Microsoft December 2020 Patch Tuesday fixes 58 bugs, 9 are critical

Microsoft December 2020 Patch Tuesday security update address 58 vulnerabilities, 22 of them are remote code execution vulnerabilities.

Microsoft December 2020 Patch Tuesday security update address 58 vulnerabilities, 22 of them are remote code issues. The flaws impact multiple products including Microsoft Windows, Edge (EdgeHTML-based), ChakraCore, Microsoft Office and Office Services and Web Apps, Exchange Server, Azure DevOps, Microsoft Dynamics, Visual Studio, Azure SDK, and Azure Sphere. In 2020, the IT giant has released a total of 1,250 CVEs.

Nine flaws addressed Microsoft December 2020 Patch Tuesday are rated as Critical, 46 are rated as Important, and 3 are rated Moderate in severity.

Six vulnerabilities have been reported through the ZDI program, none of the flaws patched this month are listed as publicly known or under active attack at the time of release.

“Looking at the remaining Critical-rated updates, only one (surprisingly) impacts the browser. That patch corrects a bug within the JIT compiler. By performing actions in JavaScript, an attacker can trigger a memory corruption condition, which leads to code execution.” reported ZDI. “The lack of browser updates could also be a conscious decision by Microsoft to ensure a bad patch for a browser does not disrupt online shopping during the holiday season.”

The most severe issued addressed by Microsoft this month are:

CVE-2020-17132 – Microsoft Exchange Remote Code Execution Vulnerability.
CVE-2020-17121 – Microsoft SharePoint Remote Code Execution Vulnerability.
CVE-2020-17095 – Hyper-V Remote Code Execution Vulnerability.
CVE-2020-16996 – Kerberos Security Feature Bypass Vulnerability.
CVE-2020-17118 – Microsoft SharePoint Remote Code Execution Vulnerability.
CVE-2020-17121 – Microsoft SharePoint Remote Code Execution Vulnerability.

The full list of security updates released by Microsoft is available on the official Security Update Guide portal.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Microsoft Patch Tuesday)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.