HomesecurityMicrosoft Patch Tuesday December 2020: Fixes 58 vulnerabilities

Microsoft Patch Tuesday December 2020: Fixes 58 vulnerabilities

Η Microsoft products posted yesterday monthly updates security Patch Tuesday. The Patch Tuesday December 2020 corrects 58 vulnerabilities in more than 10 products and services the company's.

Microsoft Patch Tuesday

The number of vulnerabilities that are fixed is relatively small compared to the usual updates security of the company, but some of the errors are still very serious.

In the Patch Tuesday December, Microsoft fixes 22 vulnerabilities enabling remote code execution (RCE), which must be dealt with immediately because they can be easily used by criminals, either via the Internet or a local network, without users.

The RCE vulnerabilities have been found in Microsoft products such as Windows NTFS, Exchange Server, Microsoft Dynamics, Excel, PowerPoint, SharePoint, Visual Studio, and Hyper-V.

However, the RCE vulnerabilities that have been rated as more serious and can be used more easily are those that affect the Exchange Server (CVE-2020-17143, CVE-2020-17144, CVE-2020-17141, CVE-2020-17117, CVE-2020-17132, and CVE-2020-17142) and SharePoint (CVE-2020-17118 and CVE-2020-17121).

Microsoft recommends that these errors be corrected immediately, as, due to their nature, the systems Exchange and SharePoint are usually linked to Internet and, therefore, are easier to target by criminals.

Another major bug that was fixed in the Patch Tuesday December this month is an error in Hyper-V, used to host virtual machines. Using one malicious SMB packet, this error could allow remote intruders to compromise virtual sandboxed environments, which are supposed to be protected by Hyper-V.

In the table below you can see all vulnerabilities Fixed in Microsoft Patch Tuesday December 2020:

TagCVE IDCVE Title
Microsoft Windows DNSADV200013Microsoft Guidance for Addressing Spoofing Vulnerability in DNS Resolver
Azure DevOpsCVE-2020-17145Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
Azure DevOpsCVE-2020-17135Azure DevOps Server Spoofing Vulnerability
Azure SDKCVE-2020-17002Azure SDK for C Security Feature Bypass Vulnerability
Azure SDKCVE-2020-16971Azure SDK for Java Security Feature Bypass Vulnerability
Azure SphereCVE-2020-17160Azure Sphere Security Feature Bypass Vulnerability
Microsoft DynamicsCVE-2020-17147Dynamics CRM Webclient Cross-site Scripting Vulnerability
Microsoft DynamicsCVE-2020-17133Microsoft Dynamics Business Central / NAV Information Disclosure
Microsoft DynamicsCVE-2020-17158Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
Microsoft DynamicsCVE-2020-17152Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
Microsoft EdgeCVE-2020-17153Microsoft Edge for Android Spoofing Vulnerability
Microsoft EdgeCVE-2020-17131Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Exchange ServerCVE-2020-17143Microsoft Exchange Information Disclosure Vulnerability
Microsoft Exchange ServerCVE-2020-17144Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Exchange ServerCVE-2020-17141Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Exchange ServerCVE-2020-17117Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Exchange ServerCVE-2020-17132Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Exchange ServerCVE-2020-17142Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Graphics ComponentCVE-2020-17137DirectX Graphics Kernel Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2020-17098Windows GDI + Information Disclosure Vulnerability
Microsoft OfficeCVE-2020-17130Microsoft Excel Security Feature Bypass Vulnerability
Microsoft OfficeCVE-2020-17128Microsoft Excel Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-17129Microsoft Excel Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-17124Microsoft PowerPoint Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-17123Microsoft Excel Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-17119Microsoft Outlook Information Disclosure Vulnerability
Microsoft OfficeCVE-2020-17125Microsoft Excel Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-17127Microsoft Excel Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-17126Microsoft Excel Information Disclosure Vulnerability
Microsoft OfficeCVE-2020-17122Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office SharePointCVE-2020-17115Microsoft SharePoint Spoofing Vulnerability
Microsoft Office SharePointCVE-2020-17120Microsoft SharePoint Information Disclosure Vulnerability
Microsoft Office SharePointCVE-2020-17121Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePointCVE-2020-17118Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePointCVE-2020-17089Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-17136Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-16996Kerberos Security Feature Bypass Vulnerability
Microsoft WindowsCVE-2020-17138Windows Error Reporting Information Disclosure Vulnerability
Microsoft WindowsCVE-2020-17092Windows Network Connections Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-17139Windows Overlay Filter Security Feature Bypass Vulnerability
Microsoft WindowsCVE-2020-17103Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-17134Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Visual StudioCVE-2020-17148Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability
Visual StudioCVE-2020-17159Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability
Visual StudioCVE-2020-17156Visual Studio Remote Code Execution Vulnerability
Visual StudioCVE-2020-17150Visual Studio Code Remote Code Execution Vulnerability
Windows Backup EngineCVE-2020-16960Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup EngineCVE-2020-16958Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup EngineCVE-2020-16959Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup EngineCVE-2020-16961Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup EngineCVE-2020-16964Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup EngineCVE-2020-16963Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup EngineCVE-2020-16962Windows Backup Engine Elevation of Privilege Vulnerability
Windows Error ReportingCVE-2020-17094Windows Error Reporting Information Disclosure Vulnerability
Windows Hyper-VCVE-2020-17095Hyper-V Remote Code Execution Vulnerability
Windows Lock ScreenCVE-2020-17099Windows Lock Screen Security Feature Bypass Vulnerability
Windows MediaCVE-2020-17097Windows Digital Media Receiver Elevation of Privilege Vulnerability
Windows SMBCVE-2020-17096Windows NTFS Remote Code Execution Vulnerability
Windows SMBCVE-2020-17140Windows SMB Information Disclosure Vulnerability

Source: ZDNet

Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!
spot_img

LIVE NEWS