skout-blog

Cybersecurity Threat Advisory 0057-20: Microsoft’s Patch Critical RCE Flaws

Advisory Overview

Several Remote Code Execution (RCE) security flaws were announced in Microsoft’s patch Tuesday; 129 security bugs to be exact. As remote work increases, the need for RCE security increases and at an overwhelming rate. A strong mitigation tactic for this type of vulnerability would be to maintain your systems by backing up files and applying patches as they are released.

Technical detail and additional information

What is the threat?

Of the many updates released to correct critical flaws/bugs, Microsoft Exchange Server’s Remote Code Execution (RCE) Vulnerability (tracked as CVE-2020-16875) was the most notable. This vulnerability is particularly dangerous because it can be executed simply by sending an email to the target. This RCE stems from improper validation of “cmdlet” arguments that exist in the Microsoft Exchange server.

Why is this noteworthy?

Microsoft Exchange is the mail server used by Microsoft which allows for all things mailing. Outlook, Microsoft’s emailing platform, is used by approximately 400 million users making this vulnerability high risk for a large subset of users. As previously mentioned, a host can be compromised simply by having a threat actor send an email to your account, even if you have not interacted with the email in question.

What is the exposure or risk?

With a Common Vulnerability Scoring System (CVSS) score of 9.1 out of 10, exploitation of CVE-2020-16875 is serious threat capable of compromising one’s exchange server(s). When exploited, the threat actor can execute code that grants unauthorized root permission which can add an account, install programs and/or modify data. This vulnerability can be exploited to obtain system level access meaning the root of the network.

What are the recommendations?

Update affected systems as outlined in the advisory published by Microsoft to apply the necessary security patches.

References:

For more in-depth information about the recommendations, please visit the following links:

If you have any questions, please contact our Security Operations Center.