Microsoft Patch Tuesday, December 2020 Edition

Microsoft today released 58 security fixes across 10+ products and services, as part of the company’s monthly Patch Tuesday. More than a third of this month’s patches (22) are classified as remote code execution (RCE) vulnerabilities. These are security bugs that need to be addressed right away as they are more easily exploitable, with no user interaction, either via the internet or from across a local network. Yes, good people of the Windows world, it’s time once again to use XEOX!

Get back full control on windows update by using XEOX Job Editor.

The December 2020 Patch Tuesday Security Updates

Security Updates are available for the following software:

  • Microsoft Windows
  • Microsoft Edge (EdgeHTML-based)
  • Microsoft Edge for Android
  • ChakraCore
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Microsoft Exchange Server
  • Azure DevOps
  • Microsoft Dynamics
  • Visual Studio
  • Azure SDK
  • Azure Sphere

Information about the updates:

  • See Microsoft’s blog detailing the benefits of the new Security Update Guide layout here.
  • Microsoft is improving Windows Release Notes. For more information, please see What’s next for Windows release notes.
  • For information regarding enabling Windows 10, version 2004 features, please see Windows 10, version 20H2 delivery options. Note that Windows 10, versions 2004 and 20H2 share a common core operating system with an identical set of system files. They will also share the same security update KBs.
  • For information regarding enabling Windows 10, version 1909 features, please see Windows 10, version 1909 delivery options. Note that Windows 10, versions 1903 and 1909 share a common core operating system with an identical set of system files. They will also share the same security update KBs.
  • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
  • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
  • A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
  • Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
  • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
  • Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.
TagCVE IDCVE Title
Active DirectoryCVE-2020-0761Active Directory Remote Code Execution Vulnerability
Active DirectoryCVE-2020-0856Active Directory Information Disclosure Vulnerability
Active DirectoryCVE-2020-0718Active Directory Remote Code Execution Vulnerability
Active DirectoryCVE-2020-0664Active Directory Information Disclosure Vulnerability
Active Directory Federation ServicesCVE-2020-0837ADFS Spoofing Vulnerability
ASP.NETCVE-2020-1045Microsoft ASP.NET Core Security Feature Bypass Vulnerability
Common Log File System DriverCVE-2020-1115Windows Common Log File System Driver Elevation of Privilege Vulnerability
Internet ExplorerCVE-2020-1012WinINet API Elevation of Privilege Vulnerability
Internet ExplorerCVE-2020-16884Internet Explorer Browser Helper Object (BHO) Memory Corruption Vulnerability
Internet ExplorerCVE-2020-1506Windows Start-Up Application Elevation of Privilege Vulnerability
Microsoft BrowsersCVE-2020-0878Microsoft Browser Memory Corruption Vulnerability
Microsoft DynamicsCVE-2020-16857Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
Microsoft DynamicsCVE-2020-16858Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
Microsoft DynamicsCVE-2020-16860Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
Microsoft DynamicsCVE-2020-16859Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
Microsoft DynamicsCVE-2020-16861Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
Microsoft DynamicsCVE-2020-16872Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
Microsoft DynamicsCVE-2020-16864Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
Microsoft DynamicsCVE-2020-16878Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
Microsoft DynamicsCVE-2020-16862Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
Microsoft DynamicsCVE-2020-16871Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
Microsoft Exchange ServerCVE-2020-16875Microsoft Exchange Memory Corruption Vulnerability
Microsoft Graphics ComponentCVE-2020-0921Microsoft Graphics Component Information Disclosure Vulnerability
Microsoft Graphics ComponentCVE-2020-0998Windows Graphics Component Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2020-1091Windows Graphics Component Information Disclosure Vulnerability
Microsoft Graphics ComponentCVE-2020-1152Windows Win32k Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2020-1097Windows Graphics Component Information Disclosure Vulnerability
Microsoft Graphics ComponentCVE-2020-1083Microsoft Graphics Component Information Disclosure Vulnerability
Microsoft Graphics ComponentCVE-2020-1053DirectX Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2020-1308DirectX Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2020-1245Win32k Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2020-1285GDI+ Remote Code Execution Vulnerability
Microsoft Graphics ComponentCVE-2020-1256Windows GDI Information Disclosure Vulnerability
Microsoft Graphics ComponentCVE-2020-1250Win32k Information Disclosure Vulnerability
Microsoft JET Database EngineCVE-2020-1039Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database EngineCVE-2020-1074Jet Database Engine Remote Code Execution Vulnerability
Microsoft NTFSCVE-2020-0838NTFS Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2020-1594Microsoft Excel Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-1335Microsoft Excel Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-16855Microsoft Office Information Disclosure Vulnerability
Microsoft OfficeCVE-2020-1338Microsoft Word Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-1332Microsoft Excel Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-1224Microsoft Excel Information Disclosure Vulnerability
Microsoft OfficeCVE-2020-1218Microsoft Word Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-1193Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office SharePointCVE-2020-1345Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePointCVE-2020-1205Microsoft SharePoint Spoofing Vulnerability
Microsoft Office SharePointCVE-2020-1210Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePointCVE-2020-1514Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePointCVE-2020-1595Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePointCVE-2020-1523Microsoft SharePoint Server Tampering Vulnerability
Microsoft Office SharePointCVE-2020-1440Microsoft SharePoint Server Tampering Vulnerability
Microsoft Office SharePointCVE-2020-1200Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePointCVE-2020-1482Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePointCVE-2020-1198Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePointCVE-2020-1227Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePointCVE-2020-1576Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePointCVE-2020-1452Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePointCVE-2020-1575Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePointCVE-2020-1453Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePointCVE-2020-1460Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft OneDriveCVE-2020-16853OneDrive for Windows Elevation of Privilege Vulnerability
Microsoft OneDriveCVE-2020-16851OneDrive for Windows Elevation of Privilege Vulnerability
Microsoft OneDriveCVE-2020-16852OneDrive for Windows Elevation of Privilege Vulnerability
Microsoft Scripting EngineCVE-2020-1057Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2020-1180Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2020-1172Scripting Engine Memory Corruption Vulnerability
Microsoft WindowsCVE-2020-1596TLS Information Disclosure Vulnerability
Microsoft WindowsCVE-2020-1169Windows Runtime Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1593Windows Media Audio Decoder Remote Code Execution Vulnerability
Microsoft WindowsCVE-2020-1159Windows Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1598Windows UPnP Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-0790Microsoft splwow64 Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-0922Microsoft COM for Windows Remote Code Execution Vulnerability
Microsoft WindowsCVE-2020-0782Windows Cryptographic Catalog Services Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-0648Windows RSoP Service Application Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-0766Microsoft Store Runtime Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1590Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1376Windows Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1471Windows CloudExperienceHost Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-16879Projected Filesystem Information Disclosure Vulnerability
Microsoft WindowsCVE-2020-1013Group Policy Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1532Windows InstallService Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1491Windows Function Discovery Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1303Windows Runtime Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1252Windows Remote Code Execution Vulnerability
Microsoft WindowsCVE-2020-1559Windows Storage Services Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1507Microsoft COM for Windows Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1508Windows Media Audio Decoder Remote Code Execution Vulnerability
Microsoft WindowsCVE-2020-0914Windows State Repository Service Information Disclosure Vulnerability
Microsoft WindowsCVE-2020-0886Windows Storage Services Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-0989Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability
Microsoft WindowsCVE-2020-0875Microsoft splwow64 Information Disclosure Vulnerability
Microsoft WindowsCVE-2020-0912Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1038Windows Routing Utilities Denial of Service
Microsoft WindowsCVE-2020-0908Windows Text Service Module Remote Code Execution Vulnerability
Microsoft WindowsCVE-2020-1052Windows Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-0911Windows Modules Installer Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-0805Projected Filesystem Security Feature Bypass Vulnerability
Microsoft WindowsCVE-2020-1119Windows Information Disclosure Vulnerability
Microsoft WindowsCVE-2020-1146Microsoft Store Runtime Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-0951Windows Defender Application Control Security Feature Bypass Vulnerability
Microsoft WindowsCVE-2020-1122Windows Language Pack Installer Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1098Windows Shell Infrastructure Component Elevation of Privilege Vulnerability
Microsoft Windows Codecs LibraryCVE-2020-1319Microsoft Windows Codecs Library Remote Code Execution Vulnerability
Microsoft Windows Codecs LibraryCVE-2020-0997Windows Camera Codec Pack Remote Code Execution Vulnerability
Microsoft Windows Codecs LibraryCVE-2020-1129Microsoft Windows Codecs Library Remote Code Execution Vulnerability
Microsoft Windows DNSCVE-2020-0839Windows dnsrslvr.dll Elevation of Privilege Vulnerability
Microsoft Windows DNSCVE-2020-1228Windows DNS Denial of Service Vulnerability
Microsoft Windows DNSCVE-2020-0836Windows DNS Denial of Service Vulnerability
Open Source SoftwareCVE-2020-16873Xamarin.Forms Spoofing Vulnerability
SQL ServerCVE-2020-1044SQL Server Reporting Services Security Feature Bypass Vulnerability
Visual StudioCVE-2020-16874Visual Studio Remote Code Execution Vulnerability
Visual StudioCVE-2020-16856Visual Studio Remote Code Execution Vulnerability
Visual StudioCVE-2020-16881Visual Studio JSON Remote Code Execution Vulnerability
Windows DHCP ServerCVE-2020-1031Windows DHCP Server Information Disclosure Vulnerability
Windows Diagnostic HubCVE-2020-1130Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
Windows Diagnostic HubCVE-2020-1133Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
Windows Hyper-VCVE-2020-0904Windows Hyper-V Denial of Service Vulnerability
Windows Hyper-VCVE-2020-0890Windows Hyper-V Denial of Service Vulnerability
Windows KernelCVE-2020-0941Win32k Information Disclosure Vulnerability
Windows KernelCVE-2020-0928Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2020-16854Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2020-1034Windows Kernel Elevation of Privilege Vulnerability
Windows KernelCVE-2020-1033Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2020-1589Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2020-1592Windows Kernel Information Disclosure Vulnerability
Windows Print Spooler ComponentsCVE-2020-1030Windows Print Spooler Elevation of Privilege Vulnerability
Windows ShellCVE-2020-0870Shell infrastructure component Elevation of Privilege Vulnerability

The following KBs contain information about known issues with the security updates. For a complete list of security update KBs, please see 20201208. For more information about Windows Known Issues, please see Windows message center.

KB ARTICLEAPPLIES TO
4592438Windows 10, version 2004, Windows Server version 2004, Windows 10, version 20H2, Windows Server version 20H2
4592440Windows 10 Version 1809, Windows Server 2019
4592449Windows 10, version 1903, Windows Server version 1903, Windows 10, version 1909, Windows Server version 1909
4592468Windows Server 2012 (Monthly Rollup)
4592471Windows 7, Windows Server 2008 R2 (Monthly Rollup)
4592484Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
4592495Windows 8.1, Windows Server 2012 R2 (Security-only update)
4592497Windows Server 2012 (Security-only update)
4592498Windows Server 2008 (Monthly Rollup)
4592503Windows 7, Windows Server 2008 R2 (Security-only update)
4592504Windows Server 2008 (Security-only update)
4593226Windows 10, version 1607, Windows Server 2016
4593465Exchange Server 2019, Exchange Server 2016
4593466Exchange Server 2013
4593467Exchange Server 2010 Service Pack 3

More Information:

https://www.zdnet.com/article/microsoft-december-2020-patch-tuesday-fixes-58-vulnerabilities/
https://msrc.microsoft.com/update-guide/releaseNote/2020-Dec
https://wuinstall.com/index.php/blog-list/item/24-how-to-force-windows-2004-feature-upgrade-os-build-19041-to-install-using-the-command-line.html
https://windowsreport.com/windows-10-patch-tuesday-update-history/

KB4592438
KB4592440
KB4592449
KB4592468
KB4592471
KB4592484
KB4592495
KB4592497
KB4592498
KB4592503
KB4592504
KB4593226
KB4593465
KB4593466
KB4593467

Share This Post

Share on facebook
Share on linkedin
Share on twitter
Share on email

More blog posts

Uncategorized

RMM tools and why you should use two

RMM tools and why you should use two An Remote monitoring and management tool (also called RMM tool) is the process of supervising and controlling