Malware Devil

Loading...

Monday, October 19, 2020

ESB-2020.3586 – [Win] Microsoft Windows Codecs Library and Visual Studio Code: Multiple vulnerabilities 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3586
         New Security Updates for Microsoft Windows Codecs Library
                          and Visual Studio Code
                              19 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Microsoft Windows Codecs Library
                   Microsoft Visual Studio Code
                   Microsoft Dynamics 365 Commerce
Publisher:         Microsoft
Operating System:  Windows
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Unauthorised Access             -- Remote/Unauthenticated      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-17023 CVE-2020-17022 CVE-2020-16943

Reference:         ASB-2020.0167

Original Bulletin: 
   https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17022
   https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17023
   https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16943

Comment: This bulletin contains three (3) Microsoft security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

**************************************************************************************
Title: Microsoft Security Update Releases
Issued: October 15, 2020
**************************************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2020-16943
* CVE-2020-17022
* CVE-2020-17023
 

Revision Information:
=====================

* CVE-2020-16943

 - CVE-2020-16943 | Dynamics 365 Commerce Elevation of Privilege Vulnerability
 - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16943
 - Version 2.0
 - Reason for Revision: In the Security Updates table, removed the Article and Download
   links because an update is not yet available for Dynamics 365 Commerce. Customers
   will be notified via a revision to this CVE information when an update becomes
   available.
 - Originally posted: October 13, 2020
 - Updated: October 13, 2020
 - Aggregate CVE Severity Rating: Important

* CVE-2020-17022

 - CVE-2020-17022 | Remote Desktop Services Remote Code Execution Vulnerability
 - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17022
 - Version 1.0
 - Reason for Revision: Information published.
 - Originally posted: October 15, 2020
 - Updated: N/A
 - Aggregate CVE Severity Rating: Important

* CVE-2020-17023

 - CVE-2020-17023 | Visual Studio JSON Remote Code Execution Vulnerability
 - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17023
 - Version 1.0
 - Reason for Revision: Information published.
 - Originally posted: October 15, 2020
 - Updated: N/A
 - Aggregate CVE Severity Rating: Important


**************************************************************************************
 
Other Information
=================

Recognize and avoid fraudulent email to Microsoft customers:
======================================================================================

If you receive an email message that claims to be distributing a Microsoft security
update, it is a hoax that may contain malware or pointers to malicious websites.
Microsoft does not distribute security updates via email. 

The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security 
notifications. However, PGP is not required for reading security notifications, 
reading security bulletins, or installing security updates. You can obtain the MSRC
public PGP key at .

**************************************************************************************
THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED "AS IS" WITHOUT 
WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, 
INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES 
WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS 
PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL 
OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
**************************************************************************************
Microsoft respects your privacy. Please read our online Privacy Statement at 
.

If you would prefer not to receive future technical security notification alerts by 
email from Microsoft and its family of companies please visit the following website 
to unsubscribe:
.

These settings will not affect any newsletters you've requested or any mandatory 
service communications that are considered part of certain Microsoft services.

For legal Information, see:
.

This newsletter was sent by:
Microsoft Corporation
1 Microsoft Way
Redmond, Washington, USA
98052
- -----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEELTQbGKdJ0A4NErYObMczVWaPe3UFAl+I3HUACgkQbMczVWaP
e3WVbwf9EJfqNYIskGIpqS+sI3mTBlNiZTfnCR7w2fhrz0trvcq5I4gxwqzdswrN
ChRP8ZSRVcTmnvnAVyMI0pUfB6cz/42yf/K8byzVZgqNIDtIoKwaKvL0QN/sGzU2
CMsUJU09eP+YPamQ9w/7iyU91RpKzj/kd4nnQEmJAy8nEBUzWZkSUxgnV7qJVRmN
8Yse5jxVDDIYnUzuYCY2cV/oiBkuN4ZhhFl20iKlXaLq+etCRQY/r8Ll2lJAz7Ub
OuFmKlWqZhuuVBEfJAXWM82bg3ztdI5hSOD5CdBsflwSMvK3DBN0LFw5SUhI7aT/
Qh5NZxuuAOGP88OSwJGO5Ao8NlWDEA==
=UDkC
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX40vHeNLKJtyKPYoAQhuHg/9F7Yd21vIcWySblo6xW9xxNZ9yPWpukos
MoAv3JU75SOjoFZE6gRIJQ7PzGt+V2AEZkbfeLYQzC7DenkVvC36QJUl3YBKWY/c
ewHJT88lnRj/UHh0zl7YZ+UeNV9mkiRFpgrMJo6QGg3biNR7P4wqPwtckCAfoCFr
uLRS24XK+SNpd0sjnQJDwyNbsbybELU9pPhFACOGyE7RXO8dgi8gWqQCQxHMsz13
OjDMo3p6dNBC4chl9P7ACJWRqN2Q2xD6uqbeRq91E82hjo96QQB2r8lqDUuXjYv3
vUt1SiyHofSW6VzD2kB4ozHW/OXvTwDvyfmObZUCCISRwOKFwRVNgm7L9Njr8rQA
qYoxgEU2COi9Luwn7JYECiIkGsSlOjqwnfeEIlfq8dngh7EG0emczwbVRqTnkRwl
GA1CZYBQFUR4rQOljtaBAbSDQFua6v0tTHiJ1fytM0fjEZdDkU5XObFPj8WOmOMj
syxwEm1Ixw6kYoLwL35sKHyORm8u/MqWMakV1DyNLzEO+xGEEhGtLnDoJ7XurLZ4
5S1MkrGyynqOGQ6th7ErMTCleSjiFcd7FeqhzJRJovgK3ZyjeBKDREsgBJwXb1DN
pCVv2gj3q2ZsAGRablXrpVHG7V7Qou9AByMJ8Gr7j4WqBDFhGufXLs9detDtyewh
kNb4nv+fkNA=
=BD5Q
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.3586 – [Win] Microsoft Windows Codecs Library and Visual Studio Code: Multiple vulnerabilities appeared first on Malware Devil.



https://malwaredevil.com/2020/10/19/esb-2020-3586-win-microsoft-windows-codecs-library-and-visual-studio-code-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3586-win-microsoft-windows-codecs-library-and-visual-studio-code-multiple-vulnerabilities
at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Barbary Pirates and Russian Cybercrime

In 1801, the United States had a small Navy. Thomas Jefferson deployed almost half that Navy—three frigates and a schooner—to the Barbary C...