Patch Tuesday Archive
Patch Tuesday December 2020
Total CVEs
59
Critical
9
Important
47
Exploited
0
Publicly Disclosed
0
All CVEs this month 59
| CVE | Title | Severity | CVSS | Product | Exploited | Disclosed |
|---|---|---|---|---|---|---|
| CVE-2020-17095 | Windows Hyper-V Remote Code Execution Vulnerability | Critical | 8.5 |
Windows Hyper-V | - | - |
| CVE-2020-17117 | Microsoft Exchange Remote Code Execution Vulnerability | Critical | 6.6 |
Microsoft Exchange Server | - | - |
| CVE-2020-17118 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical | 8.1 |
Microsoft Office SharePoint | - | - |
| CVE-2020-17121 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical | 8.8 |
Microsoft Office SharePoint | - | - |
| CVE-2020-17131 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Edge (HTML-based) | - | - |
| CVE-2020-17132 | Microsoft Exchange Remote Code Execution Vulnerability | Critical | 9.1 |
Microsoft Exchange Server | - | - |
| CVE-2020-17142 | Microsoft Exchange Remote Code Execution Vulnerability | Critical | 9.1 |
Microsoft Exchange Server | - | - |
| CVE-2020-17152 | Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability | Critical | 8.8 |
Microsoft Dynamics | - | - |
| CVE-2020-17158 | Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability | Critical | 8.8 |
Microsoft Dynamics | - | - |
| ADV200013 | Microsoft Guidance for Addressing Spoofing Vulnerability in DNS Resolver | Important | - | Microsoft Windows DNS | - | - |
| CVE-2020-16958 | Windows Backup Engine Elevation of Privilege Vulnerability | Important | 7.8 |
Windows Backup Engine | - | - |
| CVE-2020-16959 | Windows Backup Engine Elevation of Privilege Vulnerability | Important | 7.8 |
Windows Backup Engine | - | - |
| CVE-2020-16960 | Windows Backup Engine Elevation of Privilege Vulnerability | Important | 7.8 |
Windows Backup Engine | - | - |
| CVE-2020-16961 | Windows Backup Engine Elevation of Privilege Vulnerability | Important | 7.8 |
Windows Backup Engine | - | - |
| CVE-2020-16962 | Windows Backup Engine Elevation of Privilege Vulnerability | Important | 7.8 |
Windows Backup Engine | - | - |
| CVE-2020-16963 | Windows Backup Engine Elevation of Privilege Vulnerability | Important | 7.8 |
Windows Backup Engine | - | - |
| CVE-2020-16964 | Windows Backup Engine Elevation of Privilege Vulnerability | Important | 7.8 |
Windows Backup Engine | - | - |
| CVE-2020-16971 | Azure SDK for Java Security Feature Bypass Vulnerability | Important | 7.4 |
Azure SDK | - | - |
| CVE-2020-16996 | Kerberos Security Feature Bypass Vulnerability | Important | 6.5 |
Microsoft Windows | - | - |
| CVE-2020-17002 | Azure SDK for C Security Feature Bypass Vulnerability | Important | 7.4 |
Azure DevOps | - | - |
| CVE-2020-17089 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important | 7.1 |
Microsoft Office SharePoint | - | - |
| CVE-2020-17092 | Windows Network Connections Service Elevation of Privilege Vulnerability | Important | 7.8 |
Microsoft Windows | - | - |
| CVE-2020-17094 | Windows Error Reporting Information Disclosure Vulnerability | Important | 5.5 |
Windows Error Reporting | - | - |
| CVE-2020-17096 | Windows NTFS Remote Code Execution Vulnerability | Important | 7.5 |
Windows SMB | - | - |
| CVE-2020-17097 | Windows Digital Media Receiver Elevation of Privilege Vulnerability | Important | 3.3 |
Windows Media | - | - |
| CVE-2020-17098 | Windows GDI+ Information Disclosure Vulnerability | Important | 5.5 |
Microsoft Graphics Component | - | - |
| CVE-2020-17099 | Windows Lock Screen Security Feature Bypass Vulnerability | Important | 6.8 |
Windows Lock Screen | - | - |
| CVE-2020-17103 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Important | 7 |
Microsoft Windows | - | - |
| CVE-2020-17119 | Microsoft Outlook Information Disclosure Vulnerability | Important | 6.5 |
Microsoft Office | - | - |
| CVE-2020-17120 | Microsoft SharePoint Information Disclosure Vulnerability | Important | 5.3 |
Microsoft Office SharePoint | - | - |
| CVE-2020-17122 | Microsoft Excel Remote Code Execution Vulnerability | Important | 7.8 |
Microsoft Office | - | - |
| CVE-2020-17123 | Microsoft Excel Remote Code Execution Vulnerability | Important | 7.8 |
Microsoft Office | - | - |
| CVE-2020-17124 | Microsoft PowerPoint Remote Code Execution Vulnerability | Important | 7.8 |
Microsoft Office | - | - |
| CVE-2020-17125 | Microsoft Excel Remote Code Execution Vulnerability | Important | 7.8 |
Microsoft Office | - | - |
| CVE-2020-17126 | Microsoft Excel Information Disclosure Vulnerability | Important | 5.5 |
Microsoft Office | - | - |
| CVE-2020-17127 | Microsoft Excel Remote Code Execution Vulnerability | Important | 7.8 |
Microsoft Office | - | - |
| CVE-2020-17128 | Microsoft Excel Remote Code Execution Vulnerability | Important | 7.8 |
Microsoft Office | - | - |
| CVE-2020-17129 | Microsoft Excel Remote Code Execution Vulnerability | Important | 7.8 |
Microsoft Office | - | - |
| CVE-2020-17130 | Microsoft Excel Security Feature Bypass Vulnerability | Important | 6.5 |
Microsoft Office | - | - |
| CVE-2020-17133 | Microsoft Dynamics Business Central/NAV Information Disclosure | Important | 6.5 |
Microsoft Dynamics | - | - |
| CVE-2020-17134 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Important | 7.8 |
Microsoft Windows | - | - |
| CVE-2020-17135 | Azure DevOps Server Spoofing Vulnerability | Important | 6.4 |
Azure DevOps | - | - |
| CVE-2020-17136 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Important | 7.8 |
Microsoft Windows | - | - |
| CVE-2020-17137 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Important | 7.8 |
Microsoft Graphics Component | - | - |
| CVE-2020-17138 | Windows Error Reporting Information Disclosure Vulnerability | Important | 5.5 |
Microsoft Windows | - | - |
| CVE-2020-17139 | Windows Overlay Filter Security Feature Bypass Vulnerability | Important | 7.8 |
Microsoft Windows | - | - |
| CVE-2020-17140 | Windows SMB Information Disclosure Vulnerability | Important | 8.1 |
Windows SMB | - | - |
| CVE-2020-17141 | Microsoft Exchange Remote Code Execution Vulnerability | Important | 8.4 |
Microsoft Exchange Server | - | - |
| CVE-2020-17143 | Microsoft Exchange Server Information Disclosure Vulnerability | Important | 8.8 |
Microsoft Exchange Server | - | - |
| CVE-2020-17144 | Microsoft Exchange Remote Code Execution Vulnerability | Important | 8.4 |
Microsoft Exchange Server | - | - |
| CVE-2020-17145 | Azure DevOps Server and Team Foundation Services Spoofing Vulnerability | Important | 5.4 |
Azure DevOps | - | - |
| CVE-2020-17147 | Dynamics CRM Webclient Cross-site Scripting Vulnerability | Important | 8.7 |
Microsoft Dynamics | - | - |
| CVE-2020-17148 | Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability | Important | 7.8 |
Visual Studio | - | - |
| CVE-2020-17150 | Unknown | Important | 7.8 |
Visual Studio | - | - |
| CVE-2020-17156 | Visual Studio Remote Code Execution Vulnerability | Important | 7.8 |
Visual Studio | - | - |
| CVE-2020-17159 | Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability | Important | 7.8 |
Visual Studio | - | - |
| CVE-2020-17115 | Microsoft SharePoint Server Spoofing Vulnerability | Moderate | 8 |
Microsoft Office SharePoint | - | - |
| CVE-2020-17153 | Microsoft Edge for Android Spoofing Vulnerability | Moderate | 4.3 |
Microsoft Edge (HTML-based) | - | - |
| CVE-2020-17160 | RETRACTED | Unknown | - | - | - |
Threat Categories 6
| Threat Category | CVEs | Critical |
|---|---|---|
| Remote Code Execution | 23 | 9 |
| Elevation of Privilege | 14 | - |
| Information Disclosure | 9 | - |
| Spoofing | 6 | - |
| Security Feature Bypass | 6 | - |
| Unknown | 1 | - |
Affected Products 18
| Product | CVEs | Exploited |
|---|---|---|
| Microsoft Office | 10 | - |
| Windows Backup Engine | 7 | - |
| Microsoft Windows | 7 | - |
| Microsoft Exchange Server | 6 | - |
| Microsoft Office SharePoint | 5 | - |
| Microsoft Dynamics | 4 | - |
| Visual Studio | 4 | - |
| Azure DevOps | 3 | - |
| Microsoft Edge (HTML-based) | 2 | - |
| Windows SMB | 2 | - |
| Microsoft Graphics Component | 2 | - |
| Windows Hyper-V | 1 | - |
| Microsoft Windows DNS | 1 | - |
| Azure SDK | 1 | - |
| Windows Error Reporting | 1 | - |
| Windows Media | 1 | - |
| Windows Lock Screen | 1 | - |
| Other | 1 | - |