Microsoft December 2020 Patch Tuesday Fixes 58 Vulnerabilities

Microsoft has published today 58 security fixes across 10+ products and services, as part of the company’s monthly batch of security updates, known as Patch Tuesday. 

There’s a smaller number of fixes this December compared with the regular 100+ fixes that Microsoft ships each month, but this doesn’t mean the bugs are less severe.

SEE: Meet the hackers who earn millions for saving the web, one bug at a time (cover story PDF) (TechRepublic)

More than a third of this month’s patches (22) are classified as remote code execution (RCE) vulnerabilities. These are security bugs that need to be addressed right away as they are more easily exploitable, with no user interaction, either via the internet or from across a local network.

This month, we have RCEs in Microsoft products like Windows NTFS, Exchange Server, Microsoft Dynamics, Excel, PowerPoint, SharePoint, Visual Studio, and Hyper-V.

The highest-rated of these bugs, and the ones most likely to come under exploitation, are the RCE bugs impacting Exchange Server (CVE-2020-17143, CVE-2020-17144, CVE-2020-17141, CVE-2020-17117, CVE-2020-17132, and CVE-2020-17142) and SharePoint (CVE-2020-17118 and CVE-2020-17121).

Patching these first is advised, as, through their nature, Exchange and SharePoint systems are regularly connected to the internet and, as a result, are more easily attacked.

Another major bug fixed this month is also a bug in Hyper-V, Microsoft’s virtualization technology, used to host virtual machines. Exploitable via a malicious SMB packet, this bug could allow remote attackers to compromise virtualized sandboxed environments, something that Hyper-V was designed to protect.

---

Below are additional details about today’s Microsoft Patch Tuesday and security updates released by other tech companies:

• Microsoft’s official Security Update Guide portal lists all security updates in a filterable table.
• ZDNet has published this file listing all this month’s security advisories on one single page.
• Adobe’s security updates are detailed here.
• SAP security updates are available here.
• Intel security updates are available here.
• VMWare security updates are available here.
• Chrome 87 security updates are detailed here.
• Android security updates are available here.

Tag	CVE ID	CVE Title
Microsoft Windows DNS	ADV200013	Microsoft Guidance for Addressing Spoofing Vulnerability in DNS Resolver
Azure DevOps	CVE-2020-17145	Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
Azure DevOps	CVE-2020-17135	Azure DevOps Server Spoofing Vulnerability
Azure SDK	CVE-2020-17002	Azure SDK for C Security Feature Bypass Vulnerability
Azure SDK	CVE-2020-16971	Azure SDK for Java Security Feature Bypass Vulnerability
Azure Sphere	CVE-2020-17160	Azure Sphere Security Feature Bypass Vulnerability
Microsoft Dynamics	CVE-2020-17147	Dynamics CRM Webclient Cross-site Scripting Vulnerability
Microsoft Dynamics	CVE-2020-17133	Microsoft Dynamics Business Central/NAV Information Disclosure
Microsoft Dynamics	CVE-2020-17158	Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
Microsoft Dynamics	CVE-2020-17152	Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
Microsoft Edge	CVE-2020-17153	Microsoft Edge for Android Spoofing Vulnerability
Microsoft Edge	CVE-2020-17131	Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Exchange Server	CVE-2020-17143	Microsoft Exchange Information Disclosure Vulnerability
Microsoft Exchange Server	CVE-2020-17144	Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Exchange Server	CVE-2020-17141	Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Exchange Server	CVE-2020-17117	Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Exchange Server	CVE-2020-17132	Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Exchange Server	CVE-2020-17142	Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Graphics Component	CVE-2020-17137	DirectX Graphics Kernel Elevation of Privilege Vulnerability
Microsoft Graphics Component	CVE-2020-17098	Windows GDI+ Information Disclosure Vulnerability
Microsoft Office	CVE-2020-17130	Microsoft Excel Security Feature Bypass Vulnerability
Microsoft Office	CVE-2020-17128	Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office	CVE-2020-17129	Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office	CVE-2020-17124	Microsoft PowerPoint Remote Code Execution Vulnerability
Microsoft Office	CVE-2020-17123	Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office	CVE-2020-17119	Microsoft Outlook Information Disclosure Vulnerability
Microsoft Office	CVE-2020-17125	Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office	CVE-2020-17127	Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office	CVE-2020-17126	Microsoft Excel Information Disclosure Vulnerability
Microsoft Office	CVE-2020-17122	Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office SharePoint	CVE-2020-17115	Microsoft SharePoint Spoofing Vulnerability
Microsoft Office SharePoint	CVE-2020-17120	Microsoft SharePoint Information Disclosure Vulnerability
Microsoft Office SharePoint	CVE-2020-17121	Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePoint	CVE-2020-17118	Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePoint	CVE-2020-17089	Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-17136	Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-16996	Kerberos Security Feature Bypass Vulnerability
Microsoft Windows	CVE-2020-17138	Windows Error Reporting Information Disclosure Vulnerability
Microsoft Windows	CVE-2020-17092	Windows Network Connections Service Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-17139	Windows Overlay Filter Security Feature Bypass Vulnerability
Microsoft Windows	CVE-2020-17103	Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-17134	Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Visual Studio	CVE-2020-17148	Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability
Visual Studio	CVE-2020-17159	Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability
Visual Studio	CVE-2020-17156	Visual Studio Remote Code Execution Vulnerability
Visual Studio	CVE-2020-17150	Visual Studio Code Remote Code Execution Vulnerability
Windows Backup Engine	CVE-2020-16960	Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup Engine	CVE-2020-16958	Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup Engine	CVE-2020-16959	Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup Engine	CVE-2020-16961	Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup Engine	CVE-2020-16964	Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup Engine	CVE-2020-16963	Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup Engine	CVE-2020-16962	Windows Backup Engine Elevation of Privilege Vulnerability
Windows Error Reporting	CVE-2020-17094	Windows Error Reporting Information Disclosure Vulnerability
Windows Hyper-V	CVE-2020-17095	Hyper-V Remote Code Execution Vulnerability
Windows Lock Screen	CVE-2020-17099	Windows Lock Screen Security Feature Bypass Vulnerability
Windows Media	CVE-2020-17097	Windows Digital Media Receiver Elevation of Privilege Vulnerability
Windows SMB	CVE-2020-17096	Windows NTFS Remote Code Execution Vulnerability
Windows SMB	CVE-2020-17140	Windows SMB Information Disclosure Vulnerability

READ MORE HERE