Monthly Patch Tuesdays over the last six months have included an average of 120 vulnerability corrections. This month is down to 87, but 11 of them are rated Critical. Here are some of the ones you will want to pay closer attention to and consider putting at the front end of your patching cycles.
CVE-2020-16898
This one scores a 9.8 out of 10. Affects the way IPv6 Router Advertisement packets are handled. Exploitation allows an attacker to execute code on the target PC/server. You can disable IVMPv6 RDNSS as a workaround with this command:
netsh int ipv6 set int *INTERFACENUMBER* rabaseddnsconfig=enable
To find the INTERFACENUMBER, run this command and run the above against each interface:
netsh int ipv6 show interfaces
CVE-2020-16891
Allows remote code execution in relation to how Hyper-V evaluates input against guest OS processing. No available workarounds.
Outlook – CVE-2020-16947
An attacker can execute code as System when exploiting the way Outlook manages memory. No available workarounds.
SharePoint – CVE-2020-16951 and CVE-2020-16952
Two different methods that allow remote code execution as the context of the application pool. No available workarounds.
Exchange – CVE-2020-16969
A specially crafted OWA message allows an attacker to execute without warning remote URL content that the attacker controls. No available workarounds.
It’s especially important to note services like SharePoint and Exchange, as these are often left out of mainstream patch cycles to minimize change around these critical systems. This is not the month to skip either one of these services within your environment.
Remember that patching should have automation, validation and reporting to ensure your systems are in an expected and secure state. Happy Patching!
