Microsoft rolls out final patches for 2020: Covers 58 security flaws

December 10, 2020
Browse All Blogs
Microsoft has released the security patches for recently discovered 58 security flaws as it’s final patch Tuesday for 2020. With these patches, the total number of CVE has reached 1250 for this year.
Out of these 58 patches, 9 were categorized as critical, 46 were categorized as Important, and 3 were categorized as Moderate.
There is no report of a zero-day attack. The security patches solve the issues of:
Microsoft Edge
Microsoft Windows
Chakra Core
Microsoft Office
Exchange Server
Azure DevOps
Microsoft Dynamics
Visual Studio
Azure SDK
Azure Sphere
Propitiously, there was no report of these vulnerabilities being exploited in wild. You can get the full report regarding these vulnerabilities here.
The security patch impacts the various Remote-Code Execution flaw in Microsoft Exchange with CVE no CVE-2020-17132, Share point (CVE-2020-17118 and CVE-2020-17121), Excel (CVE-2020-17123), and Hyper-V virtualization software (CVE-2020-17095), as well as a patch for a security feature bypass in Kerberos (CVE-2020-16996), and several privilege escalation vulnerability in Windows Backup Engine and Windows Cloud Files Mini Filter Driver.
From all these vulnerabilities the Hyper-V virtualization software with CVE-2020-17095 has the highest score with 8.5/10 among all others.
As stated by Microsoft “To exploit this vulnerability, an attacker could run a specially crafted application on a Hyper-V guest that could cause the Hyper-V host operating system to execute arbitrary code when it fails to properly validate vSMB packet data,”
Along with all these security patches, the advisory on DNS Cache Poisoning (CVE-2020-25705) was discovered by the security researchers of Tsinghua University and the University of California last month.
The bug could allow an attacker to spoof a DNS packet that can be cached from the DNS Forwarder or DNS Resolver and thus allow the restoration of DNS cache poisoning attacks (Dubbed Side-Channel Attack DNS (or SAD DNS attack)).
To moderate the risk Microsoft has recommended the workaround to configure the DNS buffer size of 1221 (4C5 Hexadecimal) for UDP packets.
As stated in Microsoft ADV 200013 “For responses larger than 4C5 or 1221, the DNS resolver would now switch to TCP”.
It is recommended that the security administrator and windows users should apply these security patches to avoid having issues.

Users also read:

December 17, 2020
Google collapse: YouTube, Google meet, Maps Stop working around the globe

Google experienced difficulties on a large scale for it’s online services, such as YouTube, Google Meet, Google Maps, Google Calendar.

December 10, 2020
Microsoft rolls out final patches for 2020: Covers 58 security flaws

Microsoft has released the security patches for recently discovered 58 security flaws as it’s final patch Tuesday for 2020. With these patches, the total number of CVE has reached 1250 for this year.

November 7, 2020
Apple updates 3 Zero-Day bugs for the latest iOS update

These vulnerabilities were found in the FontParser and Kernel of iOS. Allowing the attacker to remotely execute the arbitrary code with kernel-level benefits.

Leave a Reply

Your email address will not be published. Required fields are marked *

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram