November 2020 Patch Tuesday – 112 Vulnerabilities, 17 Critical, Windows Codecs, Network File System, Workstation, Adobe
Last updated on: October 27, 2022
This month’s Microsoft Patch Tuesday addresses 112 vulnerabilities with 17 of them labeled as Critical. The 17 Critical vulnerabilities cover Windows Codecs, Network File System, Sharepoint, Windows Print Spooler, and several other workstation vulnerabilities. Adobe released patches today for Adobe Connect and Adobe Reader for Android.
Workstation Patches
The Windows Codecs, GDI+, Browser, Office and Exchange Server vulnerabilities should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes multi-user servers that are used as remote desktops for users.
SharePoint RCE
Microsoft patched six vulnerabilities in SharePoint, and one of them could lead to Remote Code Execution (CVE-2020-17061). Three of these vulnerabilities (CVE-2020-17016, CVE-2020-17015, CVE-2020-17060) involve spoofing vulnerabilities, and two (CVE-2020-16979, CVE-2020-17017) involve information disclosure vulnerabilities. The remaining one (CVE-2020-17061) is a remote code execution vulnerability. Because of this, it is highly recommended to prioritize these patches across all SharePoint deployments.
Windows Kernel Privilege Escalation
While listed as Important, there is an Actively Attacked vulnerability (CVE-2020-17087) in Microsoft Windows. This privilege escalation vulnerability was publicly disclosed by Google in late October. According to Google’s Project Zero security researchers Mateusz Jurczyk and Sergei Glazunov, the bug allows an attacker to escalate their privileges in Windows. This patch should be prioritized across all Windows devices.
Windows Network File System RCE
Microsoft fixed a vulnerability in Network File System (NFS) (CVE-2020-17051). This CVE received a CVSS score of 9.8 with low attack complexity without any user interaction. This has a potential of wormable and should be prioritized.
Print Spooler RCE
Microsoft also patched a Remote Code Execution vulnerability in Print Spooler (CVE-2020-17042), which would lead to elevation of privileges. The exploit requires user interaction but has a low attack complexity which makes it more likely to be compromised. This patch should be prioritized.
Adobe
Adobe issued patches today covering multiple vulnerabilities in Reader for Android and Adobe Connect. The patches for Reader and Connect are labeled as Priority 3.
While none of the vulnerabilities disclosed in Adobe’s release are known to be Actively Attacked today, all patches should be prioritized on systems with these products installed.
About Patch Tuesday
Patch Tuesday QIDs are published at Security Alerts, typically late in the evening of Patch Tuesday.
Can we get an active unauthenticated separate check for CVE-2020-17051?
We need to prioritize any system that has NFS enabled but need to separate any of these devices from those just missing the OS Patch but not running NFS.