Wednesday, April 14, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Microsoft December 2020 Patch Tuesday fixes 58 vulnerabilities

December 9, 2020
in Internet Security
Microsoft December 2020 Patch Tuesday fixes 58 vulnerabilities
589
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Microsoft has published today 58 security fixes across 10+ products and services, as part of the company’s monthly batch of security updates, known as Patch Tuesday. 

There’s a smaller number of fixes this December compared with the regular 100+ fixes that Microsoft ships each month, but this doesn’t mean the bugs are less severe.

You might also like

Brave browser disables Google’s FLoC tracking system

These new vulnerabilities put millions of IoT devices at risk, so patch now

Who do I pay to get the ‘phone’ removed from my iPhone?

More than a third of this month’s patches (22) are classified as remote code execution (RCE) vulnerabilities. These are security bugs that need to be addressed right away as they are more easily exploitable, with no user interaction, either via the internet or from across a local network.

This month, we have RCEs in Microsoft products like Windows NTFS, Exchange Server, Microsoft Dynamics, Excel, PowerPoint, SharePoint, Visual Studio, and Hyper-V.

The highest-rated of these bugs, and the ones most likely to come under exploitation, are the RCE bugs impacting Exchange Server (CVE-2020-17143, CVE-2020-17144, CVE-2020-17141, CVE-2020-17117, CVE-2020-17132, and CVE-2020-17142) and SharePoint (CVE-2020-17118 and CVE-2020-17121).

Patching these first is advised, as, through their nature, Exchange and SharePoint systems are regularly connected to the internet and, as a result, are more easily attacked.

Another major bug fixed this month is also a bug in Hyper-V, Microsoft’s virtualization technology, used to host virtual machines. Exploitable via a malicious SMB packet, this bug could allow remote attackers to compromise virtualized sandboxed environments, something that Hyper-V was designed to protect.


Below are additional details about today’s Microsoft Patch Tuesday and security updates released by other tech companies:

  • Microsoft’s official Security Update Guide portal lists all security updates in a filterable table.
  • ZDNet has published this file listing all this month’s security advisories on one single page.
  • Adobe’s security updates are detailed here.
  • SAP security updates are available here.
  • Intel security updates are available here.
  • VMWare security updates are available here.
  • Chrome 87 security updates are detailed here.
  • Android security updates are available here.
Tag CVE ID CVE Title
Microsoft Windows DNS ADV200013 Microsoft Guidance for Addressing Spoofing Vulnerability in DNS Resolver
Azure DevOps CVE-2020-17145 Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
Azure DevOps CVE-2020-17135 Azure DevOps Server Spoofing Vulnerability
Azure SDK CVE-2020-17002 Azure SDK for C Security Feature Bypass Vulnerability
Azure SDK CVE-2020-16971 Azure SDK for Java Security Feature Bypass Vulnerability
Azure Sphere CVE-2020-17160 Azure Sphere Security Feature Bypass Vulnerability
Microsoft Dynamics CVE-2020-17147 Dynamics CRM Webclient Cross-site Scripting Vulnerability
Microsoft Dynamics CVE-2020-17133 Microsoft Dynamics Business Central/NAV Information Disclosure
Microsoft Dynamics CVE-2020-17158 Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
Microsoft Dynamics CVE-2020-17152 Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
Microsoft Edge CVE-2020-17153 Microsoft Edge for Android Spoofing Vulnerability
Microsoft Edge CVE-2020-17131 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Exchange Server CVE-2020-17143 Microsoft Exchange Information Disclosure Vulnerability
Microsoft Exchange Server CVE-2020-17144 Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Exchange Server CVE-2020-17141 Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Exchange Server CVE-2020-17117 Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Exchange Server CVE-2020-17132 Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Exchange Server CVE-2020-17142 Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2020-17137 DirectX Graphics Kernel Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2020-17098 Windows GDI+ Information Disclosure Vulnerability
Microsoft Office CVE-2020-17130 Microsoft Excel Security Feature Bypass Vulnerability
Microsoft Office CVE-2020-17128 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office CVE-2020-17129 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office CVE-2020-17124 Microsoft PowerPoint Remote Code Execution Vulnerability
Microsoft Office CVE-2020-17123 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office CVE-2020-17119 Microsoft Outlook Information Disclosure Vulnerability
Microsoft Office CVE-2020-17125 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office CVE-2020-17127 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office CVE-2020-17126 Microsoft Excel Information Disclosure Vulnerability
Microsoft Office CVE-2020-17122 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2020-17115 Microsoft SharePoint Spoofing Vulnerability
Microsoft Office SharePoint CVE-2020-17120 Microsoft SharePoint Information Disclosure Vulnerability
Microsoft Office SharePoint CVE-2020-17121 Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2020-17118 Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2020-17089 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-17136 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-16996 Kerberos Security Feature Bypass Vulnerability
Microsoft Windows CVE-2020-17138 Windows Error Reporting Information Disclosure Vulnerability
Microsoft Windows CVE-2020-17092 Windows Network Connections Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-17139 Windows Overlay Filter Security Feature Bypass Vulnerability
Microsoft Windows CVE-2020-17103 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-17134 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Visual Studio CVE-2020-17148 Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability
Visual Studio CVE-2020-17159 Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability
Visual Studio CVE-2020-17156 Visual Studio Remote Code Execution Vulnerability
Visual Studio CVE-2020-17150 Visual Studio Code Remote Code Execution Vulnerability
Windows Backup Engine CVE-2020-16960 Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup Engine CVE-2020-16958 Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup Engine CVE-2020-16959 Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup Engine CVE-2020-16961 Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup Engine CVE-2020-16964 Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup Engine CVE-2020-16963 Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup Engine CVE-2020-16962 Windows Backup Engine Elevation of Privilege Vulnerability
Windows Error Reporting CVE-2020-17094 Windows Error Reporting Information Disclosure Vulnerability
Windows Hyper-V CVE-2020-17095 Hyper-V Remote Code Execution Vulnerability
Windows Lock Screen CVE-2020-17099 Windows Lock Screen Security Feature Bypass Vulnerability
Windows Media CVE-2020-17097 Windows Digital Media Receiver Elevation of Privilege Vulnerability
Windows SMB CVE-2020-17096 Windows NTFS Remote Code Execution Vulnerability
Windows SMB CVE-2020-17140 Windows SMB Information Disclosure Vulnerability

Credit: Zdnet

Previous Post

NSA Warns Russian Hacker Exploiting VMware Bug to Breach Corporate Networks

Next Post

Enterprise Customer Journey Mapping: Research

Related Posts

Brave browser disables Google’s FLoC tracking system
Internet Security

Brave browser disables Google’s FLoC tracking system

April 13, 2021
These new vulnerabilities put millions of IoT devices at risk, so patch now
Internet Security

These new vulnerabilities put millions of IoT devices at risk, so patch now

April 13, 2021
Apple looking to close the gap between web and app privacy
Internet Security

Who do I pay to get the ‘phone’ removed from my iPhone?

April 13, 2021
Criminals spread malware using website contact forms with Google URLs
Internet Security

Criminals spread malware using website contact forms with Google URLs

April 13, 2021
Bug bounties: More hackers are spotting vulnerabilities across web, mobile and IoT
Internet Security

Critical security alert: If you haven’t patched this old VPN vulnerability, assume your network is compromised

April 13, 2021
Next Post
Enterprise Customer Journey Mapping: Research

Enterprise Customer Journey Mapping: Research

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Coinbase IPO marks historic first crypto company to enter US stock exchange as Bitcoin rockets
Blockchain

Coinbase IPO marks historic first crypto company to enter US stock exchange as Bitcoin rockets

April 13, 2021
AI.Reverie Appoints Former NVIDIA Deep Learning Guru Aayush Prakash as Head of Machine Learning
Machine Learning

AI.Reverie Appoints Former NVIDIA Deep Learning Guru Aayush Prakash as Head of Machine Learning

April 13, 2021
Music and Artificial Intelligence | by Ryan M. Raiker, MBA | Apr, 2021
Neural Networks

Music and Artificial Intelligence | by Ryan M. Raiker, MBA | Apr, 2021

April 13, 2021
The rise of headless and hybrid CMS: Tuesday’s daily brief
Digital Marketing

The rise of headless and hybrid CMS: Tuesday’s daily brief

April 13, 2021
Brave browser disables Google’s FLoC tracking system
Internet Security

Brave browser disables Google’s FLoC tracking system

April 13, 2021
New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices
Internet Privacy

New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices

April 13, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Coinbase IPO marks historic first crypto company to enter US stock exchange as Bitcoin rockets April 13, 2021
  • AI.Reverie Appoints Former NVIDIA Deep Learning Guru Aayush Prakash as Head of Machine Learning April 13, 2021
  • Music and Artificial Intelligence | by Ryan M. Raiker, MBA | Apr, 2021 April 13, 2021
  • The rise of headless and hybrid CMS: Tuesday’s daily brief April 13, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates