- Mastering Azure management: A comparative analysis of leading cloud platforms
- Sweat the small stuff: Data protection in the age of AI
- GAO report says DHS, other agencies need to up their game in AI risk assessment
- This LG Bluetooth speaker impressed me with a design feature I've yet to see on competitors
- Amazon's AI Shopping Guides helps you research less and shop more. Here's how it works
VERT Threat Alert: December 2020 Patch Tuesday Analysis | The State of Security
Today’s VERT Alert addresses Microsoft’s December 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-918 on Wednesday, December 9th.
In-The-Wild & Disclosed CVEs
There are no In-The-Wild or Disclosed CVEs patched this month.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.
Tag | CVE Count | CVEs |
Microsoft Dynamics | 4 | CVE-2020-17147, CVE-2020-17152, CVE-2020-17158, CVE-2020-17133 |
Windows Hyper-V | 1 | CVE-2020-17095 |
Azure Sphere | 1 | CVE-2020-17160 |
Windows Error Reporting | 1 | CVE-2020-17094 |
Microsoft Windows | 7 | CVE-2020-17092, CVE-2020-17103, CVE-2020-17134, CVE-2020-17136, CVE-2020-17138, CVE-2020-17139, CVE-2020-16996 |
Microsoft Edge | 2 | CVE-2020-17131, CVE-2020-17153 |
Windows Media | 1 | CVE-2020-17097 |
Windows Lock Screen | 1 | CVE-2020-17099 |
Azure SDK | 2 | CVE-2020-16971, CVE-2020-17002 |
Visual Studio | 4 | CVE-2020-17148, CVE-2020-17150, CVE-2020-17156, CVE-2020-17159 |
Azure DevOps | 2 | CVE-2020-17135, CVE-2020-17145 |
Microsoft Graphics Component | 2 | CVE-2020-17135, CVE-2020-17145 |
Windows Backup Engine | 7 | CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964 |
Microsoft Exchange Server | 6 | CVE-2020-17117, CVE-2020-17132, CVE-2020-17141, CVE-2020-17142, CVE-2020-17143, CVE-2020-17144 |
Windows SMB | 2 | CVE-2020-17096, CVE-2020-17140 |
Microsoft Office | 10 | CVE-2020-17119, CVE-2020-17122, CVE-2020-17123, CVE-2020-17124, CVE-2020-17125, CVE-2020-17126, CVE-2020-17127, CVE-2020-17128, CVE-2020-17129, CVE-2020-17130 |
Microsoft Office SharePoint | 5 | CVE-2020-17089, CVE-2020-17118, CVE-2020-17115, CVE-2020-17120, CVE-2020-17121 |
Other Information
There was one advisory included with the December security guidance.
Microsoft Guidance for Addressing Spoofing Vulnerability in DNS Resolver [ADV200013]
Microsoft has announced that they are aware of a DNS cache poisoning vulnerability that impacts the Windows DNS Resolver and could allow the caching of spoofed DNS packets. They have released a workaround documented in this advisory.