Microsoft today released 58 security fixes for more than 10 products and services as part of its monthly security update, known as “Patch Tuesday.”
There are fewer patches this December, compared to the hundreds of patches Microsoft has sent out each month. But that’s not why the security concerns are less serious.
The most critical security holes
More than a third of this month’s fixes (22) are categorized as remote code execution (RCE) vulnerabilities. These security flaws must be corrected immediately because they are more easily exploited, without any user interaction, whether via the Internet or through a local network.
This month, RCEs were found in products like Windows NTFS, Exchange Server, Microsoft Dynamics, Excel, PowerPoint, SharePoint, Visual Studio, and Hyper-V.
The most critical RCE vulnerabilities, and the most likely to be exploited, are those affecting Exchange Server (CVE-2020-17143, CVE-2020-17144, CVE-2020-17141, CVE-2020-17117, CVE-2020- 17132, and CVE-2020-17142) and SharePoint (CVE-2020-17118 and CVE-2020-17121).
It is advisable to patch them first, because by their nature Exchange and SharePoint systems are regularly connected to the internet and, therefore, are more easily attacked.
Learn more about this month’s security updates.
Other vulnerabilities addressed this month include another major security flaw in Hyper-V, Microsoft’s virtualization technology used to host virtual machines. Exploitable via a malicious SMB package, this vulnerability could have allowed remote attackers to compromise virtualized sandbox environments, which Hyper-V was designed to avoid.
Below is more information about the December Patch Tuesday and security updates released by other publishers:
- Microsoft’s official portal, Security Update Guide, lists all security updates in a filterable table.
- has published this file which consolidates all of this month’s security advisories on one page.
- Adobe’s security updates are detailed here.
- SAP security updates are available here.
- Intel security updates are available here.
- VMWare security updates are available here.
- The security updates for Chrome 87 are detailed here.
- Security updates for Android are available here.