Tripwire‘s October 2020 Patch Precedence Index (PPI) brings collectively essential vulnerabilities from Microsoft, Apple, Adobe, and Oracle.
First on the patch precedence listing this month is a really excessive precedence vulnerability in Oracle WebLogic Server. The vulnerability is throughout the Console element of Oracle WebLogic Server, and it may be exploited with out authentication and requires no person interplay. Proof-of-concept code is out there and doesn’t require important experience as a way to exploit a susceptible server. Supported variations of Oracle WebLogic Server which can be affected embody 10.3.6.0.0, 220.127.116.11.0, 18.104.22.168.0, 22.214.171.124.Zero and 126.96.36.199.0.
Subsequent on the listing are Three vulnerabilities which have lately been included throughout the Metasploit exploit framework. First is a patch for Microsoft SharePoint (CVE-2020-16952). It’s a distant code execution vulnerability that exists on account of a server-side embody (SSI) weak point. The following are two vulnerabilities that influence Apple software program. CVE-2020-9856 is a vulnerability that exists within the CVMS element of macOS Catalina 10.15.5. The second (CVE-2020-9850) is a vulnerability that exists in WebKit for numerous Apple merchandise, and it’s addressed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Home windows, iCloud for Home windows 11.2, iCloud for Home windows 7.19.
Up subsequent on the patch precedence listing this month are patches for Microsoft Edge (Chromium-Based mostly). These patches resolve 24 vulnerabilities that exist on account of points corresponding to use after free, inappropriate implementation, inadequate coverage enforcement, and integer overflow
Up subsequent is a patch for Adobe Flash Participant, which resolves an arbitrary code execution vulnerability on account of a NULL pointer dereference.
Subsequent are patches for Oracle Java, which resolve eight vulnerabilities associated to Libraries, JNDI, Serialization, and Hotspot.
Subsequent on the listing are patches for Microsoft Excel, Workplace, Outlook, and Phrase, which resolve eight vulnerabilities together with distant code execution, denial of service, and safety characteristic bypass.
Up subsequent this month are patches that have an effect on elements of the Home windows working methods. These patches resolve greater than 50 vulnerabilities, together with denial of service, elevation of privilege, data disclosure, distant code execution, and reminiscence corruption vulnerabilities. These vulnerabilities have an effect on core Home windows, Jet Database Engine, GDI, Storage Providers, Codecs Library, Hyper-V, COM Server, Distant Desktop, KernelStream, Group Coverage, TCP/IP, iSCSI Goal Service, NAT, Error Reporting, and others.
Up subsequent is are patches for Visible Studio and .NET that resolve data disclosure and distant code execution vulnerabilities.
Lastly, directors ought to give attention to server-side patches for Microsoft and Oracle, which resolve points in Oracle Database, Microsoft Dynamics, Microsoft Change, and Microsoft SharePoint. These patches resolve over 60 points, together with cross-site scripting, data disclosure, and distant code execution vulnerabilities.
Exploit Framework – Metasploit: Microsoft Sharepoint
Exploit Framework – Metasploit: macOS Catalina 10.15.5 CVMS
Exploit Framework – Metasploit: Apple WebKit
ADV200002 | Chromium Safety Updates for Microsoft Edge (Chromium-Based mostly)
CVE-2020-15999, CVE-2020-16003, CVE-2020-16002, CVE-2020-16001, CVE-2020-16000, CVE-2020-15987, CVE-2020-15985, CVE-2020-15982, CVE-2020-15981, CVE-2020-15989, CVE-2020-15988, CVE-2020-15979, CVE-2020-15972, CVE-2020-15973, CVE-2020-15971, CVE-2020-15977, CVE-2020-15974, CVE-2020-15975, CVE-2020-15990, CVE-2020-15991, CVE-2020-15992, CVE-2020-15969, CVE-2020-15968, CVE-2020-6557
APSB20-58: Adobe Flash Participant
CVE-2020-14782, CVE-2020-14781, CVE-2020-14779, CVE-2020-14797, CVE-2020-14796, CVE-2020-14798, CVE-2020-14803, CVE-2020-14792
CVE-2020-16929, CVE-2020-16932, CVE-2020-16931, CVE-2020-16930, CVE-2020-16954, CVE-2020-16949, CVE-2020-16947, CVE-2020-16933
Microsoft Home windows
CVE-2020-16924,CVE-2020-16897,CVE-2020-16907,CVE-2020-16940,CVE-2020-16920,CVE-2020-16876,CVE-2020-16936,CVE-2020-16973,CVE-2020-16972,CVE-2020-16976,CVE-2020-16975,CVE-2020-16974,CVE-2020-16912,CVE-2020-16935,CVE-2020-16877,CVE-2020-16919,CVE-2020-16909,CVE-2020-16895,CVE-2020-16900,CVE-2020-1080, CVE-2020-16901,CVE-2020-16887,CVE-2020-16922,CVE-2020-0764,CVE-2020-16885,CVE-2020-16899,CVE-2020-16898,CVE-2020-16921,CVE-2020-16980,CVE-2020-16939,CVE-2020-16915,CVE-2020-16968,CVE-2020-16967,CVE-2020-1243, CVE-2020-16891,CVE-2020-16894,CVE-2020-16938,CVE-2020-16905,CVE-2020-16913,CVE-2020-1047, CVE-2020-16892,CVE-2020-16889,CVE-2020-16910,CVE-2020-16911,CVE-2020-16923,CVE-2020-1167, CVE-2020-16914,CVE-2020-16916,CVE-2020-16927,CVE-2020-16896,CVE-2020-16863,CVE-2020-16902,CVE-2020-16890,CVE-2020-17022
Microsoft Change Server
Microsoft Workplace SharePoint
CVE-2020-16946, CVE-2020-16945, CVE-2020-16942, CVE-2020-16941, CVE-2020-16948, CVE-2020-16950, CVE-2020-16953, CVE-2020-16944, CVE-2020-16951