Executive Summary
Unit 42 researchers have been credited with discovering 15 new vulnerabilities addressed by the Microsoft Security Response Center (MSRC), Adobe Security Bulletin and Apple Security Updates, as part of the last quarter of security update releases.
Vulnerabilities
Of the 15 new vulnerabilities credited to Unit 42 researchers, 10 come from Microsoft with severity ratings from low to important. The four Adobe Reader DC vulnerabilities are all critical bugs that allow remote code execution (RCE). Lastly, there is an Apple cross site scripting (XSS) vulnerability that could also lead to arbitrary RCE in the context of the currently logged in user.
The Unit 42 researchers credited are Tao Yan, Zhibin Zhang, Bo Qu, Ronen Haber and Ken Hsu.
The recently discovered vulnerabilities are listed in Table 1 below:
Vendor
CVE
Description
Type
Researcher(s)
Microsoft
CVE-2020-16876
Windows Application Compatibility Client Library Elevation of Privilege Vulnerability
Privilege Escalation
Tao Yan
Microsoft
CVE-2020-16895
Windows Error Reporting Manager Elevation of Privilege Vulnerability
Privilege Escalation
Tao Yan
Microsoft
CVE-2020-16924
Jet Database Engine Remote Code Execution Vulnerability
Remote Code Execution
Zhibin Zhang
Microsoft
CVE-2020-17007
Windows Error Reporting Elevation of Privilege Vulnerability
Privilege Escalation
Tao Yan
Microsoft
CVE-2020-17046
Support the originator by clicking the read the rest link below.
