Technology

November patch fixes 112 security vulnerabilities

Microsoft yesterday released fixes for 112 security vulnerabilities discovered in its products, via the infamous November 2020 Patch Tuesday. The update includes a fix for the particularly dangerous zero-day bug discovered by Google Project Zero last week, and that we reveal here.

17 of the flaws corrected by the November Patch Tuesday are considered “critical”, that is to say particularly serious. 93 of them are classified as “important” and two are of low severity.

Microsoft explains that the flaws fixed by the November Patch Tuesday affect the following products:

Microsoft Windows Microsoft Office and Microsoft Office Services and Web Apps Internet Explorer Microsoft Edge (EdgeHTML) Microsoft Edge (Chromium) ChakraCore Microsoft Exchange Server Microsoft Dynamics Microsoft Windows Azure Sphere Codec Library Windows Defender Microsoft Teams SDK Azure Azure DevOps Visual Studio

The worst of these security vulnerabilities is without a doubt the CVE-2020-17087 vulnerability which has a CVSS score of 7.8 (on a scale of 10). This is a buffer overflow vulnerability that could allow an attacker, in conjunction with another Google Chrome flaw, to execute high arbitrary code.

In addition to this Patch Tuesday, it has also been verified that Chrome also benefits from an update to correct this flaw. Other security issues include a large number of remote code execution (RCE) vulnerabilities in Exchange Server, the network file system, Microsoft Teams, as well as in the Windows Hyper-V virtualization platform.

Of these failures, the most serious appears to be the Network File System (CVE-2020-17051), which has a CVSS score of 9.8. However, Microsoft claims that due to the complexity of a possible attack that exploits this flaw, its actual severity is quite low. We can also mention memory corruption in Microsoft Scripting Engine, Internet Explorer (CVE-2020-17053) and remote code execution failures in HEVC codec library.

For the rest, Microsoft is very discreet on how the vulnerabilities of this Patch Tuesday can be exploited, and their effects on the machine. Due to the extent and severity of the vulnerabilities, however, it seems essential to keep your machine up to date, and for that, in Windows 10 Go to Start> Settings> Updates & Security> Windows Update. There you need to click on Check for Updates.

SOURCE

Help us grow, visit our Facebook page and leave your taste, to have access to all the information first hand. And if you liked the article, don’t forget to share it with your friends. Also follow us on Google News, select us among your favorites by clicking on the star.

Founder of Noticias e Tecnologia, and this is his second online project, after several years connected to a portal focused on the Android system, of which he was also one of its founders.

IT professional and passionate about new technologies, motorsports and mountain biking

Close