{"id":234399,"date":"2020-08-12T12:25:38","date_gmt":"2020-08-12T10:25:38","guid":{"rendered":"https:\/\/www.borncity.com\/blog\/?p=234399"},"modified":"2020-08-12T12:35:40","modified_gmt":"2020-08-12T10:35:40","slug":"0patch-fixt-cve-2020-1113-in-windows-7-server-2008-r2","status":"publish","type":"post","link":"https:\/\/borncity.com\/blog\/2020\/08\/12\/0patch-fixt-cve-2020-1113-in-windows-7-server-2008-r2\/","title":{"rendered":"0patch fixt CVE-2020-1113 in Windows 7\/Server 2008 R2"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline; border-width: 0px;\" title=\"win7\" src=\"https:\/\/borncity.com\/blog\/wp-content\/uploads\/2012\/03\/win7_thumb1.jpg\" alt=\"win7\" width=\"44\" height=\"42\" align=\"left\" border=\"0\" \/>[<a href=\"https:\/\/borncity.com\/win\/2020\/08\/12\/0patch-fixt-cve-2020-1113-in-windows-7-server-2008-r2\/\" target=\"_blank\" rel=\"noopener noreferrer\">English<\/a>]ACROS Security hat einen Micropatch f\u00fcr die Schwachstelle CVE-2020-1113 (Windows Task Scheduler Security Feature Bypass) f\u00fcr Windows 7 und Server 2008 R2 (ohne ESU-Lizenz) ver\u00f6ffentlicht.<\/p>\n<p><!--more--><\/p>\n<h2>Die Sicherheitsanf\u00e4lligkeit CVE-2020-1113<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vg05.met.vgwort.de\/na\/3fddf9842c7b46e88a2bf604433337fd\" alt=\"\" width=\"1\" height=\"1\" \/><a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2020-1113\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2020-1113<\/a> ist eine Windows Task Scheduler Security Feature Bypass-Schwachstelle.\u00a0 Die Schwachstelle erm\u00f6glicht die Umgehung von Sicherheitsfunktionen in Microsoft Windows. Sie besteht, weil der Taskplaner-Dienst (Aufgabenplanung) die Client-Verbindungen \u00fcber RPC nicht ordnungsgem\u00e4\u00df verifiziert. Ein Angreifer, der diese Schwachstelle erfolgreich ausnutzt, k\u00f6nnte als Administrator beliebigen Code ausf\u00fchren. Ein Angreifer k\u00f6nnte dann Programme installieren, Daten anzeigen, \u00e4ndern oder l\u00f6schen oder neue Konten mit vollen Benutzerrechten erstellen.<\/p>\n<p>Microsoft beschreibt die Schwachstelle in <a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2020-1113\" target=\"_blank\" rel=\"noopener noreferrer\">diesem Dokument<\/a> und hat am 12. Mai 2020 Sicherheitsupdates f\u00fcr Windows 7 bis Windows 10 ver\u00f6ffentlicht. Benutzer von Windows 7 SP1 und Windows Server 2008 R2, die nicht \u00fcber eine ESU-Lizenz verf\u00fcgen, erhalten jedoch die von Microsoft ver\u00f6ffentlichten Sicherheitsupdates nicht mehr.<\/p>\n<h2>0patch-Fix for Windows 7 SP1\/Server 2008 R2<\/h2>\n<p>ACROS Security hat einen Micropatch f\u00fcr die Schwachstelle CVE-2020-1113 entwickelt. Ich bin \u00fcber Twitter auf die Information zur Freigabe des Micropatches f\u00fcr Windows 7 SP1 und Windows Server 2008 R2 aufmerksam geworden.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">Windows 7 and Server 2008 R2 users without Extended Security Updates have just received a micropatch for CVE-2020-1113, a Windows Task Scheduler Security Feature Bypass. <a href=\"https:\/\/t.co\/hOGUi6neDf\">pic.twitter.com\/hOGUi6neDf<\/a><\/p>\n<p>\u2014 0patch (@0patch) <a href=\"https:\/\/twitter.com\/0patch\/status\/1293195793445388288?ref_src=twsrc%5Etfw\">August 11, 2020<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>In weiteren <a href=\"https:\/\/twitter.com\/0patch\/status\/1293195793445388288\" target=\"_blank\" rel=\"noopener noreferrer\">Follow-up-Tweets<\/a> sowie in <a href=\"https:\/\/blog.compass-security.com\/2020\/05\/relaying-ntlm-authentication-over-rpc\/\" target=\"_blank\" rel=\"noopener noreferrer\">diesem Blog-Beitrag<\/a> finden sich weitere Informationen zur Schwachstelle und dem Micropatch.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">The vulnerability lies in Task Scheduler accepting RPC requests that can be relayed. An attacker can piggyback on such requests by having some logged-on user send an SMB request to their computer, and then act as man-in-the-middle.<\/p>\n<p>\u2014 0patch (@0patch) <a href=\"https:\/\/twitter.com\/0patch\/status\/1293202379345723394?ref_src=twsrc%5Etfw\">August 11, 2020<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Dieser Patch steht f\u00fcr Abonnenten der Pro- und Enterprise-Version zur Verf\u00fcgung. Hinweise zur Funktionsweise des 0patch-Agenten, der die Mikro-Patches zur Laufzeit einer Anwendung in den Speicher l\u00e4dt, finden Sie in den Blog-Posts (z.B. <a href=\"https:\/\/borncity.com\/blog\/2020\/03\/05\/windows-7-mit-der-0patch-lsung-absichern-teil-2\/\">hier<\/a>), die ich unten verlinkt habe.<\/p>\n<p><strong>\u00c4hnliche Artikel:<br \/>\n<\/strong><a href=\"https:\/\/borncity.com\/blog\/?p=229094\">Windows 7: Februar 2020-Sicherheitsupdates erzwingen<\/a> \u2013 Teil 1<br \/>\n<a href=\"https:\/\/borncity.com\/blog\/?p=229096\">Windows 7: Mit der 0patch-L\u00f6sung absichern<\/a> \u2013 Teil 2<br \/>\n<a href=\"https:\/\/borncity.com\/blog\/2019\/09\/21\/windows-7-server-2008-r2-0patch-liefert-sicherheitspatches-nach-supportende\/\">Windows 7\/Server 2008\/R2: 0patch liefert Sicherheitspatches nach Supportende<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/blog\/2020\/01\/30\/0patch-1-probemonat-fr-windows-7-server-2008-r2-patches\/\">Windows 7\/Server 2008\/R2 Life Extension-Projekt &amp; 0patch Probemonat<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/blog\/2020\/01\/21\/0patch-fix-fr-internetexplorer-0day-schwachstelle-cve-2020-0674\/\">0patch: Fix f\u00fcr Internet Explorer 0-day-Schwachstelle CVE-2020-0674<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/blog\/2020\/03\/13\/0patch-fix-fr-windows-installer-schwachstelle-cve-2020-0683\/\">0patch-Fix f\u00fcr Windows Installer-Schwachstelle CVE-2020-0683<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/blog\/2020\/03\/20\/0patch-fix-fr-windows-gdi-schwachstelle-cve-2020-0881\/\">0patch-Fix f\u00fcr Windows GDI+-Schwachstelle CVE-2020-0881<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/blog\/2020\/03\/24\/0-day-schwachstelle-in-windows-adobe-library\/\">0-Day-Schwachstelle in Windows Adobe Type Library<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/blog\/2020\/03\/27\/0patch-fixt-0-day-adobe-type-library-bug-in-windows-7\/\">0patch fixt 0-day Adobe Type Library bug in Windows 7<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/blog\/2020\/04\/23\/0patch-fixt-cve-2020-0687-in-windows-7-server-2008-r2\/\">0patch fixt CVE-2020-0687 in Windows 7\/Server 2008 R2<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/blog\/2020\/05\/21\/0patch-fixes-cve-2020-1048-in-windows-7-server-2008-r2\/\">0patch fixt CVE-2020-1048 in Windows 7\/Server 2008 R2<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/blog\/2020\/05\/27\/0patch-fixt-cve-2020-1015-in-windows-7-server-2008-r2\/\">0patch fixt CVE-2020-1015 in Windows 7\/Server 2008 R2<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/blog\/2020\/06\/18\/0patch-fixt-cve-2020-1281-in-windows-7-server-2008-r2\/\">0patch fixt CVE-2020-1281 in Windows 7\/Server 2008 R2<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[English]ACROS Security hat einen Micropatch f\u00fcr die Schwachstelle CVE-2020-1113 (Windows Task Scheduler Security Feature Bypass) f\u00fcr Windows 7 und Server 2008 R2 (ohne ESU-Lizenz) ver\u00f6ffentlicht.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[426,2557],"tags":[7875,4328,4294],"class_list":["post-234399","post","type-post","status-publish","format-standard","hentry","category-sicherheit","category-windows-server","tag-0patch","tag-sicherheit","tag-windows-7"],"_links":{"self":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/234399","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/comments?post=234399"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/234399\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/media?parent=234399"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/categories?post=234399"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/tags?post=234399"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}