Hexafusion Blog

Microsoft November 2020 Patch Tuesday fixes 112 vulnerabilities

Microsoft-Patch-Tuesday-Nocember Microsoft Windows Patch Tuesday November 2020

Today is Microsoft's November 2020 Patch Tuesday, and Windows administrators worldwide will be running around putting out fires all day, so be nice to them.

With the November 2020 Patch Tuesday security updates release, Microsoft has released fixes for 112 vulnerabilities in Microsoft products. Of the 112 vulnerabilities fixed today, 17 are classified as Critical, and 93 are classified as Important, and two as moderate.

 

For information about the non-security Windows updates, you can read about today's Windows 10 KB4586786 & KB4586781 Cumulative Updates.

Zero-day vulnerability patched

Included in today's Patch Tuesday updates is a fix for a zero-day privilege escalation vulnerability in the Windows Kernel Cryptography Driver (cng.sys).

Last week, this vulnerability was disclosed by Google Project Zero after they detected it being used in targeted attacks. 

"The bug resides in the cng!CfgAdtpFormatPropertyBlock function and is caused by a 16-bit integer truncation issue," Google explained.

The vulnerability is currently tracked as CVE-2020-17087.

Recent security updates from other companies

Other vendors who released security updates in October include:

The November 2020 Patch Tuesday Security Updates

Below is the full list of resolved vulnerabilities and released advisories in the November 2020 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.

 

TagCVE IDCVE TitleSeverity
Azure DevOps CVE-2020-1325 Azure DevOps Server and Team Foundation Services Spoofing Vulnerability Important
Azure Sphere CVE-2020-16985 Azure Sphere Information Disclosure Vulnerability Important
Azure Sphere CVE-2020-16986 Azure Sphere Denial of Service Vulnerability Important
Azure Sphere CVE-2020-16987 Azure Sphere Unsigned Code Execution Vulnerability Important
Azure Sphere CVE-2020-16984 Azure Sphere Unsigned Code Execution Vulnerability Important
Azure Sphere CVE-2020-16981 Azure Sphere Elevation of Privilege Vulnerability Important
Azure Sphere CVE-2020-16982 Azure Sphere Unsigned Code Execution Vulnerability Important
Azure Sphere CVE-2020-16983 Azure Sphere Tampering Vulnerability Important
Azure Sphere CVE-2020-16988 Azure Sphere Elevation of Privilege Vulnerability Critical
Azure Sphere CVE-2020-16993 Azure Sphere Elevation of Privilege Vulnerability Important
Azure Sphere CVE-2020-16994 Azure Sphere Unsigned Code Execution Vulnerability Important
Azure Sphere CVE-2020-16970 Azure Sphere Unsigned Code Execution Vulnerability Important
Azure Sphere CVE-2020-16992 Azure Sphere Elevation of Privilege Vulnerability Important
Azure Sphere CVE-2020-16989 Azure Sphere Elevation of Privilege Vulnerability Important
Azure Sphere CVE-2020-16990 Azure Sphere Information Disclosure Vulnerability Important
Azure Sphere CVE-2020-16991 Azure Sphere Unsigned Code Execution Vulnerability Important
Common Log File System Driver CVE-2020-17088 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important
Microsoft Browsers CVE-2020-17058 Microsoft Browser Memory Corruption Vulnerability Critical
Microsoft Dynamics CVE-2020-17005 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Important
Microsoft Dynamics CVE-2020-17018 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Important
Microsoft Dynamics CVE-2020-17021 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Important
Microsoft Dynamics CVE-2020-17006 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Important
Microsoft Exchange Server CVE-2020-17083 Microsoft Exchange Server Remote Code Execution Vulnerability Important
Microsoft Exchange Server CVE-2020-17085 Microsoft Exchange Server Denial of Service Vulnerability Important
Microsoft Exchange Server CVE-2020-17084 Microsoft Exchange Server Remote Code Execution Vulnerability Important
Microsoft Graphics Component CVE-2020-16998 DirectX Elevation of Privilege Vulnerability Important
Microsoft Graphics Component CVE-2020-17029 Windows Canonical Display Driver Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2020-17004 Windows Graphics Component Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2020-17038 Win32k Elevation of Privilege Vulnerability Important
Microsoft Graphics Component CVE-2020-17068 Windows GDI+ Remote Code Execution Vulnerability Important
Microsoft Office CVE-2020-17065 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office CVE-2020-17064 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office CVE-2020-17066 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office CVE-2020-17019 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office CVE-2020-17067 Microsoft Excel Security Feature Bypass Vulnerability Important
Microsoft Office CVE-2020-17062 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Important
Microsoft Office CVE-2020-17063 Microsoft Office Online Spoofing Vulnerability Important
Microsoft Office CVE-2020-17020 Microsoft Word Security Feature Bypass Vulnerability Important
Microsoft Office SharePoint CVE-2020-17016 Microsoft SharePoint Spoofing Vulnerability Important
Microsoft Office SharePoint CVE-2020-16979 Microsoft SharePoint Information Disclosure Vulnerability Important
Microsoft Office SharePoint CVE-2020-17015 Microsoft SharePoint Spoofing Vulnerability Low
Microsoft Office SharePoint CVE-2020-17017 Microsoft SharePoint Information Disclosure Vulnerability Important
Microsoft Office SharePoint CVE-2020-17061 Microsoft SharePoint Remote Code Execution Vulnerability Important
Microsoft Office SharePoint CVE-2020-17060 Microsoft SharePoint Spoofing Vulnerability Important
Microsoft Scripting Engine CVE-2020-17048 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2020-17053 Internet Explorer Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2020-17052 Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2020-17054 Chakra Scripting Engine Memory Corruption Vulnerability Important
Microsoft Teams CVE-2020-17091 Microsoft Teams Remote Code Execution Vulnerability Important
Microsoft Windows CVE-2020-17032 Windows Remote Access Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-17033 Windows Remote Access Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-17026 Windows Remote Access Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-17031 Windows Remote Access Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-17027 Windows Remote Access Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-17030 Windows MSCTF Server Information Disclosure Vulnerability Important
Microsoft Windows CVE-2020-17028 Windows Remote Access Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-17044 Windows Remote Access Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-17045 Windows KernelStream Information Disclosure Vulnerability Important
Microsoft Windows CVE-2020-17046 Windows Error Reporting Denial of Service Vulnerability Low
Microsoft Windows CVE-2020-17043 Windows Remote Access Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-17042 Windows Print Spooler Remote Code Execution Vulnerability Critical
Microsoft Windows CVE-2020-17041 Windows Print Configuration Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-17034 Windows Remote Access Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-17049 Kerberos Security Feature Bypass Vulnerability Important
Microsoft Windows CVE-2020-17051 Windows Network File System Remote Code Execution Vulnerability Critical
Microsoft Windows CVE-2020-17040 Windows Hyper-V Security Feature Bypass Vulnerability Important
Microsoft Windows CVE-2020-17047 Windows Network File System Denial of Service Vulnerability Important
Microsoft Windows CVE-2020-17036 Windows Function Discovery SSDP Provider Information Disclosure Vulnerability Important
Microsoft Windows CVE-2020-17000 Remote Desktop Protocol Client Information Disclosure Vulnerability Important
Microsoft Windows CVE-2020-1599 Windows Spoofing Vulnerability Important
Microsoft Windows CVE-2020-16997 Remote Desktop Protocol Server Information Disclosure Vulnerability Important
Microsoft Windows CVE-2020-17001 Windows Print Spooler Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-17057 Windows Win32k Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-17056 Windows Network File System Information Disclosure Vulnerability Important
Microsoft Windows CVE-2020-17055 Windows Remote Access Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-17010 Win32k Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-17007 Windows Error Reporting Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-17014 Windows Print Spooler Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-17025 Windows Remote Access Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-17024 Windows Client Side Rendering Print Provider Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-17013 Win32k Information Disclosure Vulnerability Important
Microsoft Windows CVE-2020-17011 Windows Port Class Library Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-17012 Windows Bind Filter Driver Elevation of Privilege Vulnerability Important
Microsoft Windows Codecs Library CVE-2020-17106 HEVC Video Extensions Remote Code Execution Vulnerability Critical
Microsoft Windows Codecs Library CVE-2020-17101 HEIF Image Extensions Remote Code Execution Vulnerability Critical
Microsoft Windows Codecs Library CVE-2020-17105 AV1 Video Extension Remote Code Execution Vulnerability Critical
Microsoft Windows Codecs Library CVE-2020-17102 WebP Image Extensions Information Disclosure Vulnerability Important
Microsoft Windows Codecs Library CVE-2020-17082 Raw Image Extension Remote Code Execution Vulnerability Critical
Microsoft Windows Codecs Library CVE-2020-17086 Raw Image Extension Remote Code Execution Vulnerability Important
Microsoft Windows Codecs Library CVE-2020-17081 Microsoft Raw Image Extension Information Disclosure Vulnerability Important
Microsoft Windows Codecs Library CVE-2020-17079 Raw Image Extension Remote Code Execution Vulnerability Critical
Microsoft Windows Codecs Library CVE-2020-17078 Raw Image Extension Remote Code Execution Vulnerability Critical
Microsoft Windows Codecs Library CVE-2020-17107 HEVC Video Extensions Remote Code Execution Vulnerability Critical
Microsoft Windows Codecs Library CVE-2020-17110 HEVC Video Extensions Remote Code Execution Vulnerability Critical
Microsoft Windows Codecs Library CVE-2020-17113 Windows Camera Codec Information Disclosure Vulnerability Important
Microsoft Windows Codecs Library CVE-2020-17108 HEVC Video Extensions Remote Code Execution Vulnerability Critical
Microsoft Windows Codecs Library CVE-2020-17109 HEVC Video Extensions Remote Code Execution Vulnerability Critical
Visual Studio CVE-2020-17104 Visual Studio Code JSHint Extension Remote Code Execution Vulnerability Important
Visual Studio CVE-2020-17100 Visual Studio Tampering Vulnerability Important
Windows Defender CVE-2020-17090 Microsoft Defender for Endpoint Security Feature Bypass Vulnerability Important
Windows Kernel CVE-2020-17035 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2020-17087 Windows Kernel Local Elevation of Privilege Vulnerability Important
Windows NDIS CVE-2020-17069 Windows NDIS Information Disclosure Vulnerability Important
Windows Update Stack CVE-2020-17074 Windows Update Orchestrator Service Elevation of Privilege Vulnerability Important
Windows Update Stack CVE-2020-17073 Windows Update Orchestrator Service Elevation of Privilege Vulnerability Important
Windows Update Stack CVE-2020-17071 Windows Delivery Optimization Information Disclosure Vulnerability Important
Windows Update Stack CVE-2020-17075 Windows USO Core Worker Elevation of Privilege Vulnerability Important
Windows Update Stack CVE-2020-17070 Windows Update Medic Service Elevation of Privilege Vulnerability Important
Windows Update Stack CVE-2020-17077 Windows Update Stack Elevation of Privilege Vulnerability Important
Windows Update Stack CVE-2020-17076 Windows Update Orchestrator Service Elevation of Privilege Vulnerability Important
Windows WalletService CVE-2020-16999 Windows WalletService Information Disclosure Vulnerability Important
Windows WalletService CVE-2020-17037 Windows WalletService Elevation of Privilege Vulnerability Important

 Resource: https://www.bleepingcomputer.com/news/security/microsoft-november-2020-patch-tuesday-fixes-112-vulnerabilities/#:~:text=With%20the%20November%202020%20Patch,Important%2C%20and%20two%20as%20moderate. 

How Businesses Can Use AI to Their Benefit
Introducing This Year’s Flagship Smartphones

By accepting you will be accessing a service provided by a third-party external to https://hexafusion.com/