Patch Analysis for November 2020

Welcome to this November Patch Tuesday Bulletin. This month we have updates that address vulnerabilities for 8 technologies. Across these 8 technologies there were 112 vulnerabilities, 4 technologies with critical vulnerabilities, and one vulnerability that was actively exploited and publicly disclosed. CVE-2020-17087 is an elevation of privilege vulnerability that was observed being actively exploited in the wild and disclosed as part of project zero. Based on the timeline of exploitation you may think that attacks were related to the US election but project zero reports this is not the case. This vulnerability received a CVSS score of 7.8 which is fairly high but Microsoft rates it as Important. Needless to say, it is important to track this vulnerability in your patch and vulnerability management program. There was one critical vulnerability (CVE-2020-17052) that affects Edge and IE with a workaround/mitigation. Microsoft advises that organizations evaluate this workaround if there are high risk systems that cannot be patched in a timely manner.

Over the years we've had millions of visitors to UltimateWindowsSecurity.com. Every month we have thousands and thousands of visitors to our Security Log Encyclopedia which documents all of the Security Log event ID’s for Windows Server OS’s. Back in 2007 when SharePoint added auditing capability, I realized that my audience not only needed the event information from SharePoint but I also found a similar need in SQL Server and Exchange. So not only did I document the data but I also started to develop the means to extract that event data from these applications so that it’s accessible and useable to the end user. Some 8 years later and LOGbinder is continuing to grow as companies realize LOGbinder bridges the gap between these applications and their infosec team. Visit LOGbinder.com to download a free 30-day fully functional trial and see the security event data that you have literally been missing.

So, without further ado, here’s the chart of MS patches this month.

Patch data provided by:

Technology

Products Affected

Severity

Reference

Workaround/ Exploited

Vulnerability Info

Internet Explorer

IE 11

Critical

CVE-2020-17052*

CVE-2020-17053

CVE-2020-17058

*Workaround: Yes

**Public: No

Exploited: No

Remote Code Execution

Edge

HTML-based

Critical

CVE-2020-17048

CVE-2020-17052*

CVE-2020-17054

CVE-2020-17058

*Workaround: Yes

**Public: No

Exploited: No

Remote Code Execution

ChakraCore

All

Critical

CVE-2020-17048

CVE-2020-17054

*Workaround: No

**Public: No

Exploited: No

Remote Code Execution

Windows

 

 

CVE-2020-1599

CVE-2020-16997

CVE-2020-16998

CVE-2020-16999

CVE-2020-17000

CVE-2020-17001

CVE-2020-17004

CVE-2020-17007

CVE-2020-17010

CVE-2020-17011

CVE-2020-17012

CVE-2020-17013

CVE-2020-17014

CVE-2020-17024

CVE-2020-17025

CVE-2020-17026

CVE-2020-17027

CVE-2020-17028

CVE-2020-17029

CVE-2020-17030

CVE-2020-17031

CVE-2020-17032

CVE-2020-17033

CVE-2020-17034

CVE-2020-17035

CVE-2020-17036

CVE-2020-17037

CVE-2020-17038

CVE-2020-17040

CVE-2020-17041

CVE-2020-17042

CVE-2020-17043

CVE-2020-17044

CVE-2020-17045

CVE-2020-17046

CVE-2020-17047

CVE-2020-17049

CVE-2020-17051

CVE-2020-17055

CVE-2020-17056

CVE-2020-17057

CVE-2020-17068

CVE-2020-17069

CVE-2020-17070

CVE-2020-17071

CVE-2020-17073

CVE-2020-17074

CVE-2020-17075

CVE-2020-17076

CVE-2020-17077

CVE-2020-17078

CVE-2020-17079

CVE-2020-17081

CVE-2020-17082

CVE-2020-17086

CVE-2020-17087**

CVE-2020-17088

CVE-2020-17090

CVE-2020-17101

CVE-2020-17102

CVE-2020-17105

CVE-2020-17106

CVE-2020-17107

CVE-2020-17108

CVE-2020-17109

CVE-2020-17110

CVE-2020-17113

*Workaround: No

**Public: Yes

Exploited: Yes

Elevation of Privilege

Impact

Information Disclosure

Remote Code Execution

Security Feature Bypass

Spoofing

 

Office, Office Services, and Web Apps

365 Apps for Enterprise

Excel 2010, 2013, 2016

Office 2010, 2013, 2016, 2019, 2019 for Mac

Office Online Server, Web Apps 2013

SharePoint Enterprise Server 2013, 2016

SharePoint Foundation 2010, 2013

SharePoint Server 2010, 2019

Teams

Word 2010, 2013, 2016

Important

CVE-2020-16979

CVE-2020-17015

CVE-2020-17016

CVE-2020-17017

CVE-2020-17019

CVE-2020-17020

CVE-2020-17060

CVE-2020-17061

CVE-2020-17062

CVE-2020-17063

CVE-2020-17064

CVE-2020-17065

CVE-2020-17066

CVE-2020-17067

CVE-2020-17091

*Workaround: No

**Public: No

Exploited: No

Information Disclosure

Remote Code Execution

Security Feature Bypass

Spoofing

Azure

Azure Sphere

Azure DevOps Server 2019

Critical

CVE-2020-1325

CVE-2020-16970

CVE-2020-16981

CVE-2020-16982

CVE-2020-16983

CVE-2020-16984

CVE-2020-16985

CVE-2020-16986

CVE-2020-16987

CVE-2020-16988

CVE-2020-16989

CVE-2020-16990

CVE-2020-16991

CVE-2020-16992

CVE-2020-16993

CVE-2020-16994

*Workaround: No

**Public: No

Exploited: No

Denial of Service

Elevation of Privilege

Information Disclosure

Remote Code Execution

Spoofing

Tampering

Exchange Server

Exchange Server 2013, 2016, 2019

Important

CVE-2020-17083

CVE-2020-17084

CVE-2020-17085

*Workaround: No

**Public: No

Exploited: No

Denial of Service

Remote Code Execution

Visual Studio

Visual Studio 2017, 2019

Visual Studio Code

Important

CVE-2020-17100

CVE-2020-17104

*Workaround: No

**Public: No

Exploited: No

Tampering

Remote Code Execution

Dynamics

Dynamics 365, CRM 2015, 365 On Premise

Important

CVE-2020-17005

CVE-2020-17006

CVE-2020-17018

CVE-2020-17021

*Workaround: No

**Public: No

Exploited: No

Spoofing

Receive Randy's same-day, independent analysis each Patch Tuesday

"Thank you. I am very glad I subscribed to this newsletter.  Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

-  Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The "Randy’s Recommendation" comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.

 

Additional Resources