SB2020101359 - Multiple vulnerabilities in Microsoft Windows

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Spoofing attack (CVE-ID: CVE-2020-16922)

The vulnerability allows a local attacker to perform spoofing attack.

The vulnerability exists due to Windows incorrectly validates file signatures. A local attacker can spoof page content, bypass security features and load improperly signed files.

2) Security Features (CVE-ID: CVE-2020-16910)

This vulnerability allows a local  attacker to bypass security rescritions feature.

The vulnerability exists due to the Microsoft Windows fails to handle file creation permissions. A local attacker can run a specially crafted application to bypass Unified Extensible Firmware Interface (UEFI) variable security in Windows.

3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-16877)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the way Windows handles reparse points. A local user can create a malicious application, launch it on the system and overwrite or delete a targeted file that would normally require elevated permissions.

Remediation

Install update from vendor's website.

References

• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16922
• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16910
• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16877