Microsoft November 2020 Patch Tuesday arrives with fix for Windows zero-day

Please log in or register to like posts.
News

Microsoft launched on the unique time its month-to-month roll-up of security patches is named Patch Tuesday. This month, the Redmond-based mostly company fastened 112 security bugs across a extensive fluctuate of merchandise, from Microsoft Edge to the Windows WalletService .

This month’s patches moreover contain a fix for a Windows zero-day vulnerability that used to be exploited in the wild.

Tracked as CVE-2020-17087, the zero-day used to be disclosed on October 30 by the Google Project Zero and TAG security groups. Google acknowledged the vulnerability used to be being exploited on the side of a Chrome zero-day to focus on Windows 7 and Windows 10 users.

Attackers would exercise the Chrome zero-day to bustle malicious code interior Chrome and then exercise the Windows zero-day to flee the Chrome security sandbox and elevate the code’s privileges to assault the underlying OS.

Exiguous print about the assault were no longer published previous this straight forward description.

Google chanced on the zero-day spherical mid-October and gave Microsoft seven days to commence a patch. Since releasing a security patch for any Microsoft product —and particularly the corpulent Windows OS— takes time to study and gorgeous-tune, the patch used to be no longer ready at some level of the unique seven-day disclosure timeline. But it is on hand initiating on the unique time.

Consistent with Microsoft’s security advisory for CVE-2020-17087, the zero-day resides in the Windows kernel and impacts all currently supported variations of the Windows OS. This entails all variations after Windows 7, and all Windows Server distributions.

But besides the Windows zero-day, there are 111 other vulnerabilities that must calm be patched as successfully, including 24 bugs that will well allow a long way off code execution (RCE) assaults in apps akin to Excel, Microsoft Sharepoint, Microsoft Substitute Server, the Windows Community File Machine, the Windows GDI+ part, the Windows printing spooler provider, and even in Microsoft Teams.

Whereas rushing to set up patches is a rating formulation for most users, system directors of huge networks are urged to study the patches ahead of a tall rollout to abet away from any bugs or changes that fracture interior programs.


Beneath are extra foremost aspects about on the unique time’s Microsoft Patch Tuesday and security updates launched by other tech companies:

  • Microsoft’s official Security Update Files portal lists all security updates in a filterable desk.
  • ZDNet has published this file itemizing all this month’s security advisories on one single page.
  • Adobe’s security updates are detailed right here.
  • SAP security updates are on hand right here.
  • Intel security updates are on hand right here.
  • VMWare security updates are on hand right here.
  • Chrome 86 security updates are detailed right here.
  • Android security updates are on hand right here.
Imprint CVE ID CVE Title
Azure DevOps CVE-2020-1325 Azure DevOps Server and Workforce Foundation Products and companies Spoofing Vulnerability
Azure Sphere CVE-2020-16985 Azure Sphere Files Disclosure Vulnerability
Azure Sphere CVE-2020-16986 Azure Sphere Denial of Provider Vulnerability
Azure Sphere CVE-2020-16987 Azure Sphere Unsigned Code Execution Vulnerability
Azure Sphere CVE-2020-16984 Azure Sphere Unsigned Code Execution Vulnerability
Azure Sphere CVE-2020-16981 Azure Sphere Elevation of Privilege Vulnerability
Azure Sphere CVE-2020-16982 Azure Sphere Unsigned Code Execution Vulnerability
Azure Sphere CVE-2020-16983 Azure Sphere Tampering Vulnerability
Azure Sphere CVE-2020-16988 Azure Sphere Elevation of Privilege Vulnerability
Azure Sphere CVE-2020-16993 Azure Sphere Elevation of Privilege Vulnerability
Azure Sphere CVE-2020-16994 Azure Sphere Unsigned Code Execution Vulnerability
Azure Sphere CVE-2020-16970 Azure Sphere Unsigned Code Execution Vulnerability
Azure Sphere CVE-2020-16992 Azure Sphere Elevation of Privilege Vulnerability
Azure Sphere CVE-2020-16989 Azure Sphere Elevation of Privilege Vulnerability
Azure Sphere CVE-2020-16990 Azure Sphere Files Disclosure Vulnerability
Azure Sphere CVE-2020-16991 Azure Sphere Unsigned Code Execution Vulnerability
Standard Log File Machine Driver CVE-2020-17088 Windows Standard Log File Machine Driver Elevation of Privilege Vulnerability
Microsoft Browsers CVE-2020-17058 Microsoft Browser Memory Corruption Vulnerability
Microsoft Dynamics CVE-2020-17005 Microsoft Dynamics 365 (on-premises) Tedious-situation Scripting Vulnerability
Microsoft Dynamics CVE-2020-17018 Microsoft Dynamics 365 (on-premises) Tedious-situation Scripting Vulnerability
Microsoft Dynamics CVE-2020-17021 Microsoft Dynamics 365 (on-premises) Tedious-situation Scripting Vulnerability
Microsoft Dynamics CVE-2020-17006 Microsoft Dynamics 365 (on-premises) Tedious-situation Scripting Vulnerability
Microsoft Substitute Server CVE-2020-17083 Microsoft Substitute Server Distant Code Execution Vulnerability
Microsoft Substitute Server CVE-2020-17085 Microsoft Substitute Server Denial of Provider Vulnerability
Microsoft Substitute Server CVE-2020-17084 Microsoft Substitute Server Distant Code Execution Vulnerability
Microsoft Graphics Ingredient CVE-2020-16998 DirectX Elevation of Privilege Vulnerability
Microsoft Graphics Ingredient CVE-2020-17029 Windows Canonical Showcase Driver Files Disclosure Vulnerability
Microsoft Graphics Ingredient CVE-2020-17004 Windows Graphics Ingredient Files Disclosure Vulnerability
Microsoft Graphics Ingredient CVE-2020-17038 Salvage32good ample Elevation of Privilege Vulnerability
Microsoft Graphics Ingredient CVE-2020-17068 Windows GDI+ Distant Code Execution Vulnerability
Microsoft Inform of job CVE-2020-17065 Microsoft Excel Distant Code Execution Vulnerability
Microsoft Inform of job CVE-2020-17064 Microsoft Excel Distant Code Execution Vulnerability
Microsoft Inform of job CVE-2020-17066 Microsoft Excel Distant Code Execution Vulnerability
Microsoft Inform of job CVE-2020-17019 Microsoft Excel Distant Code Execution Vulnerability
Microsoft Inform of job CVE-2020-17067 Microsoft Excel Security Feature Bypass Vulnerability
Microsoft Inform of job CVE-2020-17062 Microsoft Inform of job Entry Connectivity Engine Distant Code Execution Vulnerability
Microsoft Inform of job CVE-2020-17063 Microsoft Inform of job Online Spoofing Vulnerability
Microsoft Inform of job CVE-2020-17020 Microsoft Phrase Security Feature Bypass Vulnerability
Microsoft Inform of job SharePoint CVE-2020-17016 Microsoft SharePoint Spoofing Vulnerability
Microsoft Inform of job SharePoint CVE-2020-16979 Microsoft SharePoint Files Disclosure Vulnerability
Microsoft Inform of job SharePoint CVE-2020-17015 Microsoft SharePoint Spoofing Vulnerability
Microsoft Inform of job SharePoint CVE-2020-17017 Microsoft SharePoint Files Disclosure Vulnerability
Microsoft Inform of job SharePoint CVE-2020-17061 Microsoft SharePoint Distant Code Execution Vulnerability
Microsoft Inform of job SharePoint CVE-2020-17060 Microsoft SharePoint Spoofing Vulnerability
Microsoft Scripting Engine CVE-2020-17048 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2020-17053 Web Explorer Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2020-17052 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2020-17054 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Teams CVE-2020-17091 Microsoft Teams Distant Code Execution Vulnerability
Microsoft Windows CVE-2020-17032 Windows Distant Entry Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-17033 Windows Distant Entry Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-17026 Windows Distant Entry Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-17031 Windows Distant Entry Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-17027 Windows Distant Entry Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-17030 Windows MSCTF Server Files Disclosure Vulnerability
Microsoft Windows CVE-2020-17028 Windows Distant Entry Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-17044 Windows Distant Entry Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-17045 Windows KernelStream Files Disclosure Vulnerability
Microsoft Windows CVE-2020-17046 Windows Error Reporting Denial of Provider Vulnerability
Microsoft Windows CVE-2020-17043 Windows Distant Entry Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-17042 Windows Print Spooler Distant Code Execution Vulnerability
Microsoft Windows CVE-2020-17041 Windows Print Configuration Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-17034 Windows Distant Entry Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-17049 Kerberos Security Feature Bypass Vulnerability
Microsoft Windows CVE-2020-17051 Windows Community File Machine Distant Code Execution Vulnerability
Microsoft Windows CVE-2020-17040 Windows Hyper-V Security Feature Bypass Vulnerability
Microsoft Windows CVE-2020-17047 Windows Community File Machine Denial of Provider Vulnerability
Microsoft Windows CVE-2020-17036 Windows Function Discovery SSDP Provider Files Disclosure Vulnerability
Microsoft Windows CVE-2020-17000 Distant Desktop Protocol Client Files Disclosure Vulnerability
Microsoft Windows CVE-2020-1599 Windows Spoofing Vulnerability
Microsoft Windows CVE-2020-16997 Distant Desktop Protocol Server Files Disclosure Vulnerability
Microsoft Windows CVE-2020-17001 Windows Print Spooler Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-17057 Windows Salvage32good ample Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-17056 Windows Community File Machine Files Disclosure Vulnerability
Microsoft Windows CVE-2020-17055 Windows Distant Entry Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-17010 Salvage32good ample Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-17007 Windows Error Reporting Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-17014 Windows Print Spooler Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-17025 Windows Distant Entry Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-17024 Windows Client Facet Rendering Print Provider Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-17013 Salvage32good ample Files Disclosure Vulnerability
Microsoft Windows CVE-2020-17011 Windows Port Class Library Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-17012 Windows Bind Filter Driver Elevation of Privilege Vulnerability
Microsoft Windows Codecs Library CVE-2020-17106 HEVC Video Extensions Distant Code Execution Vulnerability
Microsoft Windows Codecs Library CVE-2020-17101 HEIF Image Extensions Distant Code Execution Vulnerability
Microsoft Windows Codecs Library CVE-2020-17105 AV1 Video Extension Distant Code Execution Vulnerability
Microsoft Windows Codecs Library CVE-2020-17102 WebP Image Extensions Files Disclosure Vulnerability
Microsoft Windows Codecs Library CVE-2020-17082 Raw Image Extension Distant Code Execution Vulnerability
Microsoft Windows Codecs Library CVE-2020-17086 Raw Image Extension Distant Code Execution Vulnerability
Microsoft Windows Codecs Library CVE-2020-17081 Microsoft Raw Image Extension Files Disclosure Vulnerability
Microsoft Windows Codecs Library CVE-2020-17079 Raw Image Extension Distant Code Execution Vulnerability
Microsoft Windows Codecs Library CVE-2020-17078 Raw Image Extension Distant Code Execution Vulnerability
Microsoft Windows Codecs Library CVE-2020-17107 HEVC Video Extensions Distant Code Execution Vulnerability
Microsoft Windows Codecs Library CVE-2020-17110 HEVC Video Extensions Distant Code Execution Vulnerability
Microsoft Windows Codecs Library CVE-2020-17113 Windows Camera Codec Files Disclosure Vulnerability
Microsoft Windows Codecs Library CVE-2020-17108 HEVC Video Extensions Distant Code Execution Vulnerability
Microsoft Windows Codecs Library CVE-2020-17109 HEVC Video Extensions Distant Code Execution Vulnerability
Visual Studio CVE-2020-17104 Visual Studio Code JSHint Extension Distant Code Execution Vulnerability
Visual Studio CVE-2020-17100 Visual Studio Tampering Vulnerability
Windows Defender CVE-2020-17090 Microsoft Defender for Endpoint Security Feature Bypass Vulnerability
Windows Kernel CVE-2020-17035 Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel CVE-2020-17087 Windows Kernel Local Elevation of Privilege Vulnerability
Windows NDIS CVE-2020-17069 Windows NDIS Files Disclosure Vulnerability
Windows Update Stack CVE-2020-17074 Windows Update Orchestrator Provider Elevation of Privilege Vulnerability
Windows Update Stack CVE-2020-17073 Windows Update Orchestrator Provider Elevation of Privilege Vulnerability
Windows Update Stack CVE-2020-17071 Windows Starting up Optimization Files Disclosure Vulnerability
Windows Update Stack CVE-2020-17075 Windows USO Core Worker Elevation of Privilege Vulnerability
Windows Update Stack CVE-2020-17070 Windows Update Medic Provider Elevation of Privilege Vulnerability
Windows Update Stack CVE-2020-17077 Windows Update Stack Elevation of Privilege Vulnerability
Windows Update Stack CVE-2020-17076 Windows Update Orchestrator Provider Elevation of Privilege Vulnerability
Windows WalletService CVE-2020-16999 Windows WalletService Files Disclosure Vulnerability
Windows WalletService CVE-2020-17037 Windows WalletService Elevation of Privilege Vulnerability

Read Extra

Reactions

0
0
0
0
0
0
Already reacted for this post.

Nobody liked ?