VERT Threat Alert: December 2020 Patch Tuesday Analysis | The State of Security


Today’s VERT Alert addresses Microsoft’s December 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-918 on Wednesday, December 9th.

In-The-Wild & Disclosed CVEs

There are no In-The-Wild or Disclosed CVEs patched this month.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.

Tag CVE Count CVEs
Microsoft Dynamics 4 CVE-2020-17147, CVE-2020-17152, CVE-2020-17158, CVE-2020-17133
Windows Hyper-V 1 CVE-2020-17095
Azure Sphere 1 CVE-2020-17160
Windows Error Reporting 1 CVE-2020-17094
Microsoft Windows 7 CVE-2020-17092, CVE-2020-17103, CVE-2020-17134, CVE-2020-17136, CVE-2020-17138, CVE-2020-17139, CVE-2020-16996
Microsoft Edge 2 CVE-2020-17131, CVE-2020-17153
Windows Media 1 CVE-2020-17097
Windows Lock Screen 1 CVE-2020-17099
Azure SDK 2 CVE-2020-16971, CVE-2020-17002
Visual Studio 4 CVE-2020-17148, CVE-2020-17150, CVE-2020-17156, CVE-2020-17159
Azure DevOps 2 CVE-2020-17135, CVE-2020-17145
Microsoft Graphics Component 2 CVE-2020-17135, CVE-2020-17145
Windows Backup Engine 7 CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964
Microsoft Exchange Server 6 CVE-2020-17117, CVE-2020-17132, CVE-2020-17141, CVE-2020-17142, CVE-2020-17143, CVE-2020-17144
Windows SMB 2 CVE-2020-17096, CVE-2020-17140
Microsoft Office 10 CVE-2020-17119, CVE-2020-17122, CVE-2020-17123, CVE-2020-17124, CVE-2020-17125, CVE-2020-17126, CVE-2020-17127, CVE-2020-17128, CVE-2020-17129, CVE-2020-17130
Microsoft Office SharePoint 5 CVE-2020-17089, CVE-2020-17118, CVE-2020-17115, CVE-2020-17120, CVE-2020-17121

Other Information

There was one advisory included with the December security guidance.

Microsoft Guidance for Addressing Spoofing Vulnerability in DNS Resolver [ADV200013]

Microsoft has announced that they are aware of a DNS cache poisoning vulnerability that impacts the Windows DNS Resolver and could allow the caching of spoofed DNS packets. They have released a workaround documented in this advisory.



Source link