Microsoft December 2020 Patch Tuesday fixes 58 bugs, 9 are critical

Microsoft December 2020 Patch Tuesday security update address 58 vulnerabilities, 22 of them are remote code execution vulnerabilities.

Microsoft December 2020 Patch Tuesday security update address 58 vulnerabilities, 22 of them are remote code issues. The flaws impact multiple products including Microsoft Windows, Edge (EdgeHTML-based), ChakraCore, Microsoft Office and Office Services and Web Apps, Exchange Server, Azure DevOps, Microsoft Dynamics, Visual Studio, Azure SDK, and Azure Sphere. In 2020, the IT giant has released a total of 1,250 CVEs.

Nine flaws addressed Microsoft December 2020 Patch Tuesday are rated as Critical, 46 are rated as Important, and 3 are rated Moderate in severity.

Six vulnerabilities have been reported through the ZDI program, none of the flaws patched this month are listed as publicly known or under active attack at the time of release.

“Looking at the remaining Critical-rated updates, only one (surprisingly) impacts the browser. That patch corrects a bug within the JIT compiler. By performing actions in JavaScript, an attacker can trigger a memory corruption condition, which leads to code execution.” reported ZDI. “The lack of browser updates could also be a conscious decision by Microsoft to ensure a bad patch for a browser does not disrupt online shopping during the holiday season.”

The most severe issued addressed by Microsoft this month are:

• CVE-2020-17132 – Microsoft Exchange Remote Code Execution Vulnerability.
• CVE-2020-17121 – Microsoft SharePoint Remote Code Execution Vulnerability.
• CVE-2020-17095 – Hyper-V Remote Code Execution Vulnerability.
• CVE-2020-16996 – Kerberos Security Feature Bypass Vulnerability.
• CVE-2020-17118 – Microsoft SharePoint Remote Code Execution Vulnerability.
• CVE-2020-17121 – Microsoft SharePoint Remote Code Execution Vulnerability.

The full list of security updates released by Microsoft is available on the official Security Update Guide portal.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Microsoft Patch Tuesday)

[adrotate banner=”5″]

[adrotate banner=”13″]