Vulnerabilities

Unit 42 Discovers 27 New Vulnerabilities Across Microsoft Products

Clock Icon 3 min read

This post is also available in: 日本語 (Japanese)

Overview

Palo Alto Networks Unit 42 threat researchers have been credited with discovering 27 new vulnerabilities addressed by the Microsoft Security Response Center (MSRC), as part of its last nine months of security update releases.

Vulnerabilities

The Microsoft vulnerabilities discovered included 27 vulnerabilities rated “important,” including Remote Code Execution, Privilege Elevation, Information Disclosure and one Denial of Service vulnerability.

The Unit 42 researchers credited are Zhibin Zhang, Tao Yan, Bo Qu, Gal De Leon, Haozhe Zhang, Bar Lahav, Yaron Samuel and Nadav Markus. Zhibin Zhang was also recognized as the top vulnerability discoverer in Q1 from the MSRC and most recently ranked 7th for the MSRC 2020 Q2 Security Leaderboard.

The recently discovered vulnerabilities are listed in Table 1 below:

Vendor CVE Vulnerability Category Impact Maximum Severity Rating Researcher(s)
Microsoft CVE-2020-1074 Jet Database Engine Remote Code Execution Vulnerability Remote Code Execution Important Zhibin Zhang
Microsoft CVE-2020-1473 Jet Database Engine Remote Code Execution Vulnerability Remote Code Execution Important Zhibin Zhang
Microsoft CVE-2020-1557 Jet Database Engine Remote Code Execution Vulnerability Remote Code Execution Important Zhibin Zhang
Microsoft CVE-2020-1558 Jet Database Engine Remote Code Execution Vulnerability Remote Code Execution Important Bo Qu, Zhibin Zhang
Microsoft CVE-2020-1563 Microsoft Office Remote Code Execution Vulnerability Remote Code Execution Important Haozhe Zhang
Microsoft CVE-2020-1564 Jet Database Engine Remote Code Execution Vulnerability Remote Code Execution Important Zhibin Zhang
Microsoft CVE-2020-1386 Connected User Experiences and Telemetry Service Information Disclosure Vulnerability Information Disclosure Important Tao Yan (@Ga1ois)
Microsoft CVE-2020-1400 Jet Database Engine Remote Code Execution Vulnerability Remote Code Execution Important Zhibin Zhang
Microsoft CVE-2020-1401 Jet Database Engine Remote Code Execution Vulnerability Remote Code Execution Important Zhibin Zhang
Microsoft CVE-2020-1407 Jet Database Engine Remote Code Execution Vulnerability Remote Code Execution Important Zhibin Zhang
Microsoft CVE-2020-1420 Windows Error Reporting Information Disclosure Vulnerability Information Disclosure Important Gal De Leon, Tao Yan (@Ga1ois)
Microsoft CVE-2020-1429 Windows Error Reporting Manager Elevation of Privilege Vulnerability Elevation of Privilege Important Gal De Leon
Microsoft CVE-2020-1208 Jet Database Engine Remote Code Execution Vulnerability Remote Code Execution Important Zhibin Zhang
Microsoft CVE-2020-1236 Jet Database Engine Remote Code Execution Vulnerability Remote Code Execution Important Zhibin Zhang
Microsoft CVE-2020-1197 Windows Error Reporting Manager Elevation of Privilege Vulnerability Elevation of Privilege Important Tao Yan (@Ga1ois), Bo Qu
Microsoft CVE-2020-0994 Jet Database Engine Remote Code Execution Vulnerability Remote Code Execution Important Bo Qu
Microsoft CVE-2020-1263 Windows Error Reporting Information Disclosure Vulnerability Information Disclosure Important Gal De Leon
Microsoft CVE-2020-1021 Windows Error Reporting Elevation of Privilege Vulnerability Elevation of Privilege Important Gal De Leon
Microsoft CVE-2020-1132 Windows Error Reporting Manager Elevation of Privilege Vulnerability Elevation of Privilege Important Gal De Leon
Microsoft CVE-2020-0794 Windows Denial of Service Vulnerability Denial of Service Important Yaron Samuel
Microsoft CVE-2020-0991 Microsoft Office Remote Code Execution Vulnerability Remote Code Execution Important Bar Lahav and Gal De Leon
Microsoft CVE-2020-0992 Jet Database Engine Remote Code Execution Vulnerability Remote Code Execution Important Bar Lahav and Gal De Leon
Microsoft CVE-2020-0775 Windows Error Reporting Information Disclosure Vulnerability Information Disclosure Important Gal De Leon
Microsoft CVE-2020-0806 Windows Error Reporting Elevation of Privilege Vulnerability Elevation of Privilege Important Gal De Leon
Microsoft CVE-2020-0747 Windows Data Sharing Service Elevation of Privilege Vulnerability Elevation of Privilege Important Nadav Markus and Yaron Samuel
Microsoft CVE-2020-0754 Windows Error Reporting Elevation of Privilege Vulnerability Elevation of Privilege Important Gal De Leon

Conclusion

Palo Alto Networks customers deploying our Next-Generation Firewalls with our best practices and a Threat Prevention subscription, which includes capabilities such as vulnerability protection with intrusion prevention system (IPS), are protected from zero-day vulnerabilities such as these. Weaponized exploits for these vulnerabilities are prevented by Cortex XDR’s multi-layered exploit prevention capabilities. WildFire provides our customers with comprehensive protection and automatic updates against previously unknown threats.

Palo Alto Networks is a regular contributor to vulnerability research in Microsoft, Adobe, Apple, Google Android and other ecosystems, with more than 200 critical vulnerabilities discovered. Our researchers give regular talks at security conferences such as BlueHat and Black Hat.

By proactively identifying these vulnerabilities, developing protections for our customers and sharing the information with the security community, we are removing weapons used by attackers to threaten users and compromise enterprise, government and service provider networks.

Last year, Unit 42 also won first place as a top zero-day vulnerability contributor and tied for third for top vulnerability contributor as part of the Microsoft Active Protections Program (MAPP) Contributing Partners awards. We are proud of the continued efforts made by our threat intelligence research team, as they continue to leave a positive impact on the security ecosystem.

 

Enlarged Image