Service Notices

All Notices > Security Notices > Microsoft Releases November 2020 Security Updates

Microsoft Releases November 2020 Security Updates

Nov 13, 2020 GMT+08:00

I. Overview

Microsoft recently released its monthly set of security updates. 112 vulnerabilities are disclosed, among which 17 are rated important. Attackers can exploit these vulnerabilities to perform remote code execution, escalate privileges, and leak sensitive information. The following software is affected: Microsoft Windows, Microsoft Office, and Microsoft Exchange Server.

Visit Microsoft official website:

https://msrc.microsoft.com/update-guide/releaseNote/2020-Nov

Pay attention to the Windows Kernel Local Elevation of Privilege Vulnerability (CVE-2020-17087) officially disclosed this month. Unauthorized attackers can exploit this vulnerability to escalate privileges. There are already attacks been detected. Also pay attention to Windows Network File System Remote Code Execution Vulnerability (CVE-2020-17051), with the CVSS score of 9.8.

II. Severity

Severity: important

(Severity: low, moderate, important, and critical)

III. Affected Products

Microsoft Windows, Microsoft Office, and Microsoft Exchange Server

IV. Vulnerability Details

CVE ID

Vulnerability Name

Severity

Affected Products

CVE-2020-17051

Windows Network File System Remote Code Execution Vulnerability

Important

Windows 10, 7, RT8.1, 8; Windows Server 2008/R2, 2012/R2, 2016, 2019; Windows Server versions 1903, 1909, 2004, and 20H2

CVE-2020-17042

Windows Print Spooler Remote Code Execution Vulnerability

Important

Windows 10, 7, RT8.1, 8; Windows Server 2008/R2, 2012/R2, 2016, 2019; Windows Server versions 1903, 1909, 2004, and 20H2

CVE-2020-17110

CVE-2020-17109

CVE-2020-17108

CVE-2020-17107

CVE-2020-17106

HEVC Video Extensions Remote Code Execution Vulnerability

Important

HEVC Video Extensions

CVE-2020-17105

AV1 Video Extension Remote Code Execution Vulnerability

Important

AV1 Video Extension

CVE-2020-17101

HEIF Image Extensions Remote Code Execution Vulnerability

Important

HEIF Image Extension

CVE-2020-17082

CVE-2020-17079

CVE-2020-17078

Raw Image Extension Remote Code Execution Vulnerability

Important

Raw Image Extension

CVE-2020-17058

Microsoft Browser Memory Corruption Vulnerability

Important

Internet Explorer 11, Microsoft Edge (EdgeHTML-based)

CVE-2020-17053

Internet Explorer  Memory Corruption Vulnerability

Important

Internet Explorer 11

CVE-2020-17052

Scripting Engine Memory Corruption Vulnerability

Important

Internet Explorer 11, Microsoft Edge (EdgeHTML-based)

CVE-2020-17048

Chakra Scripting Engine Memory Corruption Vulnerability

Important

ChakraCore, Microsoft   Edge (EdgeHTML-based)

CVE-2020-16988

Azure Sphere Elevation   of Privilege Vulnerability

Important

Azure Sphere

(Note: Vulnerabilities listed above are important ones. For more information, refer to the official website of Microsoft.)

V. Security Recommendations

1. Use Windows Update or download patches from the following address to fix the vulnerabilities:

https://msrc.microsoft.com/update-guide/

2. Back up data remotely to protect your data.

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.