Microsoft December Patch Tuesday 2020

Microsoft have released Patch Tuesday 2020 for December where they have fixed 58 vulnerabilities among their product and service. For this months, smaller number of fixed been made comparing to other month Patch Tuesday which reached around 100+ fixed a month.

Below are the devices that impacted during this time around:

  1. Windows NTFS
  2. Exchange Server (CVE-2020-17143CVE-2020-17144CVE-2020-17141CVE-2020-17117CVE-2020-17132, and CVE-2020-17142
  3. Microsoft Dynamics
  4. Microsoft Excel and Powerpoint
  5. SharePoint (CVE-2020-17118 and CVE-2020-17121).
  6. Visual Studio and Hyper-V

SoftwareCVE CVE Title
Microsoft Windows DNSADV200013Microsoft Guidance for Addressing Spoofing Vulnerability in DNS Resolver
Azure DevOpsCVE-2020-17145Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
Azure DevOpsCVE-2020-17135Azure DevOps Server Spoofing Vulnerability
Azure SDKCVE-2020-17002Azure SDK for C Security Feature Bypass Vulnerability
Azure SDKCVE-2020-16971Azure SDK for Java Security Feature Bypass Vulnerability
Azure SphereCVE-2020-17160Azure Sphere Security Feature Bypass Vulnerability
Microsoft DynamicsCVE-2020-17147Dynamics CRM Webclient Cross-site Scripting Vulnerability
Microsoft DynamicsCVE-2020-17133Microsoft Dynamics Business Central/NAV Information Disclosure
Microsoft DynamicsCVE-2020-17158Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
Microsoft DynamicsCVE-2020-17152Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
Microsoft EdgeCVE-2020-17153Microsoft Edge for Android Spoofing Vulnerability
Microsoft EdgeCVE-2020-17131Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Exchange ServerCVE-2020-17143Microsoft Exchange Information Disclosure Vulnerability
Microsoft Exchange ServerCVE-2020-17144Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Exchange ServerCVE-2020-17141Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Exchange ServerCVE-2020-17117Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Exchange ServerCVE-2020-17132Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Exchange ServerCVE-2020-17142Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Graphics ComponentCVE-2020-17137DirectX Graphics Kernel Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2020-17098Windows GDI+ Information Disclosure Vulnerability
Microsoft OfficeCVE-2020-17130Microsoft Excel Security Feature Bypass Vulnerability
Microsoft OfficeCVE-2020-17128Microsoft Excel Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-17129Microsoft Excel Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-17124Microsoft PowerPoint Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-17123Microsoft Excel Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-17119Microsoft Outlook Information Disclosure Vulnerability
Microsoft OfficeCVE-2020-17125Microsoft Excel Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-17127Microsoft Excel Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-17126Microsoft Excel Information Disclosure Vulnerability
Microsoft OfficeCVE-2020-17122Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office SharePointCVE-2020-17115Microsoft SharePoint Spoofing Vulnerability
Microsoft Office SharePointCVE-2020-17120Microsoft SharePoint Information Disclosure Vulnerability
Microsoft Office SharePointCVE-2020-17121Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePointCVE-2020-17118Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePointCVE-2020-17089Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-17136Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-16996Kerberos Security Feature Bypass Vulnerability
Microsoft WindowsCVE-2020-17138Windows Error Reporting Information Disclosure Vulnerability
Microsoft WindowsCVE-2020-17092Windows Network Connections Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-17139Windows Overlay Filter Security Feature Bypass Vulnerability
Microsoft WindowsCVE-2020-17103Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-17134Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Visual StudioCVE-2020-17148Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability
Visual StudioCVE-2020-17159Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability
Visual StudioCVE-2020-17156Visual Studio Remote Code Execution Vulnerability
Visual StudioCVE-2020-17150Visual Studio Code Remote Code Execution Vulnerability
Windows Backup EngineCVE-2020-16960Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup EngineCVE-2020-16958Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup EngineCVE-2020-16959Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup EngineCVE-2020-16961Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup EngineCVE-2020-16964Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup EngineCVE-2020-16963Windows Backup Engine Elevation of Privilege Vulnerability
Windows Backup EngineCVE-2020-16962Windows Backup Engine Elevation of Privilege Vulnerability
Windows Error ReportingCVE-2020-17094Windows Error Reporting Information Disclosure Vulnerability
Windows Hyper-VCVE-2020-17095Hyper-V Remote Code Execution Vulnerability
Windows Lock ScreenCVE-2020-17099Windows Lock Screen Security Feature Bypass Vulnerability
Windows MediaCVE-2020-17097Windows Digital Media Receiver Elevation of Privilege Vulnerability
Windows SMBCVE-2020-17096Windows NTFS Remote Code Execution Vulnerability
Windows SMBCVE-2020-17140Windows SMB Information Disclosure Vulnerability

Table Source: Microsoft December 2020 Patch Tuesday fixes 58 vulnerabilities

Author: Wan Ariff

He brings with him working experience in Information Security filed which specializing in Penetration Testing and Digital Forensic. His passion is more to IT Security

Leave a Reply

Your email address will not be published. Required fields are marked *