The Core Technologies Blog

Professional Software for Windows Services / 24×7 Operation


Windows Services Memory Fix (Microsoft June 2020 Patch Tuesday)

Windows Services Memory Fix

On the second Tuesday of each month, Microsoft releases the latest security updates for Windows, Windows Server, and other products. This monthly event is dubbed Patch Tuesday.

The June 2020 Patch Tuesday update fixes a whopping 129 important defects. It’s the largest Patch Tuesday update ever!

As usual, we’ve scoured the list of vulnerabilities to identify fixes focused on Windows Services. Fortunately there is just one item — CVE-2020-1268.

CVE-2020-1268: Windows Service Information Disclosure Vulnerability

According to Microsoft, an attacker could leverage CVE-2020-1268 to read private areas of a service’s memory. These kind of “memory exploits” are quite serious.

The patch fixes the problem by correcting how a Windows Service handles objects in memory.

How can an attacker exploit this defect?

To exploit the defect, an attacker would have to:

  • Log in to your Windows computer

  • Run a “specially crafted application”

  • Locate something of value in the service’s memory

That is, the defect is only exploitable by an authorized person with sophisticated programming experience.

Nevertheless, it presents a significant security hole.

For example, suppose your service caches a user’s credit card information securely in RAM. A rogue employee could craft a program that invades your service’s memory space and extracts the card details. The same stealing could happen with passwords, personally identifiable information and other sensitive data that your application records in memory.

Which versions of Windows does CVE-2020-1268 affect?

Microsoft has identified and developed patches for the operating systems impacted — Windows 10 (Versions 1903, 1909, 2004) and Windows Server 2019 (Versions 1903, 1909, 2004).

Apparently the flaw does not exist in Windows 8 or Windows Server 2016, Microsoft’s other supported operating systems.

What else do you know about CVE-2020-1268?

  • The vulnerability was not publicly disclosed prior to June 2020.

  • There are no reports of exploits in the wild.

  • CVE-2020-1268 does not allow an attacker to execute code or to elevate user rights directly.

  • Because it requires access and sophistication to exploit, Microsoft classifies it as “Exploitation less likely”.

Should I apply the patch?

Yes. We agree with Microsoft’s recommendation to apply the patch.

Because, as the folks at ZDNet wisely point out:

Malware authors are known to keep on eye out on Microsoft’s monthly security updates, select the most useful bugs, and patch-diff the security updates to find the exact bug that Microsoft fixed — so they can weaponize it as soon as possible.

Questions? Problems?

If you would like to know more about CVE-2020-1268 or the enormous June 2020 Patch Tuesday update, please feel free to get in touch. We will do our best to help you.

Be safe out there!

Posted in Windows Services | Tagged , , , , , | Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *