Email:

Phone No.

Whatsapp

Microsoft December 2020 Patch Tuesday Fixes 58 Vulnerabilities

  • Home
  • Microsoft December 2020 Patch Tuesday Fixes 58 Vulnerabilities
Microsoft December 2020 Patch Tuesday Fixes 58 Vulnerabilities
Microsoft December 2020 Patch Tuesday Fixes 58 Vulnerabilities
Microsoft December 2020 Patch Tuesday Fixes 58 Vulnerabilities
Microsoft December 2020 Patch Tuesday Fixes 58 Vulnerabilities
Microsoft December 2020 Patch Tuesday Fixes 58 Vulnerabilities

Microsoft December 2020 Patch Tuesday Fixes 58 Vulnerabilities

Today is Microsoft’s December 2020 Patch Tuesday, and Windows administrators will be scrambling to put out fires, so be kind to them.

With the December 2020 Patch Tuesday security updates release, Microsoft has released fixes for 58 vulnerabilities and one advisory for Microsoft products. Of the 58 vulnerabilities fixed today, nine are classified as Critical, 48 as Important, and two as Moderate.

There are no zero-day or previously disclosed vulnerabilities fixed in the December 2020 updates.

For information about the non-security Windows updates, you can read about today’s Windows 10 KB4592449 & KB4592438 cumulative updates.

Guidance on disclosed DNS cache poisoning

Included in today’s Patch Tuesday updates is an advisory for a DNS cache poisoning vulnerability discovered by security researchers from Tsinghua University and the University of California.

“Microsoft is aware of a vulnerability involving DNS cache poisoning caused by IP fragmentation that affects Windows DNS Resolver. An attacker who successfully exploited this vulnerability could spoof the DNS packet which can be cached by the DNS Forwarder or the DNS Resolver,” Microsoft ADV 200013 explains.

To resolve this vulnerability, administrators can modify the Registry to change the maximum UDP packet size to 1,221 bytes. For DNS requests greater than 1,221 bytes, the DNS resolver will switch to TCP connections.

You can read more about these mitigations in our dedicated ‘Microsoft issues guidance for DNS cache poisoning vulnerability‘ article.

Also Read: 10 Practical Benefits of Managed IT Services

Vulnerabilities of interest

While there were no zero-days this month, there were quite a few vulnerabilities that are interesting.

Recent security updates from other companies

Other vendors who released security updates in October include:

The December 2020 Patch Tuesday Security Updates

Below is the full list of resolved vulnerabilities and released advisories in the December 2020 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.

TagCVE IDCVE TitleSeverity
Azure DevOpsCVE-2020-17145Azure DevOps Server and Team Foundation Services Spoofing VulnerabilityImportant
Azure DevOpsCVE-2020-17135Azure DevOps Server Spoofing VulnerabilityImportant
Azure SDKCVE-2020-17002Azure SDK for C Security Feature Bypass VulnerabilityImportant
Azure SDKCVE-2020-16971Azure SDK for Java Security Feature Bypass VulnerabilityImportant
Azure SphereCVE-2020-17160Azure Sphere Security Feature Bypass VulnerabilityImportant
Microsoft DynamicsCVE-2020-17147Dynamics CRM Webclient Cross-site Scripting VulnerabilityImportant
Microsoft DynamicsCVE-2020-17133Microsoft Dynamics Business Central/NAV Information DisclosureImportant
Microsoft DynamicsCVE-2020-17158Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution VulnerabilityCritical
Microsoft DynamicsCVE-2020-17152Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution VulnerabilityCritical
Microsoft EdgeCVE-2020-17153Microsoft Edge for Android Spoofing VulnerabilityModerate
Microsoft EdgeCVE-2020-17131Chakra Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Exchange ServerCVE-2020-17143Microsoft Exchange Information Disclosure VulnerabilityImportant
Microsoft Exchange ServerCVE-2020-17144Microsoft Exchange Remote Code Execution VulnerabilityImportant
Microsoft Exchange ServerCVE-2020-17141Microsoft Exchange Remote Code Execution VulnerabilityImportant
Microsoft Exchange ServerCVE-2020-17117Microsoft Exchange Remote Code Execution VulnerabilityCritical
Microsoft Exchange ServerCVE-2020-17132Microsoft Exchange Remote Code Execution VulnerabilityCritical
Microsoft Exchange ServerCVE-2020-17142Microsoft Exchange Remote Code Execution VulnerabilityCritical
Microsoft Graphics ComponentCVE-2020-17137DirectX Graphics Kernel Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-17098Windows GDI+ Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2020-17130Microsoft Excel Security Feature Bypass VulnerabilityImportant
Microsoft OfficeCVE-2020-17128Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-17129Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-17124Microsoft PowerPoint Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-17123Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-17119Microsoft Outlook Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2020-17125Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-17127Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-17126Microsoft Excel Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2020-17122Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2020-17115Microsoft SharePoint Spoofing VulnerabilityModerate
Microsoft Office SharePointCVE-2020-17120Microsoft SharePoint Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2020-17121Microsoft SharePoint Remote Code Execution VulnerabilityCritical
Microsoft Office SharePointCVE-2020-17118Microsoft SharePoint Remote Code Execution VulnerabilityCritical
Microsoft Office SharePointCVE-2020-17089Microsoft SharePoint Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-17136Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-16996Kerberos Security Feature Bypass VulnerabilityImportant
Microsoft WindowsCVE-2020-17138Windows Error Reporting Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-17092Windows Network Connections Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-17139Windows Overlay Filter Security Feature Bypass VulnerabilityImportant
Microsoft WindowsCVE-2020-17103Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-17134Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityImportant
Microsoft Windows DNSADV200013Microsoft Guidance for Addressing Spoofing Vulnerability in DNS ResolverImportant
Visual StudioCVE-2020-17148Visual Studio Code Remote Development Extension Remote Code Execution VulnerabilityImportant
Visual StudioCVE-2020-17159Visual Studio Code Java Extension Pack Remote Code Execution VulnerabilityImportant
Visual StudioCVE-2020-17156Visual Studio Remote Code Execution VulnerabilityImportant
Visual StudioCVE-2020-17150Visual Studio Code Remote Code Execution VulnerabilityImportant
Windows Backup EngineCVE-2020-16960Windows Backup Engine Elevation of Privilege VulnerabilityImportant
Windows Backup EngineCVE-2020-16958Windows Backup Engine Elevation of Privilege VulnerabilityImportant
Windows Backup EngineCVE-2020-16959Windows Backup Engine Elevation of Privilege VulnerabilityImportant
Windows Backup EngineCVE-2020-16961Windows Backup Engine Elevation of Privilege VulnerabilityImportant
Windows Backup EngineCVE-2020-16964Windows Backup Engine Elevation of Privilege VulnerabilityImportant
Windows Backup EngineCVE-2020-16963Windows Backup Engine Elevation of Privilege VulnerabilityImportant
Windows Backup EngineCVE-2020-16962Windows Backup Engine Elevation of Privilege VulnerabilityImportant
Windows Error ReportingCVE-2020-17094Windows Error Reporting Information Disclosure VulnerabilityImportant
Windows Hyper-VCVE-2020-17095Hyper-V Remote Code Execution VulnerabilityCritical
Windows Lock ScreenCVE-2020-17099Windows Lock Screen Security Feature Bypass VulnerabilityImportant
Windows MediaCVE-2020-17097Windows Digital Media Receiver Elevation of Privilege VulnerabilityIm portant
Windows SMBCVE-2020-17096Windows NTFS Remote Code Execution VulnerabilityImportant
Windows SMBCVE-2020-17140Windows SMB Information Disclosure VulnerabilityImportant

Also Read: What Legislation Exists in Singapore Regarding Data Protection and Security?

× Chat with us