As part of its monthly security updates release Microsoft fixed a total of 87 vulnerabilities across numerous products, including a remote code-execution issue (CVE-2020-16898) in the TCP/IP stack, which allows attackers to execute arbitrary code with elevated privileges using a specially crafted ICMPv6 router advertisement.
Other notable bugs include an RCE vulnerability (CVE-2020-16947) impacting Microsoft Outlook, a critical Windows Hyper-V RCE bug (CVE-2020-16891), the issues in Windows Camera Codec (CVE-2020-16967 and CVE-2020-16968), RCE vulnerabilities in SharePoint Server (CVE-2020-16951 and CVE-2020-16952), Media Foundation Library (CVE-2020-16915), the Base3D rendering engine (CVE-2020-17003), Graphics components (CVE-2020-16923), and the Windows Graphics Device Interface (CVE-2020-16911)
Adobe issued a security update for a critical remote code execution vulnerability in Adobe Flash Player that could be exploited by simply visiting a website. The vulnerability, tracked as CVE-2020-9746, could be exploited by inserting malicious strings in an HTTP response that is by default delivered over TLS/SSL. Adobe Flash Player v220.127.116.115 resolves this flaw.
NetBSD USB network interface drivers have been found to contain a high risk vulnerability, which allows a remote attacker to execute arbitrary code on the target system. The problem stems from boundary errors within multiple USB network interface drivers. The issue affects the following USB network interfaces:
Juniper Junos OS has a dangerous vulnerability (CVE-2020-1667), which allows a remote attacker to elevate privileges on the system. The following Juniper Networks Junos OS versions were found to be affected by CVE-2020-1667:
17.3 versions prior to 17.3R3-S8;
18.3 versions prior to 18.3R3-S1;
18.4 versions prior to 18.4R3;
19.1 versions prior to 19.1R3;
19.2 versions prior to 19.2R2;
19.3 versions prior to 19.3R3.
Trend Micro Antivirus for Mac contains a couple of vulnerabilities (CVE-2020-25777, CVE-2020-25778) that could allow a remote attacker to compromise the system or gain access to sensitive data.
ARC Informatique PcVue HMI/SCADA solution contains multiple vulnerabilities, the most severe of which (CVE-2020-26867) allows remote code execution.
Multiple vulnerabilities exist in Allen-Bradley Flex IO 1794-AENT series B communication adapter. All of them are denial of service (DoS) issues that can be used to trigger denial-of-service condition by sending malicious packets on the device.
Linux kernel contains Bluetooth vulnerabilities (CVE-2020-12351, CVE-2020-12352, CVE-2020-24490) that could be exploited to execute arbitrary code or access sensitive information. The most dangerous of these bugs is CVE-2020-12351, a heap-based type confusion that impacts Linux kernel 4.8 and higher, which can lead to denial of service or execution of arbitrary code, with kernel privileges.
Is your business effected by Cyber Crime?
If a cyber crime or cyber attack happens to you, you need to respond quickly. Cyber crime in its several formats such as online identity theft, financial fraud, stalking, bullying, hacking, e-mail fraud, email spoofing, invoice fraud, email scams, banking scam, CEO fraud. Cyber fraud can lead to major disruption and financial disasters. Contact Digitpol’s hotlines or respond to us online.
Digitpol’s Cyber Crime Investigation Unit provides investigative support to victims of cyber crimes. Digitpol is available 24/7. https://digitpol.com/cybercrime-investigation/
UK +44 20 8089 9944