Tripwire‘s September 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Apple, and various Linux distributions.

Up first on the patch priority list this month is a very high priority vulnerability, which is called “Zerologon” and identified by CVE-2020-1472. It is an elevation of privilege vulnerability that exists due to a flaw in a cryptographic authentication mechanism used by the Netlogon Remote Protocol (MS-NRPC). During the August patch Tuesday patch release, Microsoft released patches for affected operating systems. Note that the recently released Metasploit module targets the Windows operating system. However, various versions of Samba, i.e. within the open source ecosystem, could be vulnerable to this attack (refer to the bugzilla link below) and open source proof-of-concepts are available via Github. Linux vendors such as Fedora, SuSe, and Ubuntu have released advisories and patches for their versions of Samba.

Links for more information:

Linux Vendor Advisories:

Next on the list are two more vulnerabilities that have been recently included within the Metasploit Framework. First is a patch for Microsoft Exchange server (CVE-2020-16875). It is a remote code execution vulnerability that exists due to improper validation of cmdlet arguments. In particular, the vulnerability is a result of improper validation of user-supplied template data when creating a DLP policy. An attacker who successfully exploits the vulnerability can run arbitrary code in the context of the SYSTEM user. More details can be found at Second is a patch for macOS (CVE-2020-9839). For this patch, a race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15. (Read more...)