{"id":15323,"date":"2020-08-12T12:34:23","date_gmt":"2020-08-12T10:34:23","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=15323"},"modified":"2022-02-11T01:14:48","modified_gmt":"2022-02-11T00:14:48","slug":"0patch-fixt-cve-2020-1113-in-windows-7-server-2008-r2","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/08\/12\/0patch-fixt-cve-2020-1113-in-windows-7-server-2008-r2\/","title":{"rendered":"0patch fixes CVE-2020-1113 in Windows 7\/Server 2008 R2"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline; border-width: 0px;\" title=\"win7\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2012\/03\/win7_thumb1.jpg\" alt=\"win7\" width=\"44\" height=\"42\" align=\"left\" border=\"0\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/2020\/08\/12\/0patch-fixt-cve-2020-1113-in-windows-7-server-2008-r2\/\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>]ACROS Security has released a micropatch for the vulnerability CVE-2020-1113 (Windows Task Scheduler Security Feature Bypass) for Windows 7 and Server 2008 R2 (without ESU license).<\/p>\n<p><!--more--><\/p>\n<h2>The vulnerability CVE-2020-1113<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vg05.met.vgwort.de\/na\/3fddf9842c7b46e88a2bf604433337fd\" alt=\"\" width=\"1\" height=\"1\" \/><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-us\/vulnerability\/CVE-2020-1113\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2020-1113<\/a> is a Windows Task Scheduler security feature bypass vulnerability.\u00a0 The vulnerability allows security features in Microsoft Windows to be bypassed. The vulnerability exists because the Task Scheduler service (task scheduling) does not properly verify client connections via RPC. An attacker who successfully exploited this vulnerability could execute arbitrary code as administrator. An attacker could then install programs, view, modify, or delete data, or create new accounts with full user rights.<\/p>\n<p>Microsoft describes the vulnerability in <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-us\/vulnerability\/CVE-2020-1113\" target=\"_blank\" rel=\"noopener noreferrer\">this document<\/a> and released security updates for Windows 7 through Windows 10 on May 12, 2020. However, users of Windows 7 SP1 and Windows Server 2008 R2 who do not have an ESU license will no longer receive the security updates that Microsoft has released.<\/p>\n<h2>0patch-Fix for Windows 7 SP1\/Server 2008 R2<\/h2>\n<p>ACROS Security has developed a micropatch for the vulnerability CVE-2020-1113. I got the information about the release of the micropatch for Windows 7 SP1 and Windows Server 2008 R2 on Twitter.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">Windows 7 and Server 2008 R2 users without Extended Security Updates have just received a micropatch for CVE-2020-1113, a Windows Task Scheduler Security Feature Bypass. <a href=\"https:\/\/t.co\/hOGUi6neDf\">pic.twitter.com\/hOGUi6neDf<\/a><\/p>\n<p>\u2014 0patch (@0patch) <a href=\"https:\/\/twitter.com\/0patch\/status\/1293195793445388288?ref_src=twsrc%5Etfw\">August 11, 2020<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>More information about the vulnerability and the micropatch can be found in further <a href=\"https:\/\/twitter.com\/0patch\/status\/1293195793445388288\" target=\"_blank\" rel=\"noopener noreferrer\">follow-up tweets<\/a> and in <a href=\"https:\/\/blog.compass-security.com\/2020\/05\/relaying-ntlm-authentication-over-rpc\/\" target=\"_blank\" rel=\"noopener noreferrer\">this blog post<\/a>.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">The vulnerability lies in Task Scheduler accepting RPC requests that can be relayed. An attacker can piggyback on such requests by having some logged-on user send an SMB request to their computer, and then act as man-in-the-middle.<\/p>\n<p>\u2014 0patch (@0patch) <a href=\"https:\/\/twitter.com\/0patch\/status\/1293202379345723394?ref_src=twsrc%5Etfw\">August 11, 2020<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>This patch is available for subscribers of the Pro and Enterprise versions. For information on how the 0patch agent, which loads the micro patches into memory at runtime of an application, works, please refer to the blog posts (e.g. <a href=\"https:\/\/borncity.com\/win\/2020\/03\/05\/windows-7-securing-with-the-0patch-solution-part-2\/\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>) which I have linked below.<\/p>\n<p><strong>Similar articles:<br \/>\n<\/strong><a href=\"https:\/\/borncity.com\/win\/2020\/03\/05\/windows-7-forcing-february-2020-security-updates-part-1\/\">Windows 7: Forcing February 2020 Security Updates<\/a> \u2013 Part 1<br \/>\n<a href=\"https:\/\/borncity.com\/win\/2020\/03\/05\/windows-7-securing-with-the-0patch-solution-part-2\/\">Windows 7: Securing with the 0patch solution<\/a> \u2013 Part 2<br \/>\n<a href=\"https:\/\/borncity.com\/win\/2019\/09\/22\/windows-7-server-2008-r2-0patch-liefert-sicherheitspatches-nach-supportende\/\">Windows 7\/Server 2008\/R2: 0patch delivers security patches after support ends<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2020\/01\/30\/project-windows-7-server-2008-r2-life-extension-0patch-one-month-trial\/\">Project: Windows 7\/Server 2008\/R2 Life Extension &amp; 0patch one month trial<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2020\/01\/21\/0patch-fix-for-internet-explorer-0-day-vulnerability-cve-2020-0674\/\">0patch: Fix for Internet Explorer 0-day vulnerability CVE-2020-0674<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2020\/03\/14\/0patch-fix-for-windows-installer-flaw-cve-2020-0683\/\">0patch: Fix for Windows Installer flaw CVE-2020-0683<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2020\/03\/20\/0patch-fix-for-windows-gdi-vulnerability-cve-2020-0881\/\">0patch fix for Windows GDI+ vulnerability CVE-2020-0881<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2020\/03\/24\/0-day-vulnerability-in-windows-adobe-type-library\/\">0-day vulnerability in Windows Adobe Type Library<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2020\/04\/23\/0patch-fixt-cve-2020-0687-in-windows-7-server-2008-r2\/\">0patch fixes CVE-2020-0687 in Windows 7\/Server 2008 R2<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2020\/05\/21\/0patch-fixes-cve-2020-1048-in-windows-7-server-2008-r2\/\">0patch fixes CVE-2020-1048 in Windows 7\/Server 2008 R2<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2020\/05\/27\/0patch-fixt-cve-2020-1015-in-windows-7-server-2008-r2\/\">0patch fixes CVE-2020-1015 in Windows 7\/Server 2008 R2<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2020\/07\/10\/0patch-fr-0-day-rce-schwachstelle-in-zoom-fr-windows\/\">0patch for 0-day RCE vulnerability in Zoom for Windows<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2020\/07\/18\/windows-server-2008-r2-0patch-fixes-sigred-vulnerability\/\">Windows Server 2008 R2: 0patch fixes SIGRed vulnerability<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]ACROS Security has released a micropatch for the vulnerability CVE-2020-1113 (Windows Task Scheduler Security Feature Bypass) for Windows 7 and Server 2008 R2 (without ESU license).<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,2],"tags":[991,69,17],"class_list":["post-15323","post","type-post","status-publish","format-standard","hentry","category-security","category-windows","tag-0patch","tag-security","tag-windows-7"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/15323","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=15323"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/15323\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=15323"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=15323"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=15323"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}