Cybersecurity Threat Advisory: Microsoft’s Patch Critical RCE Flaws
Posted on September 18, 2020 by Mike Beagles
As part of our effort to inform our clients about potential and serious cybersecurity issues, MCP provides advisories about vulnerabilities and exploits that could threaten the operations of their critical communications networks. Sign up to receive these advisories in your inbox as soon as they are released.
This week, there is a new critical alert that requires the mission-critical community’s immediate attention.
Advisory Overview
Several Remote Code Execution (RCE) security flaws were announced in Microsoft’s patch Tuesday—129 security bugs to be exact. As remote work increases, the need for RCE security increases and at an overwhelming rate. A strong mitigation tactic for this type of vulnerability would be to maintain your systems by backing up files and applying patches as they are released.
Technical Detail and Additional Information
What is the threat?
Of the many updates released to correct critical flaws/bugs, Microsoft Exchange Server’s Remote Code Execution (RCE) Vulnerability (tracked as CVE-2020-16875) was the most notable. This vulnerability is particularly dangerous because it can be executed simply by sending an email to the target. This RCE stems from improper validation of “cmdlet” arguments that exist in the Microsoft Exchange server.
Why is this noteworthy?
Microsoft Exchange is the mail server used by Microsoft which allows for all things mailing. Outlook, Microsoft’s emailing platform, is used by approximately 400 million users making this vulnerability high risk for a large subset of users. As previously mentioned, a host can be compromised simply by having a threat actor send an email to your account, even if you have not interacted with the email in question.
What is the exposure or risk?
With a Common Vulnerability Scoring System (CVSS) score of 9.1 out of 10, exploitation of CVE-2020-16875 is serious threat capable of compromising one’s exchange server(s). When exploited, the threat actor can execute code that grants unauthorized root permission which can add an account, install programs and/or modify data. This vulnerability can be exploited to obtain system level access meaning the root of the network.
What are the recommendations?
MCP recommends updating affected systems as outlined in the advisory published by Microsoft to apply the necessary security patches.
For more information
- https://threatpost.com/microsofts-patch-tuesday-critical-rce-bugs/159044/
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16875
- https://krebsonsecurity.com/2020/09/microsoft-patch-tuesday-sept-2020-edition/#more-52959
If you are looking for guidance, please reach out. MCP offers a comprehensive cybersecurity solutions suite that is designed specifically for public safety entities and other critical-infrastructure organizations, to help them determine their network, data, and application vulnerabilities. We can help you develop a complete cyberattack prevention strategy.
Contact us today to learn more.