D

on't miss a single vulnerability this Patch Tuesday. The latest patches and updates from Microsoft and multiple third-party applications can be found in November's Patch Tuesday Index below.

Automox Patch Tuesday expert Jay Goodman will be breaking down all of November's Patch Tuesday releases tomorrow, November 11, 2020. Register here so you can prioritize the patches for your environment and ask any question you may have.

We went ahead and included some out-of-band patches from Google, Adobe, Mozilla, and Apple as their were some zero-days and critical fixes released.

Updated Live. Last Update 10:41 AM EST November 10 2020.


chrome Google
Product
Description
Identifier
Severity
Google Chrome CVE-2020-16009 currently has known exploit code in the wild. Chrome 86.0.4240.183 High
adobe Adobe
Product
Title
Identifier
Severity
Adobe Connect 2 Security Vulnerabilities fixed in Adobe Connect APSB20-69 High
Adobe Reader Mobile 1 Security Vulnerability fixed in Adobe Reader Mobile APSB20-71 High
Adobe Illustrator 7 Security Vulnerabilities fixed in Adobe Illustrator APSB20-53 High
Adobe Dreamweaver 1 Security Vulnerability fixed in Adobe Dreamweaver APSB20-55 High
Adobe Marketo 1 Security Vulnerability fixed in Adobe Marketo APSB20-60 High
Adobe Animate 4 Security Vulnerabilities fixed in Adobe Animate APSB20-61 High
Adobe After Effects 2 Security Vulnerabilities fixed in Adobe After Effects APSB20-62 High
Adobe Photoshop 1 Security Vulnerability fixed in Adobe Photoshop APSB20-63 High
Adobe Premiere Pro 1 Security Vulnerability fixed in Adobe Premiere Pro APSB20-64 High
Adobe Media Encoder 1 Security Vulnerability fixed in Adobe Media Encoder APSB20-65 High
Adobe InDesign 1 Security Vulnerability fixed in Adobe InDesign APSB20-66 High
Adobe Creative Cloud 1 Security Vulnerability fixed in Adobe Creative Cloud APSB20-68 High
Adobe Acrobat and Reader 14 Security Vulnerabilities fixed in Adobe Acrobat and Reader APSB20-67 High
firefox Mozilla Firefox
Product
Title
Identifier
Severity
Mozilla Firefox & Firefox ESR 1 security vulnerability in Firefox 82.0.3 and Firefox ESR 78.4.1 MFSA 2020-49 Critical
Mozilla VPN 1 OAuth session fixation vulnerability MFSA 2020-48 Medium
apple Apple
Product
Title
Identifier
Severity
macOS Catalina 10.15.7 Update 3 Zero-Day Exploits CVE-2020-27930, -27932, -27950 Critical
microsoft Microsoft
Product
Title
Identifier
Severity
Azure Sphere Azure Sphere Elevation of Privilege Vulnerability CVE-2020-16988 Critical
Microsoft Windows Windows Print Spooler Remote Code Execution Vulnerability CVE-2020-17042 Critical
Microsoft Scripting Engine Chakra Scripting Engine Memory Corruption Vulnerability CVE-2020-17048 Critical
Microsoft Windows Windows Network File System Remote Code Execution Vulnerability CVE-2020-17051 Critical
Microsoft Scripting Engine Scripting Engine Memory Corruption Vulnerability CVE-2020-17052 Critical
Microsoft Scripting Engine Internet Explorer Memory Corruption Vulnerability CVE-2020-17053 Critical
Microsoft Browsers Microsoft Browser Memory Corruption Vulnerability CVE-2020-17058 Critical
Microsoft Windows Codecs Library Microsoft Raw Image Extension Remote Code Execution Vulnerability CVE-2020-17078 Critical
Microsoft Windows Codecs Library Microsoft Raw Image Extension Remote Code Execution Vulnerability CVE-2020-17079 Critical
Microsoft Windows Codecs Library Microsoft Raw Image Extension Remote Code Execution Vulnerability CVE-2020-17082 Critical
Microsoft Windows Codecs Library HEIF Image Extensions Remote Code Execution Vulnerability CVE-2020-17101 Critical
Microsoft Windows Codecs Library AV1 Video Extension Remote Code Execution Vulnerability CVE-2020-17105 Critical
Microsoft Windows Codecs Library HEVC Video Extensions Remote Code Execution Vulnerability CVE-2020-17106 Critical
Microsoft Windows Codecs Library HEVC Video Extensions Remote Code Execution Vulnerability CVE-2020-17107 Critical
Microsoft Windows Codecs Library HEVC Video Extensions Remote Code Execution Vulnerability CVE-2020-17108 Critical
Microsoft Windows Codecs Library HEVC Video Extensions Remote Code Execution Vulnerability CVE-2020-17109 Critical
Microsoft Windows Codecs Library HEVC Video Extensions Remote Code Execution Vulnerability CVE-2020-17110 Critical
Azure DevOps Azure DevOps Server and Team Foundation Services Spoofing Vulnerability CVE-2020-1325 High
Microsoft Windows Windows Spoofing Vulnerability CVE-2020-1599 High
Azure Sphere Azure Sphere Unsigned Code Execution Vulnerability CVE-2020-16970 High
Microsoft Office SharePoint Microsoft SharePoint Information Disclosure Vulnerability CVE-2020-16979 High
Azure Sphere Azure Sphere Elevation of Privilege Vulnerability CVE-2020-16981 High
Azure Sphere Azure Sphere Unsigned Code Execution Vulnerability CVE-2020-16982 High
Azure Sphere Azure Sphere Tampering Vulnerability CVE-2020-16983 High
Azure Sphere Azure Sphere Unsigned Code Execution Vulnerability CVE-2020-16984 High
Azure Sphere Azure Sphere Information Disclosure Vulnerability CVE-2020-16985 High
Azure Sphere Azure Sphere Denial of Service Vulnerability CVE-2020-16986 High
Azure Sphere Azure Sphere Unsigned Code Execution Vulnerability CVE-2020-16987 High
Azure Sphere Azure Sphere Elevation of Privilege Vulnerability CVE-2020-16989 High
Azure Sphere Azure Sphere Information Disclosure Vulnerability CVE-2020-16990 High
Azure Sphere Azure Sphere Unsigned Code Execution Vulnerability CVE-2020-16991 High
Azure Sphere Azure Sphere Elevation of Privilege Vulnerability CVE-2020-16992 High
Azure Sphere Azure Sphere Elevation of Privilege Vulnerability CVE-2020-16993 High
Azure Sphere Azure Sphere Unsigned Code Execution Vulnerability CVE-2020-16994 High
Microsoft Windows Kerberos Security Feature Bypass Vulnerability CVE-2020-16996 High
Microsoft Windows Remote Desktop Protocol Server Information Disclosure Vulnerability CVE-2020-16997 High
Microsoft Graphics Component DirectX Elevation of Privilege Vulnerability CVE-2020-16998 High
Windows WalletService Windows WalletService Information Disclosure Vulnerability CVE-2020-16999 High
Microsoft Windows Remote Desktop Protocol Client Information Disclosure Vulnerability CVE-2020-17000 High
Microsoft Windows Windows Print Spooler Elevation of Privilege Vulnerability CVE-2020-17001 High
Microsoft Graphics Component Windows Graphics Component Information Disclosure Vulnerability CVE-2020-17004 High
Microsoft Dynamics Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability CVE-2020-17005 High
Microsoft Dynamics Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability CVE-2020-17006 High
Microsoft Windows Windows Error Reporting Elevation of Privilege Vulnerability CVE-2020-17007 High
Microsoft Windows Win32k Elevation of Privilege Vulnerability CVE-2020-17010 High
Microsoft Windows Windows Port Class Library Elevation of Privilege Vulnerability CVE-2020-17011 High
Microsoft Windows Windows Bind Filter Driver Elevation of Privilege Vulnerability CVE-2020-17012 High
Microsoft Windows Win32k Information Disclosure Vulnerability CVE-2020-17013 High
Microsoft Windows Windows Print Spooler Elevation of Privilege Vulnerability CVE-2020-17014 High
Microsoft Office SharePoint Microsoft SharePoint Spoofing Vulnerability CVE-2020-17016 High
Microsoft Office SharePoint Microsoft SharePoint Information Disclosure Vulnerability CVE-2020-17017 High
Microsoft Dynamics Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability CVE-2020-17018 High
Microsoft Office Microsoft Excel Remote Code Execution Vulnerability CVE-2020-17019 High
Microsoft Office Microsoft Word Security Feature Bypass Vulnerability CVE-2020-17020 High
Microsoft Dynamics Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability CVE-2020-17021 High
Microsoft Windows Windows Client Side Rendering Print Provider Elevation of Privilege Vulnerability CVE-2020-17024 High
Microsoft Windows Windows Remote Access Elevation of Privilege Vulnerability CVE-2020-17025 High
Microsoft Windows Windows Remote Access Elevation of Privilege Vulnerability CVE-2020-17026 High
Microsoft Windows Windows Remote Access Elevation of Privilege Vulnerability CVE-2020-17027 High
Microsoft Windows Windows Remote Access Elevation of Privilege Vulnerability CVE-2020-17028 High
Microsoft Graphics Component Windows Canonical Display Driver Information Disclosure Vulnerability CVE-2020-17029 High
Microsoft Windows Windows MSCTF Server Information Disclosure Vulnerability CVE-2020-17030 High
Microsoft Windows Windows Remote Access Elevation of Privilege Vulnerability CVE-2020-17031 High
Microsoft Windows Windows Remote Access Elevation of Privilege Vulnerability CVE-2020-17032 High
Microsoft Windows Windows Remote Access Elevation of Privilege Vulnerability CVE-2020-17033 High
Microsoft Windows Windows Remote Access Elevation of Privilege Vulnerability CVE-2020-17034 High
Windows Kernel Windows Kernel Elevation of Privilege Vulnerability CVE-2020-17035 High
Microsoft Windows Windows Function Discovery SSDP Provider Information Disclosure Vulnerability CVE-2020-17036 High
Windows WalletService Windows WalletService Elevation of Privilege Vulnerability CVE-2020-17037 High
Microsoft Graphics Component Win32k Elevation of Privilege Vulnerability CVE-2020-17038 High
Microsoft Windows Windows Hyper-V Security Feature Bypass Vulnerability CVE-2020-17040 High
Microsoft Windows Windows Print Configuration Elevation of Privilege Vulnerability CVE-2020-17041 High
Microsoft Windows Windows Remote Access Elevation of Privilege Vulnerability CVE-2020-17043 High
Microsoft Windows Windows Remote Access Elevation of Privilege Vulnerability CVE-2020-17044 High
Microsoft Windows Windows KernelStream Information Disclosure Vulnerability CVE-2020-17045 High
Microsoft Windows Windows Network File System Denial of Service Vulnerability CVE-2020-17047 High
Microsoft Windows Kerberos Security Feature Bypass Vulnerability CVE-2020-17049 High
Microsoft Scripting Engine Chakra Scripting Engine Memory Corruption Vulnerability CVE-2020-17054 High
Microsoft Windows Windows Remote Access Elevation of Privilege Vulnerability CVE-2020-17055 High
Microsoft Windows Windows Network File System Remote Code Execution Vulnerability CVE-2020-17056 High
Microsoft Windows Windows Win32k Elevation of Privilege Vulnerability CVE-2020-17057 High
Microsoft Office SharePoint Microsoft SharePoint Spoofing Vulnerability CVE-2020-17060 High
Microsoft Office SharePoint Microsoft SharePoint Remote Code Execution Vulnerability CVE-2020-17061 High
Microsoft Office Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability CVE-2020-17062 High
Microsoft Office Microsoft SharePoint Spoofing Vulnerability CVE-2020-17063 High
Microsoft Office Microsoft Excel Remote Code Execution Vulnerability CVE-2020-17064 High
Microsoft Office Microsoft Excel Remote Code Execution Vulnerability CVE-2020-17065 High
Microsoft Office Microsoft Excel Remote Code Execution Vulnerability CVE-2020-17066 High
Microsoft Office Microsoft Excel Security Feature Bypass Vulnerability CVE-2020-17067 High
Microsoft Graphics Component Windows GDI+ Remote Code Execution Vulnerability CVE-2020-17068 High
Windows NDIS Windows NDIS Information Disclosure Vulnerability CVE-2020-17069 High
Windows Update Stack Windows Update Medic Service Elevation of Privilege Vulnerability CVE-2020-17070 High
Windows Update Stack Windows Delivery Optimization Information Disclosure Vulnerability CVE-2020-17071 High
Windows Update Stack Windows Update Orchestrator Service Elevation of Privilege Vulnerability CVE-2020-17073 High
Windows Update Stack Windows Update Orchestrator Service Elevation of Privilege Vulnerability CVE-2020-17074 High
Windows Update Stack Windows USO Core Worker Elevation of Privilege Vulnerability CVE-2020-17075 High
Windows Update Stack Windows Update Orchestrator Service Elevation of Privilege Vulnerability CVE-2020-17076 High
Windows Update Stack Windows Update Stack Elevation of Privilege Vulnerability CVE-2020-17077 High
Microsoft Windows Codecs Library Microsoft Raw Image Extension Information Disclosure Vulnerability CVE-2020-17081 High
Microsoft Exchange Server Microsoft Exchange Server Remote Code Execution Vulnerability CVE-2020-17083 High
Microsoft Exchange Server Microsoft Exchange Server Remote Code Execution Vulnerability CVE-2020-17084 High
Microsoft Exchange Server Microsoft Exchange Server Denial of Service Vulnerability CVE-2020-17085 High
Microsoft Windows Codecs Library Microsoft Raw Image Extension Remote Code Execution Vulnerability CVE-2020-17086 High
Windows Kernel Windows Kernel Local Elevation of Privilege Vulnerability CVE-2020-17087 High
Common Log File System Driver Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2020-17088 High
Windows Defender Microsoft Defender for Endpoint Security Feature Bypass Vulnerability CVE-2020-17090 High
Microsoft Teams Microsoft Teams Remote Code Execution Vulnerability CVE-2020-17091 High
Visual Studio Visual Studio Tampering Vulnerability CVE-2020-17100 High
Microsoft Windows Codecs Library WebP Image Extensions Information Disclosure Vulnerability CVE-2020-17102 High
Visual Studio Visual Studio Code JSHint Extension Remote Code Execution Vulnerability CVE-2020-17104 High
Microsoft Office SharePoint Microsoft SharePoint Spoofing Vulnerability CVE-2020-17015 Low
Microsoft Windows Windows Error Reporting Denial of Service Vulnerability CVE-2020-17046 Low

 

About Automox

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure. 

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.

More posts like this:

Patch TuesdayVulnerability
# of endpoints

15-day free trial. No credit card required.

By submitting this form you agree to our terms of service.

Already have an account?