Microsoft December 2020 Patch Tuesday — 58 Security Fix

Home/Security Update/Microsoft December 2020 Patch Tuesday — 58 Security Fix

Microsoft December 2020 Patch Tuesday — 58 Security Fix

Nine critical bugs and 58 overall fixes mark the last scheduled security advisory of 2020.

Patch for the Holidays

Microsoft has addressed 58 CVEs (nine of them critical) for its December 2020 Patch Tuesday update. This brings the computing giant’s patch tally to 1,250 for the year.

Of the 58 vulnerabilities fixed today, nine are classified as Critical, 48 as Important, and two as Moderate.

Importantly, below the affected products are:

  • Microsoft Windows,
  • Edge (EdgeHTML-based),
  • ChakraCore,
  • Microsoft Office and Office Services and Web Apps,
  • Exchange Server,
  • Azure DevOps,
  • Microsoft Dynamics,
  • Visual Studio,
  • Azure SDK and Azure Sphere,

Critical Bug Breakdown:

Microsoft Exchange was found with three high-critical flaws, including:

  • CVE-2020-17117 — Score CVSS:3.0 6.6/5.9
  • CVE-2020-17132 — Score CVSS:3.0 9.1/8.2
  • CVE-2020-17142 — Score CVSS:3.0 9.1/8.2

Above all, Below are additional details about today’s Microsoft Patch Tuesday,

TagCVE IDCVE Title
Microsoft Windows DNSADV200013Microsoft Guidance for Addressing Spoofing Vulnerability in DNS Resolver
Azure DevOpsCVE-2020-17145Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
Azure DevOpsCVE-2020-17135Azure DevOps Server Spoofing Vulnerability
Azure SDKCVE-2020-17002Azure SDK for C Security Feature Bypass Vulnerability
Azure SDKCVE-2020-16971Azure SDK for Java Security Feature Bypass Vulnerability
Azure SphereCVE-2020-17160Azure Sphere Security Feature Bypass Vulnerability
Microsoft DynamicsCVE-2020-17147Dynamics CRM Webclient Cross-site Scripting Vulnerability
Microsoft DynamicsCVE-2020-17133Microsoft Dynamics Business Central/NAV Information Disclosure
Microsoft DynamicsCVE-2020-17158Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
Microsoft DynamicsCVE-2020-17152Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
Microsoft EdgeCVE-2020-17153Microsoft Edge for Android Spoofing Vulnerability
Microsoft EdgeCVE-2020-17131Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Exchange ServerCVE-2020-17143Microsoft Exchange Information Disclosure Vulnerability
Microsoft Exchange ServerCVE-2020-17144Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Exchange ServerCVE-2020-17141Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Exchange ServerCVE-2020-17117Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Exchange ServerCVE-2020-17132Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Exchange ServerCVE-2020-17142Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Graphics ComponentCVE-2020-17137DirectX Graphics Kernel Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2020-17098Windows GDI+ Information Disclosure Vulnerability
Microsoft OfficeCVE-2020-17130Microsoft Excel Security Feature Bypass Vulnerability
Microsoft OfficeCVE-2020-17128Microsoft Excel Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-17129Microsoft Excel Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-17124Microsoft PowerPoint Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-17123Microsoft Excel Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-17119Microsoft Outlook Information Disclosure Vulnerability
Microsoft OfficeCVE-2020-17125Microsoft Excel Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-17127Microsoft Excel Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-17126Microsoft Excel Information Disclosure Vulnerability
Microsoft OfficeCVE-2020-17122Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office SharePointCVE-2020-17115Microsoft SharePoint Spoofing Vulnerability
Microsoft Office SharePointCVE-2020-17120Microsoft SharePoint Information Disclosure Vulnerability
Microsoft Office SharePointCVE-2020-17121Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePointCVE-2020-17118Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePointCVE-2020-17089Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-17136Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-16996Kerberos Security Feature Bypass Vulnerability
Microsoft WindowsCVE-2020-17138Windows Error Reporting Information Disclosure Vulnerability
Microsoft WindowsCVE-2020-17092Windows Network Connections Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-17139Windows Overlay Filter Security Feature Bypass Vulnerability
Microsoft WindowsCVE-2020-17103Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-17134Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Visual StudioCVE-2020-17148Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability
Visual StudioCVE-2020-17159Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability
Visual StudioCVE-2020-17156Visual Studio Remote Code Execution Vulnerability
Visual StudioCVE-2020-17150Visual Studio Code Remote Code Execution Vulnerability
Windows Backup EngineCVE-2020-16960Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup EngineCVE-2020-16958Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup EngineCVE-2020-16959Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup EngineCVE-2020-16961Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup EngineCVE-2020-16964Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup EngineCVE-2020-16963Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup EngineCVE-2020-16962Windows Backup Engine Elevation of Privilege Vulnerability
Windows Error ReportingCVE-2020-17094Windows Error Reporting Information Disclosure Vulnerability
Windows Hyper-VCVE-2020-17095Hyper-V Remote Code Execution Vulnerability
Windows Lock ScreenCVE-2020-17099Windows Lock Screen Security Feature Bypass Vulnerability
Windows MediaCVE-2020-17097Windows Digital Media Receiver Elevation of Privilege Vulnerability
Windows SMBCVE-2020-17096Windows NTFS Remote Code Execution Vulnerability
Windows SMBCVE-2020-17140Windows SMB Information Disclosure Vulnerability
Post Views: 731
By | 2020-12-09T17:23:05+05:30 December 9th, 2020|Security Update|

About the Author:

FirstHackersNews- Identifies Security

Related Posts

Leave A Comment

Subscribe to our newsletter to receive security tips everday!