Security Advisory - December 8, 2020

Zscaler protects against 2 new vulnerabilities for Microsoft Windows.

Zscaler, working with Microsoft through their MAPP program, has proactively deployed protection for the following 2 vulnerabilities included in the December 2020 Microsoft security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the December release and deploy additional protections, as necessary.

CVE-2020-17144 – Microsoft Exchange Remote Code Execution Vulnerability

Severity: Important

Affected Software

  • Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 31

A remote code execution vulnerability exists in Microsoft Exchange server. An attacker who successfully exploited this vulnerability could gain the ability to execute code on the target server or client.

CVE-2020-17096 – Windows NTFS Remote Code Execution Vulnerability

Severity: Important

Affected Software

  • Windows Server, version 20H2 (Server Core Installation)
  • Windows Server, version 2004 (Server Core installation)
  • Windows Server, version 1909 (Server Core installation)
  • Windows Server, version 1903 (Server Core installation)
  • Windows Server 2019 (Server Core installation)
  • Windows Server 2019
  • Windows Server 2016 (Server Core installation)
  • Windows Server 2016
  • Windows Server 2012 R2 (Server Core installation)
  • Windows Server 2012 R2
  • Windows Server 2012 (Server Core installation)
  • Windows Server 2012
  • Windows RT 8.1
  • Windows 8.1 for x64based systems
  • Windows 8.1 for 32bit systems
  • Windows 10 for x64based Systems
  • Windows 10 for 32bit Systems
  • Windows 10 Version 20H2 for x64based Systems
  • Windows 10 Version 20H2 for ARM64based Systems
  • Windows 10 Version 20H2 for 32bit Systems
  • Windows 10 Version 2004 for x64based Systems
  • Windows 10 Version 2004 for ARM64based Systems
  • Windows 10 Version 2004 for 32bit Systems
  • Windows 10 Version 1909 for x64based Systems
  • Windows 10 Version 1909 for ARM64based Systems
  • Windows 10 Version 1909 for 32bit Systems
  • Windows 10 Version 1903 for x64based Systems
  • Windows 10 Version 1903 for ARM64based Systems
  • Windows 10 Version 1903 for 32bit Systems
  • Windows 10 Version 1809 for x64based Systems
  • Windows 10 Version 1809 for ARM64based Systems
  • Windows 10 Version 1809 for 32bit Systems
  • Windows 10 Version 1803 for x64based Systems
  • Windows 10 Version 1803 for ARM64based Systems
  • Windows 10 Version 1803 for 32bit Systems
  • Windows 10 Version 1607 for x64based Systems
  • Windows 10 Version 1607 for 32bit Systems

An elevation of privilege vulnerability exists in Windows NTFS system. A local attacker could run a specially crafted application that would elevate the attacker's privileges. A remote attacker with SMBv2 access to a vulnerable system could send specially crafted requests over a network to exploit this vulnerability and execute code on the target system.