Vulnerabilities

Unit 42 Discovers 27 New Vulnerabilities Across Microsoft Products

3 min read

Overview

Palo Alto Networks Unit 42 threat researchers have been credited with discovering 27 new vulnerabilities addressed by the Microsoft Security Response Center (MSRC), as part of its last nine months of security update releases.

Vulnerabilities

The Microsoft vulnerabilities discovered included 27 vulnerabilities rated “important,” including Remote Code Execution, Privilege Elevation, Information Disclosure and one Denial of Service vulnerability.

The Unit 42 researchers credited are Zhibin Zhang, Tao Yan, Bo Qu, Gal De Leon, Haozhe Zhang, Bar Lahav, Yaron Samuel and Nadav Markus. Zhibin Zhang was also recognized as the top vulnerability discoverer in Q1 from the MSRC and most recently ranked 7th for the MSRC 2020 Q2 Security Leaderboard.

The recently discovered vulnerabilities are listed in Table 1 below:

Vendor	CVE	Vulnerability Category	Impact	Maximum Severity Rating	Researcher(s)
Microsoft	CVE-2020-1074	Jet Database Engine Remote Code Execution Vulnerability	Remote Code Execution	Important	Zhibin Zhang
Microsoft	CVE-2020-1473	Jet Database Engine Remote Code Execution Vulnerability	Remote Code Execution	Important	Zhibin Zhang
Microsoft	CVE-2020-1557	Jet Database Engine Remote Code Execution Vulnerability	Remote Code Execution	Important	Zhibin Zhang
Microsoft	CVE-2020-1558	Jet Database Engine Remote Code Execution Vulnerability	Remote Code Execution	Important	Bo Qu, Zhibin Zhang
Microsoft	CVE-2020-1563	Microsoft Office Remote Code Execution Vulnerability	Remote Code Execution	Important	Haozhe Zhang
Microsoft	CVE-2020-1564	Jet Database Engine Remote Code Execution Vulnerability	Remote Code Execution	Important	Zhibin Zhang
Microsoft	CVE-2020-1386	Connected User Experiences and Telemetry Service Information Disclosure Vulnerability	Information Disclosure	Important	Tao Yan (@Ga1ois)
Microsoft	CVE-2020-1400	Jet Database Engine Remote Code Execution Vulnerability	Remote Code Execution	Important	Zhibin Zhang
Microsoft	CVE-2020-1401	Jet Database Engine Remote Code Execution Vulnerability	Remote Code Execution	Important	Zhibin Zhang
Microsoft	CVE-2020-1407	Jet Database Engine Remote Code Execution Vulnerability	Remote Code Execution	Important	Zhibin Zhang
Microsoft	CVE-2020-1420	Windows Error Reporting Information Disclosure Vulnerability	Information Disclosure	Important	Gal De Leon, Tao Yan (@Ga1ois)
Microsoft	CVE-2020-1429	Windows Error Reporting Manager Elevation of Privilege Vulnerability	Elevation of Privilege	Important	Gal De Leon
Microsoft	CVE-2020-1208	Jet Database Engine Remote Code Execution Vulnerability	Remote Code Execution	Important	Zhibin Zhang
Microsoft	CVE-2020-1236	Jet Database Engine Remote Code Execution Vulnerability	Remote Code Execution	Important	Zhibin Zhang
Microsoft	CVE-2020-1197	Windows Error Reporting Manager Elevation of Privilege Vulnerability	Elevation of Privilege	Important	Tao Yan (@Ga1ois), Bo Qu
Microsoft	CVE-2020-0994	Jet Database Engine Remote Code Execution Vulnerability	Remote Code Execution	Important	Bo Qu
Microsoft	CVE-2020-1263	Windows Error Reporting Information Disclosure Vulnerability	Information Disclosure	Important	Gal De Leon
Microsoft	CVE-2020-1021	Windows Error Reporting Elevation of Privilege Vulnerability	Elevation of Privilege	Important	Gal De Leon
Microsoft	CVE-2020-1132	Windows Error Reporting Manager Elevation of Privilege Vulnerability	Elevation of Privilege	Important	Gal De Leon
Microsoft	CVE-2020-0794	Windows Denial of Service Vulnerability	Denial of Service	Important	Yaron Samuel
Microsoft	CVE-2020-0991	Microsoft Office Remote Code Execution Vulnerability	Remote Code Execution	Important	Bar Lahav and Gal De Leon
Microsoft	CVE-2020-0992	Jet Database Engine Remote Code Execution Vulnerability	Remote Code Execution	Important	Bar Lahav and Gal De Leon
Microsoft	CVE-2020-0775	Windows Error Reporting Information Disclosure Vulnerability	Information Disclosure	Important	Gal De Leon
Microsoft	CVE-2020-0806	Windows Error Reporting Elevation of Privilege Vulnerability	Elevation of Privilege	Important	Gal De Leon
Microsoft	CVE-2020-0747	Windows Data Sharing Service Elevation of Privilege Vulnerability	Elevation of Privilege	Important	Nadav Markus and Yaron Samuel
Microsoft	CVE-2020-0754	Windows Error Reporting Elevation of Privilege Vulnerability	Elevation of Privilege	Important	Gal De Leon

Conclusion

Palo Alto Networks customers deploying our Next-Generation Firewalls with our best practices and a Threat Prevention subscription, which includes capabilities such as vulnerability protection with intrusion prevention system (IPS), are protected from zero-day vulnerabilities such as these. Weaponized exploits for these vulnerabilities are prevented by Cortex XDR’s multi-layered exploit prevention capabilities. WildFire provides our customers with comprehensive protection and automatic updates against previously unknown threats.

Palo Alto Networks is a regular contributor to vulnerability research in Microsoft, Adobe, Apple, Google Android and other ecosystems, with more than 200 critical vulnerabilities discovered. Our researchers give regular talks at security conferences such as BlueHat and Black Hat.

By proactively identifying these vulnerabilities, developing protections for our customers and sharing the information with the security community, we are removing weapons used by attackers to threaten users and compromise enterprise, government and service provider networks.

Last year, Unit 42 also won first place as a top zero-day vulnerability contributor and tied for third for top vulnerability contributor as part of the Microsoft Active Protections Program (MAPP) Contributing Partners awards. We are proud of the continued efforts made by our threat intelligence research team, as they continue to leave a positive impact on the security ecosystem.