Microsoft Patch Tuesday, December 2020 Edition

Microsoft today released 58 security fixes across 10+ products and services, as part of the company’s monthly Patch Tuesday. More than a third of this month’s patches (22) are classified as remote code execution (RCE) vulnerabilities. These are security bugs that need to be addressed right away as they are more easily exploitable, with no user interaction, either via the internet or from across a local network. Yes, good people of the Windows world, it’s time once again to use XEOX!

Get back full control on windows update by using XEOX Job Editor.

The December 2020 Patch Tuesday Security Updates

Security Updates are available for the following software:

Microsoft Windows
Microsoft Edge (EdgeHTML-based)
Microsoft Edge for Android
ChakraCore
Microsoft Office and Microsoft Office Services and Web Apps
Microsoft Exchange Server
Azure DevOps
Microsoft Dynamics
Visual Studio
Azure SDK
Azure Sphere

Information about the updates:

See Microsoft’s blog detailing the benefits of the new Security Update Guide layout here.
Microsoft is improving Windows Release Notes. For more information, please see What’s next for Windows release notes.
For information regarding enabling Windows 10, version 2004 features, please see Windows 10, version 20H2 delivery options. Note that Windows 10, versions 2004 and 20H2 share a common core operating system with an identical set of system files. They will also share the same security update KBs.
For information regarding enabling Windows 10, version 1909 features, please see Windows 10, version 1909 delivery options. Note that Windows 10, versions 1903 and 1909 share a common core operating system with an identical set of system files. They will also share the same security update KBs.
Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

Tag	CVE ID	CVE Title
Active Directory	CVE-2020-0761	Active Directory Remote Code Execution Vulnerability
Active Directory	CVE-2020-0856	Active Directory Information Disclosure Vulnerability
Active Directory	CVE-2020-0718	Active Directory Remote Code Execution Vulnerability
Active Directory	CVE-2020-0664	Active Directory Information Disclosure Vulnerability
Active Directory Federation Services	CVE-2020-0837	ADFS Spoofing Vulnerability
ASP.NET	CVE-2020-1045	Microsoft ASP.NET Core Security Feature Bypass Vulnerability
Common Log File System Driver	CVE-2020-1115	Windows Common Log File System Driver Elevation of Privilege Vulnerability
Internet Explorer	CVE-2020-1012	WinINet API Elevation of Privilege Vulnerability
Internet Explorer	CVE-2020-16884	Internet Explorer Browser Helper Object (BHO) Memory Corruption Vulnerability
Internet Explorer	CVE-2020-1506	Windows Start-Up Application Elevation of Privilege Vulnerability
Microsoft Browsers	CVE-2020-0878	Microsoft Browser Memory Corruption Vulnerability
Microsoft Dynamics	CVE-2020-16857	Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
Microsoft Dynamics	CVE-2020-16858	Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
Microsoft Dynamics	CVE-2020-16860	Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
Microsoft Dynamics	CVE-2020-16859	Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
Microsoft Dynamics	CVE-2020-16861	Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
Microsoft Dynamics	CVE-2020-16872	Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
Microsoft Dynamics	CVE-2020-16864	Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
Microsoft Dynamics	CVE-2020-16878	Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
Microsoft Dynamics	CVE-2020-16862	Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
Microsoft Dynamics	CVE-2020-16871	Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
Microsoft Exchange Server	CVE-2020-16875	Microsoft Exchange Memory Corruption Vulnerability
Microsoft Graphics Component	CVE-2020-0921	Microsoft Graphics Component Information Disclosure Vulnerability
Microsoft Graphics Component	CVE-2020-0998	Windows Graphics Component Elevation of Privilege Vulnerability
Microsoft Graphics Component	CVE-2020-1091	Windows Graphics Component Information Disclosure Vulnerability
Microsoft Graphics Component	CVE-2020-1152	Windows Win32k Elevation of Privilege Vulnerability
Microsoft Graphics Component	CVE-2020-1097	Windows Graphics Component Information Disclosure Vulnerability
Microsoft Graphics Component	CVE-2020-1083	Microsoft Graphics Component Information Disclosure Vulnerability
Microsoft Graphics Component	CVE-2020-1053	DirectX Elevation of Privilege Vulnerability
Microsoft Graphics Component	CVE-2020-1308	DirectX Elevation of Privilege Vulnerability
Microsoft Graphics Component	CVE-2020-1245	Win32k Elevation of Privilege Vulnerability
Microsoft Graphics Component	CVE-2020-1285	GDI+ Remote Code Execution Vulnerability
Microsoft Graphics Component	CVE-2020-1256	Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component	CVE-2020-1250	Win32k Information Disclosure Vulnerability
Microsoft JET Database Engine	CVE-2020-1039	Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine	CVE-2020-1074	Jet Database Engine Remote Code Execution Vulnerability
Microsoft NTFS	CVE-2020-0838	NTFS Elevation of Privilege Vulnerability
Microsoft Office	CVE-2020-1594	Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office	CVE-2020-1335	Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office	CVE-2020-16855	Microsoft Office Information Disclosure Vulnerability
Microsoft Office	CVE-2020-1338	Microsoft Word Remote Code Execution Vulnerability
Microsoft Office	CVE-2020-1332	Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office	CVE-2020-1224	Microsoft Excel Information Disclosure Vulnerability
Microsoft Office	CVE-2020-1218	Microsoft Word Remote Code Execution Vulnerability
Microsoft Office	CVE-2020-1193	Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office SharePoint	CVE-2020-1345	Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint	CVE-2020-1205	Microsoft SharePoint Spoofing Vulnerability
Microsoft Office SharePoint	CVE-2020-1210	Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePoint	CVE-2020-1514	Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint	CVE-2020-1595	Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePoint	CVE-2020-1523	Microsoft SharePoint Server Tampering Vulnerability
Microsoft Office SharePoint	CVE-2020-1440	Microsoft SharePoint Server Tampering Vulnerability
Microsoft Office SharePoint	CVE-2020-1200	Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePoint	CVE-2020-1482	Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint	CVE-2020-1198	Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint	CVE-2020-1227	Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint	CVE-2020-1576	Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePoint	CVE-2020-1452	Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePoint	CVE-2020-1575	Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint	CVE-2020-1453	Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePoint	CVE-2020-1460	Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft OneDrive	CVE-2020-16853	OneDrive for Windows Elevation of Privilege Vulnerability
Microsoft OneDrive	CVE-2020-16851	OneDrive for Windows Elevation of Privilege Vulnerability
Microsoft OneDrive	CVE-2020-16852	OneDrive for Windows Elevation of Privilege Vulnerability
Microsoft Scripting Engine	CVE-2020-1057	Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2020-1180	Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2020-1172	Scripting Engine Memory Corruption Vulnerability
Microsoft Windows	CVE-2020-1596	TLS Information Disclosure Vulnerability
Microsoft Windows	CVE-2020-1169	Windows Runtime Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1593	Windows Media Audio Decoder Remote Code Execution Vulnerability
Microsoft Windows	CVE-2020-1159	Windows Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1598	Windows UPnP Service Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-0790	Microsoft splwow64 Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-0922	Microsoft COM for Windows Remote Code Execution Vulnerability
Microsoft Windows	CVE-2020-0782	Windows Cryptographic Catalog Services Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-0648	Windows RSoP Service Application Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-0766	Microsoft Store Runtime Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1590	Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1376	Windows Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1471	Windows CloudExperienceHost Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-16879	Projected Filesystem Information Disclosure Vulnerability
Microsoft Windows	CVE-2020-1013	Group Policy Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1532	Windows InstallService Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1491	Windows Function Discovery Service Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1303	Windows Runtime Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1252	Windows Remote Code Execution Vulnerability
Microsoft Windows	CVE-2020-1559	Windows Storage Services Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1507	Microsoft COM for Windows Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1508	Windows Media Audio Decoder Remote Code Execution Vulnerability
Microsoft Windows	CVE-2020-0914	Windows State Repository Service Information Disclosure Vulnerability
Microsoft Windows	CVE-2020-0886	Windows Storage Services Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-0989	Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability
Microsoft Windows	CVE-2020-0875	Microsoft splwow64 Information Disclosure Vulnerability
Microsoft Windows	CVE-2020-0912	Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1038	Windows Routing Utilities Denial of Service
Microsoft Windows	CVE-2020-0908	Windows Text Service Module Remote Code Execution Vulnerability
Microsoft Windows	CVE-2020-1052	Windows Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-0911	Windows Modules Installer Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-0805	Projected Filesystem Security Feature Bypass Vulnerability
Microsoft Windows	CVE-2020-1119	Windows Information Disclosure Vulnerability
Microsoft Windows	CVE-2020-1146	Microsoft Store Runtime Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-0951	Windows Defender Application Control Security Feature Bypass Vulnerability
Microsoft Windows	CVE-2020-1122	Windows Language Pack Installer Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1098	Windows Shell Infrastructure Component Elevation of Privilege Vulnerability
Microsoft Windows Codecs Library	CVE-2020-1319	Microsoft Windows Codecs Library Remote Code Execution Vulnerability
Microsoft Windows Codecs Library	CVE-2020-0997	Windows Camera Codec Pack Remote Code Execution Vulnerability
Microsoft Windows Codecs Library	CVE-2020-1129	Microsoft Windows Codecs Library Remote Code Execution Vulnerability
Microsoft Windows DNS	CVE-2020-0839	Windows dnsrslvr.dll Elevation of Privilege Vulnerability
Microsoft Windows DNS	CVE-2020-1228	Windows DNS Denial of Service Vulnerability
Microsoft Windows DNS	CVE-2020-0836	Windows DNS Denial of Service Vulnerability
Open Source Software	CVE-2020-16873	Xamarin.Forms Spoofing Vulnerability
SQL Server	CVE-2020-1044	SQL Server Reporting Services Security Feature Bypass Vulnerability
Visual Studio	CVE-2020-16874	Visual Studio Remote Code Execution Vulnerability
Visual Studio	CVE-2020-16856	Visual Studio Remote Code Execution Vulnerability
Visual Studio	CVE-2020-16881	Visual Studio JSON Remote Code Execution Vulnerability
Windows DHCP Server	CVE-2020-1031	Windows DHCP Server Information Disclosure Vulnerability
Windows Diagnostic Hub	CVE-2020-1130	Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
Windows Diagnostic Hub	CVE-2020-1133	Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
Windows Hyper-V	CVE-2020-0904	Windows Hyper-V Denial of Service Vulnerability
Windows Hyper-V	CVE-2020-0890	Windows Hyper-V Denial of Service Vulnerability
Windows Kernel	CVE-2020-0941	Win32k Information Disclosure Vulnerability
Windows Kernel	CVE-2020-0928	Windows Kernel Information Disclosure Vulnerability
Windows Kernel	CVE-2020-16854	Windows Kernel Information Disclosure Vulnerability
Windows Kernel	CVE-2020-1034	Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel	CVE-2020-1033	Windows Kernel Information Disclosure Vulnerability
Windows Kernel	CVE-2020-1589	Windows Kernel Information Disclosure Vulnerability
Windows Kernel	CVE-2020-1592	Windows Kernel Information Disclosure Vulnerability
Windows Print Spooler Components	CVE-2020-1030	Windows Print Spooler Elevation of Privilege Vulnerability
Windows Shell	CVE-2020-0870	Shell infrastructure component Elevation of Privilege Vulnerability

The following KBs contain information about known issues with the security updates. For a complete list of security update KBs, please see 20201208. For more information about Windows Known Issues, please see Windows message center.

KB ARTICLE	APPLIES TO
4592438	Windows 10, version 2004, Windows Server version 2004, Windows 10, version 20H2, Windows Server version 20H2
4592440	Windows 10 Version 1809, Windows Server 2019
4592449	Windows 10, version 1903, Windows Server version 1903, Windows 10, version 1909, Windows Server version 1909
4592468	Windows Server 2012 (Monthly Rollup)
4592471	Windows 7, Windows Server 2008 R2 (Monthly Rollup)
4592484	Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
4592495	Windows 8.1, Windows Server 2012 R2 (Security-only update)
4592497	Windows Server 2012 (Security-only update)
4592498	Windows Server 2008 (Monthly Rollup)
4592503	Windows 7, Windows Server 2008 R2 (Security-only update)
4592504	Windows Server 2008 (Security-only update)
4593226	Windows 10, version 1607, Windows Server 2016
4593465	Exchange Server 2019, Exchange Server 2016
4593466	Exchange Server 2013
4593467	Exchange Server 2010 Service Pack 3

More Information:

https://www.zdnet.com/article/microsoft-december-2020-patch-tuesday-fixes-58-vulnerabilities/
https://msrc.microsoft.com/update-guide/releaseNote/2020-Dec
https://wuinstall.com/index.php/blog-list/item/24-how-to-force-windows-2004-feature-upgrade-os-build-19041-to-install-using-the-command-line.html
https://windowsreport.com/windows-10-patch-tuesday-update-history/

KB4592438
KB4592440
KB4592449
KB4592468
KB4592471
KB4592484
KB4592495
KB4592497
KB4592498
KB4592503
KB4592504
KB4593226
KB4593465
KB4593466
KB4593467

CVE-2020-16996
CVE-2020-17094
CVE-2020-17095
CVE-2020-17096
CVE-2020-17098
CVE-2020-17099
CVE-2020-17115
CVE-2020-17119
CVE-2020-17120
CVE-2020-17121
CVE-2020-17122
CVE-2020-17123
CVE-2020-17124
CVE-2020-17125
CVE-2020-17126
CVE-2020-17127
CVE-2020-17128
CVE-2020-17129
CVE-2020-17130
CVE-2020-17132
CVE-2020-17133
CVE-2020-17138
CVE-2020-17140
CVE-2020-17141
CVE-2020-17142
CVE-2020-17143
CVE-2020-17144
CVE-2020-17147
CVE-2020-17148
CVE-2020-17152
CVE-2020-17153
CVE-2020-17156
CVE-2020-17158
CVE-2020-17160

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Microsoft Patch Tuesday, December 2020 Edition

The December 2020 Patch Tuesday Security Updates

Share This Post

More blog posts

What is Rootkit?

Understanding PGP Encryption

Company

Resources

ComplianCe