On November 10, 2020, Microsoft released monthly security updates as part of the next Patch Tuesday. Fixed 112 security vulnerabilities, including 24 remote code execution vulnerabilities.
This time, the company has patched 112 security vulnerabilities in many of its products, from the Edge browser to the WalletService service.
In November 2020, Redmond patched one zero-day vulnerability that has been reported exploited. The vulnerability with identifier CVE-2020-17087 was disclosed on October 30 by the Google Project Zero and TAG security teams. Google says the discovered security issue was exploited in real-world conditions along with a zero-day vulnerability in Chrome in attacks on targeted Windows 7 and Windows 10 systems.
The attackers exploited a vulnerability in Chrome to launch a malicious script and then exploited the vulnerability in Windows to exit the Chrome Safe Sandbox and escalate code privileges to attack the host OS. The details of this attack were not disclosed.
The vulnerability was discovered around mid-October and Microsoft had 7 days to prepare the patch. However, the company did not meet this nondisclosure deadline because it takes more time to develop and test a security patch for such a large product, such as an OS. As a result, the fix became available only from November 10, 2020.
Microsoft warns that the CVE-2020-17087 vulnerability is in the Windows kernel and affects all currently supported versions of Windows, including all versions of Windows after Windows 7 and all Windows Server distributions.
In addition to this zero-day vulnerability, Microsoft has patched 111 other vulnerabilities, including 24 security issues that could allow remote code execution (RCE) attacks. They are found in applications such as Excel, Microsoft Sharepoint, Microsoft Exchange Server, Windows Network File System, Windows GDI + component, Windows Print Spooler service, and even Microsoft Teams.
While rushing to install patches is a safe approach for most users, it is recommended that system administrators on large corporate networks test patches before widespread deployment to avoid potential bugs that could disrupt internal systems.
More information on Tuesday patches
On the official portal Security Update Guide, all security updates are listed in a sorted table.
Adobe released security updates for Adobe Acrobat and Reader last week.
Intel has released security updates.
VMWare has released security updates for its products.
Chrome 86 has received security updates.
Security updates available for Android, including Android 10 and Android 11.