Microsoft November 2020 Security Updates, zero-day patch for CVE-2020-17087

Microsoft has released the November 2020 Security updates that includes patches for 112 vulnerabilities, 17 of them rated Critical.

In addition, the tech giant fixed a zero-day Windows kernel vulnerability CVE-2020-17087 with known public exploits and discovered by Google around mid-October.

In all, the Microsoft security updates address vulnerabilities in the following products:

• Azure DevOps
• Azure SDK
• Azure Sphere
• ChakraCore
• Internet Explorer
• Microsoft Dynamics
• Microsoft Edge (Chromium-based)
• Microsoft Edge (EdgeHTML-based)
• Microsoft Exchange Server
• Microsoft Office and Microsoft Office Services and Web Apps
• Microsoft Teams
• Microsoft Windows
• Microsoft Windows Codecs Library
• Visual Studio
• Windows Defender.

Microsoft has provided patches for each of the vulnerabilities and also summarized them in the November 2020 Security Updates Release Notes.

Readers can also check out more vulnerability and patch details in Microsoft’s Security Update Guide.

Zero-day vulnerability

According to Microsoft, there is evidence that exploits against CVE-2020-17087 have been detected in the wild.

Google security researchers previously discovered and reported the Windows Kernel Cryptography Driver vulnerability to Microsoft in mid-October.

“The Windows Kernel Cryptography Driver (cng.sys) exposes a \Device\CNG device to user-mode programs and supports a variety of IOCTLs with non-trivial input structures. It constitutes a locally accessible attack surface that can be exploited for privilege escalation (such as sandbox escape),” Project Zero team wrote in a Chromium blog post.

The issue affects most versions of Windows desktop and Windows server OS products.

Critical vulnerabilities

Microsoft also addressed 17 critical vulnerabilities, to include 16 remote code execution (RCE).

One of the Critical patches address an Azure Sphere elevation of privilege vulnerability CVE-2020-16988.

Moreover, Microsoft released the following 16 RCE vulnerabilities:

1. CVE-2020-17042: Windows Print Spooler Remote Code Execution Vulnerability
2. CVE-2020-17048: Chakra Scripting Engine Memory Corruption Vulnerability
3. CVE-2020-17051: Windows Network File System Remote Code Execution Vulnerability
4. CVE-2020-17052: Scripting Engine Memory Corruption Vulnerability
5. CVE-2020-17053: Internet Explorer Memory Corruption Vulnerability
6. CVE-2020-17058: Microsoft Browser Memory Corruption Vulnerability
7. CVE-2020-17078: Raw Image Extension Remote Code Execution Vulnerability
8. CVE-2020-17079: Raw Image Extension Remote Code Execution Vulnerability:
9. CVE-2020-17082: Raw Image Extension Remote Code Execution Vulnerability
10. CVE-2020-17101: HEIF Image Extensions Remote Code Execution Vulnerability
11. CVE-2020-17105: AV1 Video Extension Remote Code Execution Vulnerability
12. CVE-2020-17106: HEVC Video Extensions Remote Code Execution Vulnerability
13. CVE-2020-17107: HEVC Video Extensions Remote Code Execution Vulnerability
14. CVE-2020-17108: HEVC Video Extensions Remote Code Execution Vulnerability
15. CVE-2020-17109: HEVC Video Extensions Remote Code Execution Vulnerability
16. CVE-2020-17110: HEVC Video Extensions Remote Code Execution Vulnerability.

Other vulnerabilities

Finally, Microsoft also patched the following vulnerabilities rated Important: Denial of Service (3), Elevation of Privilege (36), Information Disclosure (19), RCE (19), Security Feature Bypass (5), Spoofing (9) and Tampering (2). Four Moderate and 3 Low rated flaws were also addressed.

Related Articles

• Microsoft takes down TrickBot malware infrastructure
• Microsoft warns of active exploits in the wild of Zerologon vulnerability
• Exploit code available for ‘Zerologon’ vulnerability (CVE-2020-1472) that affects Microsoft Netlogon
• Microsoft takes down malicious domains used in COVID-19 related phishing campaign