2020-NOV-13 FSL version 7.6.181 MCAFEE FOUNDSTONE FSL UPDATE To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary of the new and updated checks included with this release. NEW CHECKS 27303 - (MSPT-Nov2020) Microsoft Windows Hyper-V Security Remote Code Execution (CVE-2020-17040) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-17040 Description A vulnerability in some versions of Microsoft Windows could lead to remote code execution. Observation A vulnerability in some versions of Microsoft Windows could lead to remote code execution. The flaw lies in the Hyper-V Security component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the attacker to have valid credentials to the vulnerable system. 27304 - (MSPT-Nov2020) Microsoft Windows Print Spooler Remote Code Execution (CVE-2020-17042) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-17042 Description A vulnerability in some versions of Microsoft Windows could lead to remote code execution. Observation A vulnerability in some versions of Microsoft Windows could lead to remote code execution. The flaw lies in the Print Spooler component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the attacker to have valid credentials to the vulnerable system. 27325 - (MSPT-Nov2020) Microsoft Windows GDI+ Remote Code Execution (CVE-2020-17068) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-17068 Description A vulnerability in some versions of Microsoft Windows could lead to remote code execution. Observation A vulnerability in some versions of Microsoft Windows could lead to remote code execution. The flaw lies in the GDI+ component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the attacker to have valid credentials to the vulnerable system. 27348 - (MSPT-Nov2020) Microsoft Windows Scripting Engine Remote Code Execution (CVE-2020-17052) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-17052 Description A vulnerability in some versions of Microsoft Windows could lead to remote code execution. Observation A vulnerability in some versions of Microsoft Windows could lead to remote code execution. The flaw lies in the Scripting Engine component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the attacker to have valid credentials to the vulnerable system. 27349 - (MSPT-Nov2020) Microsoft Windows Internet Explorer Remote Code Execution (CVE-2020-17053) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-17053 Description A vulnerability in some versions of Microsoft Windows could lead to remote code execution. Observation A vulnerability in some versions of Microsoft Windows could lead to remote code execution. The flaw lies in the Internet Explorer component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the attacker to have valid credentials to the vulnerable system. 27350 - (MSPT-Nov2020) Microsoft Windows Chakra Scripting Remote Code Execution (CVE-2020-17054) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-17054 Description A vulnerability in some versions of Microsoft Windows could lead to remote code execution. Observation A vulnerability in some versions of Microsoft Windows could lead to remote code execution. The flaw lies in the Chakra Scripting component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the attacker to have valid credentials to the vulnerable system. 27351 - (MSPT-Nov2020) Microsoft Chakra Scripting Engine Remote Code Execution (CVE-2020-17048) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-17048 Description A vulnerability in some versions of Microsoft Chakra could lead to remote code execution. Observation A vulnerability in some versions of Microsoft Chakra could lead to remote code execution. The flaw lies in the Scripting Engine component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the attacker to have valid credentials to the vulnerable system. 27352 - (MSPT-Nov2020) Microsoft Browser Improperly Handles Objects in Memory Remote Code Execution (CVE-2020- 17058) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-17058 Description A vulnerability in some versions of Microsoft Browser could lead to remote code execution. Observation A vulnerability in some versions of Microsoft Browser could lead to remote code execution. The flaw lies in the improperly handles objects in memory. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the attacker to have valid credentials to the vulnerable system. 27358 - (MSPT-Nov2020) Microsoft Windows Kerberos Security Feature Bypass Vulnerability (CVE-2020-17049) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-17049 Description A vulnerability in some versions of Microsoft Windows could lead to security bypass. Observation A vulnerability in some versions of Microsoft Windows could lead to security bypass. The flaw lies in the Kerberos Security component. Successful exploitation by an attacker could result in the security bypass. The exploit requires the attacker to have valid credentials to the vulnerable system. 27359 - (MSPT-Nov2020) Microsoft Windows Network File System Remote Code Execution (CVE-2020-17051) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-17051 Description A vulnerability in some versions of Microsoft Windows could lead to remote code execution. Observation A vulnerability in some versions of Microsoft Windows could lead to remote code execution. The flaw lies in the Network File System component. Successful exploitation by an attacker could result in the execution of arbitrary code. The exploit requires the attacker to have valid credentials to the vulnerable system. 27360 - (MSPT-Nov2020) Microsoft Windows Network File System Remote Code Execution (CVE-2020-17056) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-17056 Description A vulnerability in some versions of Microsoft Windows could lead to remote code execution. Observation A vulnerability in some versions of Microsoft Windows could lead to remote code execution. The flaw lies in the Network File System component. Successful exploitation by an attacker could result in the execution of arbitrary code. The exploit requires the attacker to have valid credentials to the vulnerable system. 27370 - (MSPT-Nov2020) Microsoft SharePoint Spoofing (CVE-2020-17015) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-17015 Description A vulnerability in some versions of Microsoft SharePoint could lead to spoofing. Observation A vulnerability in some versions of Microsoft SharePoint could lead to spoofing. The flaw lies in the improperly handles objects in memory. Successful exploitation by a remote attacker could result in spoofing. The exploit requires the attacker to have valid credentials to the vulnerable system. 27375 - (MSPT-Nov2020) Microsoft Excel Remote Code Execution (CVE-2020-17019) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-17019 Description A vulnerability in some versions of Microsoft Excel could lead to remote code execution. Observation A vulnerability in some versions of Microsoft Excel could lead to remote code execution. The flaw lies in the improperly handles objects in memory. Successful exploitation by an attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document. 27377 - (MSPT-Nov2020) Microsoft Access Connectivity Remote Code Execution (CVE-2020-17062) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-17062 Description A vulnerability in some versions of Microsoft Access could lead to remote code execution. Observation A vulnerability in some versions of Microsoft Access could lead to remote code execution. The flaw lies in the Connectivity component. Successful exploitation by an attacker could result in the execution of arbitrary code. 27378 - (MSPT-Nov2020) Microsoft Excel Remote Code Execution (CVE-2020-17064) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-17064 Description A vulnerability in some versions of Microsoft Excel could lead to remote code execution. Observation