulnerability |
Microsoft Office SharePoint | CVE-2020-16948 | Microsoft SharePoint Information Disclosure Vulnerability |
Micrοsoft Office SharePoint | CVE-2020-16953 | Microsoft SharePoint Information Disclosure Vulnerability |
Micrοsoft Office SharePoint | CVE-2020-16942 | Microsoft SharePoint Information Disclosure Vulnerability |
Micrοsoft Office SharePoint | CVE-2020-16951 | Microsoft SharePoint Remote Code Execution Vulnerability |
Micrοsoft Office SharePoint | CVE-2020-16944 | Microsoft SharePoint Reflective XSS Vulnerability |
Micrοsoft Office SharePoint | CVE-2020-16945 | Microsoft Office SharePoint XSS Vulnerability |
Micrοsoft Office SharePoint | CVE-2020-16946 | Microsoft Office SharePoint XSS Vulnerability |
Micrοsoft Office SharePoint | CVE-2020-16941 | Microsoft SharePoint Information Disclosure Vulnerability |
Micrοsoft Office SharePoint | CVE-2020-16950 | Microsoft SharePoint Information Disclosure Vulnerability |
Micrοsoft Office SharePoint | CVE-2020-16952 | Microsoft SharePoint Remote Code Execution Vulnerability |
Micrοsoft Windows | CVE-2020-16900 | Windows Event System Elevation of Privilege Vulnerability |
Micrοsoft Windows | CVE-2020-16901 | Windows Kernel Information Disclosure Vulnerability |
Micrοsoft Windows | CVE-2020-16899 | Windows TCP/IP Denial of Service Vulnerability |
Micrοsoft Windows | CVE-2020-16908 | Windows Setup Elevation of Privilege Vulnerability |
Micrοsoft Windows | CVE-2020-16909 | Windows Error Reporting Elevation of Privilege Vulnerability |
Micrοsoft Windows | CVE-2020-16912 | Windows Backup Service Elevation of Privilege Vulnerability |
Micrοsoft Windows | CVE-2020-16940 | Windows – User Profile Service Elevation of Privilege Vulnerability |
Micrοsoft Windows | CVE-2020-16907 | Win32k Elevation of Privilege Vulnerability |
Micrοsoft Windows | CVE-2020-16936 | Windows Backup Service Elevation of Privilege Vulnerability |
Micrοsoft Windows | CVE-2020-16898 | Windows TCP/IP Remote Code Execution Vulnerability |
Micrοsoft Windows | CVE-2020-16897 | NetBT Information Disclosure Vulnerability |
Micrοsoft Windows | CVE-2020-16895 | Windows Error Reporting Manager Elevation of Privilege Vulnerability |
Micrοsoft Windows | CVE-2020-16919 | Windows Enterprise App Management Service Information Disclosure Vulnerability |
Micrοsoft Windows | CVE-2020-16921 | Windows Text Services Framework Information Disclosure Vulnerability |
Micrοsoft Windows | CVE-2020-16920 | Windows Application Compatibility Client Library Elevation of Privilege Vulnerability |
Micrοsoft Windows | CVE-2020-16972 | Windows Backup Service Elevation of Privilege Vulnerability |
Micrοsoft Windows | CVE-2020-16877 | Windows Elevation of Privilege Vulnerability |
Micrοsoft Windows | CVE-2020-16876 | Windows Application Compatibility Client Library Elevation of Privilege Vulnerability |
Micrοsoft Windows | CVE-2020-16975 | Windows Backup Service Elevation of Privilege Vulnerability |
Micrοsoft Windows | CVE-2020-16973 | Windows Backup Service Elevation of Privilege Vulnerability |
Micrοsoft Windows | CVE-2020-16974 | Windows Backup Service Elevation of Privilege Vulnerability |
Micrοsoft Windows | CVE-2020-16922 | Windows Spoofing Vulnerability |
Micrοsoft Windows | CVE-2020-0764 | Windows Storage Services Elevation of Privilege Vulnerability |
Micrοsoft Windows | CVE-2020-16980 | Windows iSCSI Target Service Elevation of Privilege Vulnerability |
Micrοsoft Windows | CVE-2020-1080 | Windows Hyper-V Elevation of Privilege Vulnerability |
Micrοsoft Windows | CVE-2020-16887 | Windows Network Connections Service Elevation of Privilege Vulnerability |
Micrοsoft Windows | CVE-2020-16885 | Windows Storage VSP Driver Elevation of Privilege Vulnerability |
Micrοsoft Windows | CVE-2020-16924 | Jet Database Engine Remote Code Execution Vulnerability |
Micrοsoft Windows | CVE-2020-16976 | Windows Backup Service Elevation of Privilege Vulnerability |
Micrοsoft Windows | CVE-2020-16935 | Windows COM Server Elevation of Privilege Vulnerability |
Micrοsoft Windows Codecs Library | CVE-2020-16967 | Windows Camera Codec Pack Remote Code Execution Vulnerability |
Micrοsoft Windows Codecs Library | CVE-2020-16968 | Windows Camera Codec Pack Remote Code Execution Vulnerability |
PowerShellGet | CVE-2020-16886 | PowerShellGet Module WDAC Security Feature Bypass Vulnerability |
Visual Studio | CVE-2020-16977 | Visual Studio Code Python Extension Remote Code Execution Vulnerability |
Windows COM | CVE-2020-16916 | Windows COM Server Elevation of Privilege Vulnerability |
Windows Error Reporting | CVE-2020-16905 | Windows Error Reporting Elevation of Privilege Vulnerability |
Windows Hyper-V | CVE-2020-16894 | Windows NAT Remote Code Execution Vulnerability |
Windows Hyper-V | CVE-2020-1243 | Windows Hyper-V Denial of Service Vulnerability |
Windows Hyper-V | CVE-2020-16891 | Windows Hyper-V Remote Code Execution Vulnerability |
Windows Installer | CVE-2020-16902 | Windows Installer Elevation of Privilege Vulnerability |
Windows Kernel | CVE-2020-16889 | Windows KernelStream Information Disclosure Vulnerability |
Windows Kernel | CVE-2020-16892 | Windows Image Elevation of Privilege Vulnerability |
Windows Kernel | CVE-2020-16913 | Win32k Elevation of Privilege Vulnerability |
Windows Kernel | CVE-2020-1047 | Windows Hyper-V Elevation of Privilege Vulnerability |
Windows Kernel | CVE-2020-16910 | Windows Security Feature Bypass Vulnerability |
Windows Media Player | CVE-2020-16915 | Media Foundation Memory Corruption Vulnerability |
Windows RDP | CVE-2020-16863 | Windows Remote Desktop Service Denial of Service Vulnerability |
Windows RDP | CVE-2020-16927 | Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability |
Windows RDP | CVE-2020-16896 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability |
Windows Secure Kernel Mode | CVE-2020-16890 | Windows Kernel Elevation of Privilege Vulnerability |