You are currently viewing Patch Tuesday: Microsoft Security Bulletin Summary for December 2020

Patch Tuesday: Microsoft Security Bulletin Summary for December 2020

Microsoft has rolled out December Patch Tuesday security updates for 58 vulnerabilities in its product line, including Windows operating system, Edge browser, Microsoft Office and services, and developer tools. Out of these 9 are classified as critical, while 46 of them have been classified as important. The vulnerabilities are categorized under remote code execution, security feature bypass, spoofing, tampering, and denial of service.

A partially fixed vulnerability exists in Active Directory’s Kerberos security feature, which requires an enhanced windows server update planned for February 2021. There is no zero-day exploit this month.


Interesting Vulnerabilities

Hyper-V Remote Code Execution Vulnerability | CVE-2020-17095

Remote Code Execution (RCE) Vulnerability allows the untrusted commands to be executed in the victim’s device without authentication. This vulnerability exists in Microsoft Windows Operating System’s Hyper-V native hardware virtualization application. Attackers can create a specially crafted malware targeting the Hyper-V guest operating system that might execute arbitrary code in the host operating system if the windows fail to validate the vSMB data packets.

  • On successful exploitation, an attacker can execute malicious commands remotely with high privileges, including view, modify, delete the local data. While exploited against admin mode, the attacker can create new users and could be able to modify existing user privileges.

Microsoft Exchange Information Disclosure Vulnerability | CVE-2020-17143

Information Disclosure vulnerability can be used against the victim’s networks and systems to enumerate the infrastructure behind the implementation of those devices, which leads to the leakage of confidential information such as password hashes, routing information, ARP table records, and files systems. Likewise, this vulnerability targets the Microsoft Exchange Mail Server. A remote attacker can send malicious requests to the server, which tricks the server into responding with internal information that must be restricted within the server’s local environment.

  • On successful exploitation, an attacker can access sensitive information such as server version¬†and installed patches without authorization, which leads to an increase in the chances of compromising other systems in the same network.

Kerberos Security Feature Bypass Vulnerability | CVE-2020-16996

A Security Feature Bypass (SFB) Vulnerability exists in the Kerberos network authentication protocol. This vulnerability only exists in the systems which implemented Protected Users and Resource-Based Constrained Delegation (RBCD) in the Windows Active Directory Domain. This vulnerability is not completely fixed and requires future enhanced windows server updates.

  • On successful exploitation, an attacker can bypass the security feature by adding a fake user into the domain and evade the authentication phase by adding the user to the protected user list and perform malicious activities inside the shared domain.

Microsoft SharePoint Remote Code Execution Vulnerability | CVE-2020-17121

A Remote Code Execution (RCE) vulnerability exists in Microsoft SharePoint, allowing arbitrary code execution on the affected servers. An authenticated user can execute a malicious .NET code in the server using a SharePoint Web Application service account.

  • On successful exploitation, an attacker can execute specially crafted code on the restricted server. This could lead to an increase in the extent of attack surface further to compromise other systems.

Microsoft Security Bulletin Summary for December 2020

  • Microsoft Windows
  • Microsoft Edge (EdgeHTML-based)
  • Microsoft Edge for Android
  • ChakraCore
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Microsoft Exchange Server
  • Azure DevOps
  • Microsoft Dynamics
  • Visual Studio
  • Azure SDK
  • Azure Sphere

Product: Microsoft Windows
CVEs/Advisory: ADV200013, CVE-2020-17136, CVE-2020-16996, CVE-2020-17138, CVE-2020-17092, CVE-2020-17139, CVE-2020-17103, CVE-2020-17137, CVE-2020-17098 , CVE-2020-16960, CVE-2020-16958 , CVE-2020-16959, CVE-2020-16961 , CVE-2020-16964, CVE-2020-16963, CVE-2020-16962, CVE-2020-17094, CVE-2020-17095, CVE-2020-17099, CVE-2020-17097, CVE-2020-17096, CVE-2020-17140
Impact: Elevation of Privilege, Remote Code Execution, Information Disclosure, Denial of Service, Security Feature Bypass, Spoofing.
Severity: Critical
KBs: 4586781, 4586785, 4586786, 4586787, 4586793, 4586808, 4586823, 4586830, 4586834, 4586845, 4592438, 4592440, 4592446, 4592449, 4592464, 4592468, 4592484, 4592495, 4592497, 4593226


Product: Browsers (Edge HTML Based, Edge Android, and ChakraCore)
CVEs: CVE-2020-17131, CVE-2020-17153
Impact: Remote Code Execution, Spoofing.
Severity: Critical
KBs: 4592440, 4592449


Product: Microsoft Office and Microsoft Office Services and Web Apps
CVEs: CVE-2020-17130, CVE-2020-17128, CVE-2020-17129 , CVE-2020-17124, CVE-2020-17123, CVE-2020-17119, CVE-2020-17125, CVE-2020-17127, CVE-2020-17126, CVE-2020-17122, CVE-2020-17115, CVE-2020-17120, CVE-2020-17121, CVE-2020-17118, CVE-2020-17089
Impact: Elevation of Privilege, Remote Code Execution, Information Disclosure, Security Feature Bypass, Spoofing.
Severity: Critical
KBs: 4493138, 4493139, 4493140, 4493148, 4493149


Product: Microsoft Exchange Server
CVEs: CVE-2020-17117, CVE-2020-17132, CVE-2020-17141, CVE-2020-17142, CVE-2020-17143, CVE-2020-17144
Impact: Remote Code Execution, Information Disclosure, Denial of Service.
Severity: Critical
KBs: 4593465, 4593466, 4593467


Product: Azure Sphere
CVEs: CVE-2020-17160
Impact: Security Feature Bypass, Tampering.
Severity: Critical


Product: Microsoft Dynamics
CVEs: CVE-2020-17133, CVE-2020-17147, CVE-2020-17152, CVE-2020-17158
Impact: Remote Code Execution, Information Disclosure, Spoofing.
Severity: Critical
KBs: 4583556, 4584611, 4584612, 4595459, 4595462


Product: Developer Tools (Azure DevOps, Azure SDK, and Visual Studio)
CVEs: CVE-2020-17145, CVE-2020-17135, CVE-2020-17002, CVE-2020-16971, CVE-2020-17148, CVE-2020-17159, CVE-2020-17156, CVE-2020-17150
Impact: Remote Code Execution, Security Feature Bypass, Spoofing, Tampering.
Severity: Important


SanerNow detects these vulnerabilities and automatically fixes them by applying security updates. Download SanerNow and keep your systems updated and secure.

Subscribe For More Posts Like This

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.
3 1 vote
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments