December 2020 Patch Tuesday Index

D

on't miss a single vulnerability this Patch Tuesday. The latest patches and updates from Microsoft and multiple third-party applications can be found in December's Patch Tuesday Index below.

The first gift of the holiday season comes from Microsoft in the form of the second lightest Patch Tuesday release of the year. December’s total of 58 new vulnerabilities pales in comparison to previous months, bringing 9 critical updates, all of which are remote code execution (RCE) bugs with the only exception being a memory corruption vulnerability.

Automox Patch Tuesday expert Justin Knapp will be breaking down all of December's Patch Tuesday releases tomorrow, December 9, 2020. Register here so you can prioritize the patches for your environment and ask any question you may have.

Updated Live. Last Update 1:02 PM EST December 8, 2020.


firefox Mozilla Firefox
Product
Title
Identifier
Severity
Mozilla Thunderbird 1 security vulnerability fixed in Thunderbird 78.5.1 MFSA 2020-53 High
adobe Adobe
Product
Title
Identifier
Severity
Adobe Prelude 1 Security Vulnerability fixed in Adobe Prelude APSB20-70 Critical
Adobe Experience Manager 2 Security Vulnerabilities fixed in Adobe Experience Manager APSB20-72 Critical
Adobe Lightroom 1 Security Vulnerability fixed in Adobe Lightroom APSB20-74 Critical
Adobe Lightroom 1 Security Vulnerability fixed in Adobe Acrobat APSB20-75 High
microsoft Microsoft
Product
Title
Identifier
Severity
Windows Hyper-V Hyper-V Remote Code Execution Vulnerability CVE-2020-17095 Critical
Microsoft Exchange Server Microsoft Exchange Remote Code Execution Vulnerability CVE-2020-17117 Critical
Microsoft Office SharePoint Microsoft SharePoint Remote Code Execution Vulnerability CVE-2020-17118 Critical
Microsoft Office SharePoint Microsoft SharePoint Remote Code Execution Vulnerability CVE-2020-17121 Critical
Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability CVE-2020-17131 Critical
Microsoft Exchange Server Microsoft Exchange Remote Code Execution Vulnerability CVE-2020-17132 Critical
Microsoft Exchange Server Microsoft Exchange Remote Code Execution Vulnerability CVE-2020-17142 Critical
Microsoft Dynamics Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability CVE-2020-17152 Critical
Microsoft Dynamics Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability CVE-2020-17158 Critical
Windows Backup Engine Windows Backup Engine Elevation of Privilege Vulnerability CVE-2020-16958 High
Windows Backup Engine Windows Backup Engine Elevation of Privilege Vulnerability CVE-2020-16959 High
Windows Backup Engine Windows Backup Engine Elevation of Privilege Vulnerability CVE-2020-16960 High
Windows Backup Engine Windows Backup Engine Elevation of Privilege Vulnerability CVE-2020-16961 High
Windows Backup Engine Windows Backup Engine Elevation of Privilege Vulnerability CVE-2020-16962 High
Windows Backup Engine Windows Backup Engine Elevation of Privilege Vulnerability CVE-2020-16963 High
Windows Backup Engine Windows Backup Engine Elevation of Privilege Vulnerability CVE-2020-16964 High
Azure SDK Azure SDK for Java Security Feature Bypass Vulnerability CVE-2020-16971 High
Microsoft Windows Kerberos Security Feature Bypass Vulnerability CVE-2020-16996 High
Azure SDK Azure SDK for C Security Feature Bypass Vulnerability CVE-2020-17002 High
Microsoft Office SharePoint Microsoft SharePoint Elevation of Privilege Vulnerability CVE-2020-17089 High
Microsoft Windows Windows Network Connections Service Elevation of Privilege Vulnerability CVE-2020-17092 High
Windows Error Reporting Windows Error Reporting Information Disclosure Vulnerability CVE-2020-17094 High
Windows SMB Windows NTFS Remote Code Execution Vulnerability CVE-2020-17096 High
Windows Media Windows Digital Media Receiver Elevation of Privilege Vulnerability CVE-2020-17097 High
Microsoft Graphics Component Windows GDI+ Information Disclosure Vulnerability CVE-2020-17098 High
Windows Lock Screen Windows Lock Screen Security Feature Bypass Vulnerability CVE-2020-17099 High
Microsoft Windows Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability CVE-2020-17103 High
Microsoft Office Microsoft Outlook Information Disclosure Vulnerability CVE-2020-17119 High
Microsoft Office SharePoint Microsoft SharePoint Information Disclosure Vulnerability CVE-2020-17120 High
Microsoft Office Microsoft Excel Remote Code Execution Vulnerability CVE-2020-17122 High
Microsoft Office Microsoft Excel Remote Code Execution Vulnerability CVE-2020-17123 High
Microsoft Office Microsoft PowerPoint Remote Code Execution Vulnerability CVE-2020-17124 High
Microsoft Office Microsoft Excel Remote Code Execution Vulnerability CVE-2020-17125 High
Microsoft Office Microsoft Excel Information Disclosure Vulnerability CVE-2020-17126 High
Microsoft Office Microsoft Excel Remote Code Execution Vulnerability CVE-2020-17127 High
Microsoft Office Microsoft Excel Remote Code Execution Vulnerability CVE-2020-17128 High
Microsoft Office Microsoft Excel Remote Code Execution Vulnerability CVE-2020-17129 High
Microsoft Office Microsoft Excel Security Feature Bypass Vulnerability CVE-2020-17130 High
Microsoft Dynamics Microsoft Dynamics Business Central/NAV Information Disclosure CVE-2020-17133 High
Microsoft Windows Windows Overlay Filter Security Feature Bypass Vulnerability CVE-2020-17134 High
Azure DevOps Azure DevOps Server Spoofing Vulnerability CVE-2020-17135 High
Microsoft Windows Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability CVE-2020-17136 High
Microsoft Graphics Component DirectX Graphics Kernel Elevation of Privilege Vulnerability CVE-2020-17137 High
Microsoft Windows Windows Error Reporting Information Disclosure Vulnerability CVE-2020-17138 High
Microsoft Windows Windows Overlay Filter Security Feature Bypass Vulnerability CVE-2020-17139 High
Windows SMB Windows SMB Information Disclosure Vulnerability CVE-2020-17140 High
Microsoft Exchange Server Microsoft Exchange Remote Code Execution Vulnerability CVE-2020-17141 High
Microsoft Exchange Server Microsoft Exchange Information Disclosure Vulnerability CVE-2020-17143 High
Microsoft Exchange Server Microsoft Exchange Remote Code Execution Vulnerability CVE-2020-17144 High
Azure DevOps Azure DevOps Server and Team Foundation Services Spoofing Vulnerability CVE-2020-17145 High
Microsoft Dynamics Dynamics CRM Webclient Cross-site Scripting Vulnerability CVE-2020-17147 High
Visual Studio Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability CVE-2020-17148 High
Visual Studio Visual Studio Code Remote Code Execution Vulnerability CVE-2020-17150 High
Visual Studio Git for Visual Studio Remote Code Execution Vulnerability CVE-2020-17156 High
Visual Studio Code Language Support for Java Extension Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability CVE-2020-17159 High
Azure Sphere Azure Sphere Security Feature Bypass Vulnerability CVE-2020-17160 High
Microsoft Office SharePoint Microsoft SharePoint Spoofing Vulnerability CVE-2020-17115 Medium
Microsoft Edge Microsoft Edge for Android Spoofing Vulnerability CVE-2020-17153 Medium


About Automox

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.

More posts like this:

Patch TuesdayVulnerability
# of endpoints

15-day free trial. No credit card required.

By submitting this form you agree to our terms of service.

Already have an account?