Microsoft today released fixes for 112 separate flaws, including one zero-day vulnerability that is already being exploited to attack Windows users. Tracked as CVE-2020-17087, the zero-day was disclosed on October 30 by the Google Project Zero and TAG security teams. Google said the vulnerability was being exploited together with a Chrome zero-day to target Windows 7 and Windows 10 users. Yes, good people of the Windows world, it’s time once again to use XEOX!
Get back full control on windows update by using XEOX Job Editor.
The November 2020 Patch Tuesday Security Updates
Security Updates are available for the following software:
- Microsoft Windows
- Microsoft Edge (EdgeHTML-based)
- Microsoft Edge for Android
- ChakraCore
- Microsoft Office and Microsoft Office Services and Web Apps
- Microsoft Exchange Server
- Azure DevOps
- Microsoft Dynamics
- Visual Studio
- Azure SDK
- Azure SphereMicrosoft Windows
- Microsoft Office and Microsoft Office Services and Web Apps
- Internet Explorer
- Microsoft Edge (EdgeHTML-based)
- Microsoft Edge (Chromium-based)
- ChakraCore
- Microsoft Exchange Server
- Microsoft Dynamics
- Microsoft Windows Codecs Library
- Azure Sphere
- Windows Defender
- Microsoft Teams
- Azure SDK
- Azure DevOps
- Visual Studio
Information about the updates:
- See Microsoft’s blog detailing the benfits of the new Security Update Guide layout here.
- Microsoft is improving Windows Release Notes. For more information, please see What’s next for Windows release notes.
- For information regarding enabling Windows 10, version 2004 features, please see Windows 10, version 20H2 delivery options. Note that Windows 10, versions 2004 and 20H2 share a common core operating system with an identical set of system files. They will also share the same security update KBs.
- For information regarding enabling Windows 10, version 1909 features, please see Windows 10, version 1909 delivery options. Note that Windows 10, versions 1903 and 1909 share a common core operating system with an identical set of system files. They will also share the same security update KBs.
- Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
- For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
- A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
- Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
- In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
- Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.
| Tag | CVE ID | CVE Title |
| Azure DevOps | CVE-2020-1325 | Azure DevOps Server and Team Foundation Services Spoofing Vulnerability |
| Azure Sphere | CVE-2020-16985 | Azure Sphere Information Disclosure Vulnerability |
| Azure Sphere | CVE-2020-16986 | Azure Sphere Denial of Service Vulnerability |
| Azure Sphere | CVE-2020-16987 | Azure Sphere Unsigned Code Execution Vulnerability |
| Azure Sphere | CVE-2020-16984 | Azure Sphere Unsigned Code Execution Vulnerability |
| Azure Sphere | CVE-2020-16981 | Azure Sphere Elevation of Privilege Vulnerability |
| Azure Sphere | CVE-2020-16982 | Azure Sphere Unsigned Code Execution Vulnerability |
| Azure Sphere | CVE-2020-16983 | Azure Sphere Tampering Vulnerability |
| Azure Sphere | CVE-2020-16988 | Azure Sphere Elevation of Privilege Vulnerability |
| Azure Sphere | CVE-2020-16993 | Azure Sphere Elevation of Privilege Vulnerability |
| Azure Sphere | CVE-2020-16994 | Azure Sphere Unsigned Code Execution Vulnerability |
| Azure Sphere | CVE-2020-16970 | Azure Sphere Unsigned Code Execution Vulnerability |
| Azure Sphere | CVE-2020-16992 | Azure Sphere Elevation of Privilege Vulnerability |
| Azure Sphere | CVE-2020-16989 | Azure Sphere Elevation of Privilege Vulnerability |
| Azure Sphere | CVE-2020-16990 | Azure Sphere Information Disclosure Vulnerability |
| Azure Sphere | CVE-2020-16991 | Azure Sphere Unsigned Code Execution Vulnerability |
| Common Log File System Driver | CVE-2020-17088 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| Microsoft Browsers | CVE-2020-17058 | Microsoft Browser Memory Corruption Vulnerability |
| Microsoft Dynamics | CVE-2020-17005 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| Microsoft Dynamics | CVE-2020-17018 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| Microsoft Dynamics | CVE-2020-17021 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| Microsoft Dynamics | CVE-2020-17006 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| Microsoft Exchange Server | CVE-2020-17083 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| Microsoft Exchange Server | CVE-2020-17085 | Microsoft Exchange Server Denial of Service Vulnerability |
| Microsoft Exchange Server | CVE-2020-17084 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| Microsoft Graphics Component | CVE-2020-16998 | DirectX Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2020-17029 | Windows Canonical Display Driver Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2020-17004 | Windows Graphics Component Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2020-17038 | Win32k Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2020-17068 | Windows GDI+ Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-17065 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-17064 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-17066 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-17019 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-17067 | Microsoft Excel Security Feature Bypass Vulnerability |
| Microsoft Office | CVE-2020-17062 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-17063 | Microsoft Office Online Spoofing Vulnerability |
| Microsoft Office | CVE-2020-17020 | Microsoft Word Security Feature Bypass Vulnerability |
| Microsoft Office SharePoint | CVE-2020-17016 | Microsoft SharePoint Spoofing Vulnerability |
| Microsoft Office SharePoint | CVE-2020-16979 | Microsoft SharePoint Information Disclosure Vulnerability |
| Microsoft Office SharePoint | CVE-2020-17015 | Microsoft SharePoint Spoofing Vulnerability |
| Microsoft Office SharePoint | CVE-2020-17017 | Microsoft SharePoint Information Disclosure Vulnerability |
| Microsoft Office SharePoint | CVE-2020-17061 | Microsoft SharePoint Remote Code Execution Vulnerability |
| Microsoft Office SharePoint | CVE-2020-17060 | Microsoft SharePoint Spoofing Vulnerability |
| Microsoft Scripting Engine | CVE-2020-17048 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2020-17053 | Internet Explorer Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2020-17052 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2020-17054 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Teams | CVE-2020-17091 | Microsoft Teams Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2020-17032 | Windows Remote Access Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-17033 | Windows Remote Access Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-17026 | Windows Remote Access Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-17031 | Windows Remote Access Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-17027 | Windows Remote Access Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-17030 | Windows MSCTF Server Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2020-17028 | Windows Remote Access Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-17044 | Windows Remote Access Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-17045 | Windows KernelStream Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2020-17046 | Windows Error Reporting Denial of Service Vulnerability |
| Microsoft Windows | CVE-2020-17043 | Windows Remote Access Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-17042 | Windows Print Spooler Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2020-17041 | Windows Print Configuration Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-17034 | Windows Remote Access Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-17049 | Kerberos Security Feature Bypass Vulnerability |
| Microsoft Windows | CVE-2020-17051 | Windows Network File System Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2020-17040 | Windows Hyper-V Security Feature Bypass Vulnerability |
| Microsoft Windows | CVE-2020-17047 | Windows Network File System Denial of Service Vulnerability |
| Microsoft Windows | CVE-2020-17036 | Windows Function Discovery SSDP Provider Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2020-17000 | Remote Desktop Protocol Client Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2020-1599 | Windows Spoofing Vulnerability |
| Microsoft Windows | CVE-2020-16997 | Remote Desktop Protocol Server Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2020-17001 | Windows Print Spooler Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-17057 | Windows Win32k Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-17056 | Windows Network File System Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2020-17055 | Windows Remote Access Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-17010 | Win32k Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-17007 | Windows Error Reporting Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-17014 | Windows Print Spooler Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-17025 | Windows Remote Access Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-17024 | Windows Client Side Rendering Print Provider Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-17013 | Win32k Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2020-17011 | Windows Port Class Library Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-17012 | Windows Bind Filter Driver Elevation of Privilege Vulnerability |
| Microsoft Windows Codecs Library | CVE-2020-17106 | HEVC Video Extensions Remote Code Execution Vulnerability |
| Microsoft Windows Codecs Library | CVE-2020-17101 | HEIF Image Extensions Remote Code Execution Vulnerability |
| Microsoft Windows Codecs Library | CVE-2020-17105 | AV1 Video Extension Remote Code Execution Vulnerability |
| Microsoft Windows Codecs Library | CVE-2020-17102 | WebP Image Extensions Information Disclosure Vulnerability |
| Microsoft Windows Codecs Library | CVE-2020-17082 | Raw Image Extension Remote Code Execution Vulnerability |
| Microsoft Windows Codecs Library | CVE-2020-17086 | Raw Image Extension Remote Code Execution Vulnerability |
| Microsoft Windows Codecs Library | CVE-2020-17081 | Microsoft Raw Image Extension Information Disclosure Vulnerability |
| Microsoft Windows Codecs Library | CVE-2020-17079 | Raw Image Extension Remote Code Execution Vulnerability |
| Microsoft Windows Codecs Library | CVE-2020-17078 | Raw Image Extension Remote Code Execution Vulnerability |
| Microsoft Windows Codecs Library | CVE-2020-17107 | HEVC Video Extensions Remote Code Execution Vulnerability |
| Microsoft Windows Codecs Library | CVE-2020-17110 | HEVC Video Extensions Remote Code Execution Vulnerability |
| Microsoft Windows Codecs Library | CVE-2020-17113 | Windows Camera Codec Information Disclosure Vulnerability |
| Microsoft Windows Codecs Library | CVE-2020-17108 | HEVC Video Extensions Remote Code Execution Vulnerability |
| Microsoft Windows Codecs Library | CVE-2020-17109 | HEVC Video Extensions Remote Code Execution Vulnerability |
| Visual Studio | CVE-2020-17104 | Visual Studio Code JSHint Extension Remote Code Execution Vulnerability |
| Visual Studio | CVE-2020-17100 | Visual Studio Tampering Vulnerability |
| Windows Defender | CVE-2020-17090 | Microsoft Defender for Endpoint Security Feature Bypass Vulnerability |
| Windows Kernel | CVE-2020-17035 | Windows Kernel Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2020-17087 | Windows Kernel Local Elevation of Privilege Vulnerability |
| Windows NDIS | CVE-2020-17069 | Windows NDIS Information Disclosure Vulnerability |
| Windows Update Stack | CVE-2020-17074 | Windows Update Orchestrator Service Elevation of Privilege Vulnerability |
| Windows Update Stack | CVE-2020-17073 | Windows Update Orchestrator Service Elevation of Privilege Vulnerability |
| Windows Update Stack | CVE-2020-17071 | Windows Delivery Optimization Information Disclosure Vulnerability |
| Windows Update Stack | CVE-2020-17075 | Windows USO Core Worker Elevation of Privilege Vulnerability |
| Windows Update Stack | CVE-2020-17070 | Windows Update Medic Service Elevation of Privilege Vulnerability |
| Windows Update Stack | CVE-2020-17077 | Windows Update Stack Elevation of Privilege Vulnerability |
| Windows Update Stack | CVE-2020-17076 | Windows Update Orchestrator Service Elevation of Privilege Vulnerability |
| Windows WalletService | CVE-2020-16999 | Windows WalletService Information Disclosure Vulnerability |
| Windows WalletService | CVE-2020-17037 | Windows WalletService Elevation of Privilege Vulnerability |
The following KBs contain information about known issues with the security updates. For a complete list of security update KBs, please see 20201208. For more information about Windows Known Issues, please see Windows message center.
| KB ARTICLE | APPLIES TO |
|---|---|
| 4486714 | SharePoint Server 2019 |
| 4486717 | SharePoint Server 2016 |
| 4586781 | Windows 10, version 2004, Windows Server version 2004, Windows 10, version 20H2, Windows Server version 20H2 |
| 4586786 | Windows 10, version 1903, Windows Server version 1903, Windows 10, version 1909, Windows Server version 1909 |
| 4586793 | Windows 10 Version 1809, Windows Server 2019 |
| 4586805 | Windows 7, Windows Server 2008 R2 (Security-only update) |
| 4586807 | Windows Server 2008 (Monthly Rollup) |
| 4586808 | Windows Server 2012 (Security-only update) |
| 4586817 | Windows Server 2008 (Security-only update) |
| 4586823 | Windows 8.1, Windows Server 2012 R2 (Security-only update) |
| 4586827 | Windows 7, Windows Server 2008 R2 (Monthly Rollup) |
| 4586830 | Windows 10, version 1607, Windows Server 2016 |
| 4586834 | Windows Server 2012 (Monthly Rollup) |
| 4586845 | Windows 8.1, Windows Server 2012 R2 (Monthly Rollup) |
| 4486714 | SharePoint Server 2019 |
| 4486717 | SharePoint Server 2016 |
| 4588741 | Microsoft Exchange Server 2013, Microsoft Exchange Server 2016, Microsoft Exchange Server 2019 |
More Information:
https://krebsonsecurity.com/2020/11/patch-tuesday-november-2020-edition/
https://www.zdnet.com/article/microsoft-november-2020-patch-tuesday-arrives-with-fix-for-windows-zero-day/
https://msrc.microsoft.com/update-guide/releaseNote/2020-Nov
https://wuinstall.com/index.php/blog-list/item/24-how-to-force-windows-2004-feature-upgrade-os-build-19041-to-install-using-the-command-line.html
https://windowsreport.com/windows-10-patch-tuesday-update-history/
KB4486714
KB4486717
KB4586781
KB4586786
KB4586793
KB4586805
KB4586807
KB4586808
KB4586817
KB4586823
KB4586827
KB4586830
KB4586834
KB4586845
KB4586714
KB4586717
KB4588741
- CVE-2020-16970 *
- CVE-2020-16979
- CVE-2020-16981 *
- CVE-2020-16982 *
- CVE-2020-16983 *
- CVE-2020-16984 *
- CVE-2020-16985 *
- CVE-2020-16986 *
- CVE-2020-16987 *
- CVE-2020-16988 *
- CVE-2020-16989 *
- CVE-2020-16990 *
- CVE-2020-16991
- CVE-2020-16992
- CVE-2020-16993
- CVE-2020-16994
- CVE-2020-16997
- CVE-2020-16999
- CVE-2020-17000
- CVE-2020-17004
- CVE-2020-17013
- CVE-2020-17017
- CVE-2020-17019
- CVE-2020-17020
- CVE-2020-17029
- CVE-2020-17030
- CVE-2020-17036
- CVE-2020-17045
- CVE-2020-17049 *
- CVE-2020-17056
- CVE-2020-17062
- CVE-2020-17063
- CVE-2020-17064
- CVE-2020-17065
- CVE-2020-17066
- CVE-2020-17067
- CVE-2020-17069
- CVE-2020-17071
- CVE-2020-17078 *
- CVE-2020-17079 *
- CVE-2020-17081 *
- CVE-2020-17082 *
- CVE-2020-17086 *
- CVE-2020-17101 *
- CVE-2020-17102 *
- CVE-2020-17105 *
- CVE-2020-17106 *
- CVE-2020-17107 *
- CVE-2020-17108 *
- CVE-2020-17109 *
- CVE-2020-17110 *
- CVE-2020-17113
