Microsoft Patch Tuesday, November 2020 Edition

Microsoft today released fixes for 112 separate flaws, including one zero-day vulnerability that is already being exploited to attack Windows users. Tracked as CVE-2020-17087, the zero-day was disclosed on October 30 by the Google Project Zero and TAG security teams. Google said the vulnerability was being exploited together with a Chrome zero-day to target Windows 7 and Windows 10 users. Yes, good people of the Windows world, it’s time once again to use XEOX!

Get back full control on windows update by using XEOX Job Editor.

The November 2020 Patch Tuesday Security Updates

Security Updates are available for the following software:

  • Microsoft Windows
  • Microsoft Edge (EdgeHTML-based)
  • Microsoft Edge for Android
  • ChakraCore
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Microsoft Exchange Server
  • Azure DevOps
  • Microsoft Dynamics
  • Visual Studio
  • Azure SDK
  • Azure SphereMicrosoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Internet Explorer
  • Microsoft Edge (EdgeHTML-based)
  • Microsoft Edge (Chromium-based)
  • ChakraCore
  • Microsoft Exchange Server
  • Microsoft Dynamics
  • Microsoft Windows Codecs Library
  • Azure Sphere
  • Windows Defender
  • Microsoft Teams
  • Azure SDK
  • Azure DevOps
  • Visual Studio

Information about the updates:

  • See Microsoft’s blog detailing the benfits of the new Security Update Guide layout here.
  • Microsoft is improving Windows Release Notes. For more information, please see What’s next for Windows release notes.
  • For information regarding enabling Windows 10, version 2004 features, please see Windows 10, version 20H2 delivery options. Note that Windows 10, versions 2004 and 20H2 share a common core operating system with an identical set of system files. They will also share the same security update KBs.
  • For information regarding enabling Windows 10, version 1909 features, please see Windows 10, version 1909 delivery options. Note that Windows 10, versions 1903 and 1909 share a common core operating system with an identical set of system files. They will also share the same security update KBs.
  • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
  • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
  • A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
  • Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
  • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
  • Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.
TagCVE IDCVE Title
Azure DevOpsCVE-2020-1325Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
Azure SphereCVE-2020-16985Azure Sphere Information Disclosure Vulnerability
Azure SphereCVE-2020-16986Azure Sphere Denial of Service Vulnerability
Azure SphereCVE-2020-16987Azure Sphere Unsigned Code Execution Vulnerability
Azure SphereCVE-2020-16984Azure Sphere Unsigned Code Execution Vulnerability
Azure SphereCVE-2020-16981Azure Sphere Elevation of Privilege Vulnerability
Azure SphereCVE-2020-16982Azure Sphere Unsigned Code Execution Vulnerability
Azure SphereCVE-2020-16983Azure Sphere Tampering Vulnerability
Azure SphereCVE-2020-16988Azure Sphere Elevation of Privilege Vulnerability
Azure SphereCVE-2020-16993Azure Sphere Elevation of Privilege Vulnerability
Azure SphereCVE-2020-16994Azure Sphere Unsigned Code Execution Vulnerability
Azure SphereCVE-2020-16970Azure Sphere Unsigned Code Execution Vulnerability
Azure SphereCVE-2020-16992Azure Sphere Elevation of Privilege Vulnerability
Azure SphereCVE-2020-16989Azure Sphere Elevation of Privilege Vulnerability
Azure SphereCVE-2020-16990Azure Sphere Information Disclosure Vulnerability
Azure SphereCVE-2020-16991Azure Sphere Unsigned Code Execution Vulnerability
Common Log File System DriverCVE-2020-17088Windows Common Log File System Driver Elevation of Privilege Vulnerability
Microsoft BrowsersCVE-2020-17058Microsoft Browser Memory Corruption Vulnerability
Microsoft DynamicsCVE-2020-17005Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
Microsoft DynamicsCVE-2020-17018Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
Microsoft DynamicsCVE-2020-17021Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
Microsoft DynamicsCVE-2020-17006Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
Microsoft Exchange ServerCVE-2020-17083Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange ServerCVE-2020-17085Microsoft Exchange Server Denial of Service Vulnerability
Microsoft Exchange ServerCVE-2020-17084Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Graphics ComponentCVE-2020-16998DirectX Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2020-17029Windows Canonical Display Driver Information Disclosure Vulnerability
Microsoft Graphics ComponentCVE-2020-17004Windows Graphics Component Information Disclosure Vulnerability
Microsoft Graphics ComponentCVE-2020-17038Win32k Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2020-17068Windows GDI+ Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-17065Microsoft Excel Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-17064Microsoft Excel Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-17066Microsoft Excel Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-17019Microsoft Excel Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-17067Microsoft Excel Security Feature Bypass Vulnerability
Microsoft OfficeCVE-2020-17062Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-17063Microsoft Office Online Spoofing Vulnerability
Microsoft OfficeCVE-2020-17020Microsoft Word Security Feature Bypass Vulnerability
Microsoft Office SharePointCVE-2020-17016Microsoft SharePoint Spoofing Vulnerability
Microsoft Office SharePointCVE-2020-16979Microsoft SharePoint Information Disclosure Vulnerability
Microsoft Office SharePointCVE-2020-17015Microsoft SharePoint Spoofing Vulnerability
Microsoft Office SharePointCVE-2020-17017Microsoft SharePoint Information Disclosure Vulnerability
Microsoft Office SharePointCVE-2020-17061Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePointCVE-2020-17060Microsoft SharePoint Spoofing Vulnerability
Microsoft Scripting EngineCVE-2020-17048Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2020-17053Internet Explorer Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2020-17052Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2020-17054Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft TeamsCVE-2020-17091Microsoft Teams Remote Code Execution Vulnerability
Microsoft WindowsCVE-2020-17032Windows Remote Access Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-17033Windows Remote Access Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-17026Windows Remote Access Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-17031Windows Remote Access Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-17027Windows Remote Access Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-17030Windows MSCTF Server Information Disclosure Vulnerability
Microsoft WindowsCVE-2020-17028Windows Remote Access Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-17044Windows Remote Access Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-17045Windows KernelStream Information Disclosure Vulnerability
Microsoft WindowsCVE-2020-17046Windows Error Reporting Denial of Service Vulnerability
Microsoft WindowsCVE-2020-17043Windows Remote Access Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-17042Windows Print Spooler Remote Code Execution Vulnerability
Microsoft WindowsCVE-2020-17041Windows Print Configuration Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-17034Windows Remote Access Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-17049Kerberos Security Feature Bypass Vulnerability
Microsoft WindowsCVE-2020-17051Windows Network File System Remote Code Execution Vulnerability
Microsoft WindowsCVE-2020-17040Windows Hyper-V Security Feature Bypass Vulnerability
Microsoft WindowsCVE-2020-17047Windows Network File System Denial of Service Vulnerability
Microsoft WindowsCVE-2020-17036Windows Function Discovery SSDP Provider Information Disclosure Vulnerability
Microsoft WindowsCVE-2020-17000Remote Desktop Protocol Client Information Disclosure Vulnerability
Microsoft WindowsCVE-2020-1599Windows Spoofing Vulnerability
Microsoft WindowsCVE-2020-16997Remote Desktop Protocol Server Information Disclosure Vulnerability
Microsoft WindowsCVE-2020-17001Windows Print Spooler Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-17057Windows Win32k Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-17056Windows Network File System Information Disclosure Vulnerability
Microsoft WindowsCVE-2020-17055Windows Remote Access Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-17010Win32k Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-17007Windows Error Reporting Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-17014Windows Print Spooler Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-17025Windows Remote Access Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-17024Windows Client Side Rendering Print Provider Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-17013Win32k Information Disclosure Vulnerability
Microsoft WindowsCVE-2020-17011Windows Port Class Library Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-17012Windows Bind Filter Driver Elevation of Privilege Vulnerability
Microsoft Windows Codecs LibraryCVE-2020-17106HEVC Video Extensions Remote Code Execution Vulnerability
Microsoft Windows Codecs LibraryCVE-2020-17101HEIF Image Extensions Remote Code Execution Vulnerability
Microsoft Windows Codecs LibraryCVE-2020-17105AV1 Video Extension Remote Code Execution Vulnerability
Microsoft Windows Codecs LibraryCVE-2020-17102WebP Image Extensions Information Disclosure Vulnerability
Microsoft Windows Codecs LibraryCVE-2020-17082Raw Image Extension Remote Code Execution Vulnerability
Microsoft Windows Codecs LibraryCVE-2020-17086Raw Image Extension Remote Code Execution Vulnerability
Microsoft Windows Codecs LibraryCVE-2020-17081Microsoft Raw Image Extension Information Disclosure Vulnerability
Microsoft Windows Codecs LibraryCVE-2020-17079Raw Image Extension Remote Code Execution Vulnerability
Microsoft Windows Codecs LibraryCVE-2020-17078Raw Image Extension Remote Code Execution Vulnerability
Microsoft Windows Codecs LibraryCVE-2020-17107HEVC Video Extensions Remote Code Execution Vulnerability
Microsoft Windows Codecs LibraryCVE-2020-17110HEVC Video Extensions Remote Code Execution Vulnerability
Microsoft Windows Codecs LibraryCVE-2020-17113Windows Camera Codec Information Disclosure Vulnerability
Microsoft Windows Codecs LibraryCVE-2020-17108HEVC Video Extensions Remote Code Execution Vulnerability
Microsoft Windows Codecs LibraryCVE-2020-17109HEVC Video Extensions Remote Code Execution Vulnerability
Visual StudioCVE-2020-17104Visual Studio Code JSHint Extension Remote Code Execution Vulnerability
Visual StudioCVE-2020-17100Visual Studio Tampering Vulnerability
Windows DefenderCVE-2020-17090Microsoft Defender for Endpoint Security Feature Bypass Vulnerability
Windows KernelCVE-2020-17035Windows Kernel Elevation of Privilege Vulnerability
Windows KernelCVE-2020-17087Windows Kernel Local Elevation of Privilege Vulnerability
Windows NDISCVE-2020-17069Windows NDIS Information Disclosure Vulnerability
Windows Update StackCVE-2020-17074Windows Update Orchestrator Service Elevation of Privilege Vulnerability
Windows Update StackCVE-2020-17073Windows Update Orchestrator Service Elevation of Privilege Vulnerability
Windows Update StackCVE-2020-17071Windows Delivery Optimization Information Disclosure Vulnerability
Windows Update StackCVE-2020-17075Windows USO Core Worker Elevation of Privilege Vulnerability
Windows Update StackCVE-2020-17070Windows Update Medic Service Elevation of Privilege Vulnerability
Windows Update StackCVE-2020-17077Windows Update Stack Elevation of Privilege Vulnerability
Windows Update StackCVE-2020-17076Windows Update Orchestrator Service Elevation of Privilege Vulnerability
Windows WalletServiceCVE-2020-16999Windows WalletService Information Disclosure Vulnerability
Windows WalletServiceCVE-2020-17037Windows WalletService Elevation of Privilege Vulnerability

The following KBs contain information about known issues with the security updates. For a complete list of security update KBs, please see 20201208. For more information about Windows Known Issues, please see Windows message center.

KB ARTICLEAPPLIES TO
4486714SharePoint Server 2019
4486717SharePoint Server 2016
4586781Windows 10, version 2004, Windows Server version 2004, Windows 10, version 20H2, Windows Server version 20H2
4586786Windows 10, version 1903, Windows Server version 1903, Windows 10, version 1909, Windows Server version 1909
4586793Windows 10 Version 1809, Windows Server 2019
4586805Windows 7, Windows Server 2008 R2 (Security-only update)
4586807Windows Server 2008 (Monthly Rollup)
4586808Windows Server 2012 (Security-only update)
4586817Windows Server 2008 (Security-only update)
4586823Windows 8.1, Windows Server 2012 R2 (Security-only update)
4586827Windows 7, Windows Server 2008 R2 (Monthly Rollup)
4586830Windows 10, version 1607, Windows Server 2016
4586834Windows Server 2012 (Monthly Rollup)
4586845Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
4486714SharePoint Server 2019
4486717SharePoint Server 2016
4588741Microsoft Exchange Server 2013, Microsoft Exchange Server 2016, Microsoft Exchange Server 2019

More Information:

https://krebsonsecurity.com/2020/11/patch-tuesday-november-2020-edition/
https://www.zdnet.com/article/microsoft-november-2020-patch-tuesday-arrives-with-fix-for-windows-zero-day/
https://msrc.microsoft.com/update-guide/releaseNote/2020-Nov
https://wuinstall.com/index.php/blog-list/item/24-how-to-force-windows-2004-feature-upgrade-os-build-19041-to-install-using-the-command-line.html
https://windowsreport.com/windows-10-patch-tuesday-update-history/

KB4486714
KB4486717
KB4586781
KB4586786
KB4586793
KB4586805
KB4586807
KB4586808
KB4586817
KB4586823
KB4586827
KB4586830
KB4586834
KB4586845
KB4586714
KB4586717
KB4588741

Share This Post

Share on facebook
Share on linkedin
Share on twitter
Share on email

More blog posts

Tools

Microsoft Patch Tuesday, November 2021 Edition

Microsoft today rolled out updates to plug at least 110 security holes in its Windows operating systems and other software. Yes, good people of the Windows world, it’s