Rewterz Threat Advisory – CVE-2020-16935 – Microsoft Windows Privilege Escalation Vulnerability
October 21, 2020Rewterz Threat Alert – GAMAREDON APT Introduces New Variants
October 21, 2020Rewterz Threat Advisory – CVE-2020-16935 – Microsoft Windows Privilege Escalation Vulnerability
October 21, 2020Rewterz Threat Alert – GAMAREDON APT Introduces New Variants
October 21, 2020Severity
High
Analysis Summary
Google has released Chrome 86.0.4240.111 to the Stable desktop channel to address five security vulnerabilities, one of which is an actively exploited zero-day bug. Google is aware of reports that an exploit for CVE-2020-15999 exists in the wild. Google also fixed three other high severity security vulnerabilities and a medium severity flaw in Chrome 86.0.4240.111:
• CVE-2020-16000: Inappropriate implementation in Blink
• CVE-2020-16001: Use after free in media
• CVE-2020-16002: Use after free in PDFium
• CVE-2020-16003: Use after free in printing
Impact
- Memory Corruption
- System Compromise
Affected Vendors
Affected Products
Google Chrome versions prior to 86.0.4240.111
Remediation
- Google has released Chrome 86.0.4240.111 to fix the vulnerabilities.
- Windows, Mac, and Linux desktop users can upgrade to Chrome 86 by going to Settings -> Help -> About Google Chrome.
- The Google Chrome web browser will then automatically check for the new update and install it when available.
https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html
- Run all software as a non-privileged user to lower the risk associated with a successful attack.
- Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources via email or websites.