Microsoft has released the security patches for recently discovered 58 security flaws as it’s final patch Tuesday
for 2020. With these patches, the total number of CVE has reached 1250 for this year.
Out of these 58 patches, 9 were categorized as critical, 46 were categorized as Important, and 3 were categorized as Moderate.
There is no report of a zero-day attack. The security patches solve the issues of:
Propitiously, there was no report of these vulnerabilities being exploited in wild. You can get the full report regarding these vulnerabilities here
The security patch impacts the various Remote-Code Execution flaw in Microsoft Exchange with CVE no CVE-2020-17132, Share point (CVE-2020-17118 and CVE-2020-17121), Excel (CVE-2020-17123), and Hyper-V virtualization software (CVE-2020-17095), as well as a patch for a security feature bypass in Kerberos (CVE-2020-16996), and several privilege escalation vulnerability in Windows Backup Engine and Windows Cloud Files Mini Filter Driver.
As stated by Microsoft “To exploit this vulnerability, an attacker could run a specially crafted application on a Hyper-V guest that could cause the Hyper-V host operating system to execute arbitrary code when it fails to properly validate vSMB packet data,”
Along with all these security patches, the advisory
on DNS Cache Poisoning (CVE-2020-25705
) was discovered by the security researchers of Tsinghua University and the University of California last month.
The bug could allow an attacker to spoof a DNS packet that can be cached from the DNS Forwarder or DNS Resolver and thus allow the restoration of DNS cache poisoning attacks (Dubbed Side-Channel Attack DNS (or SAD DNS attack)).
To moderate the risk Microsoft has recommended the workaround to configure the DNS buffer size of 1221 (4C5 Hexadecimal) for UDP packets.
As stated in Microsoft ADV 200013 “For responses larger than 4C5 or 1221, the DNS resolver would now switch to TCP”.
It is recommended that the security administrator and windows users should apply these security patches to avoid having issues.