Service Notices
Microsoft Releases November 2020 Security Updates
Nov 13, 2020 GMT+08:00
I. Overview
Microsoft recently released its monthly set of security updates. 112 vulnerabilities are disclosed, among which 17 are rated important. Attackers can exploit these vulnerabilities to perform remote code execution, escalate privileges, and leak sensitive information. The following software is affected: Microsoft Windows, Microsoft Office, and Microsoft Exchange Server.
Visit Microsoft official website:
https://msrc.microsoft.com/update-guide/releaseNote/2020-Nov
Pay attention to the Windows Kernel Local Elevation of Privilege Vulnerability (CVE-2020-17087) officially disclosed this month. Unauthorized attackers can exploit this vulnerability to escalate privileges. There are already attacks been detected. Also pay attention to Windows Network File System Remote Code Execution Vulnerability (CVE-2020-17051), with the CVSS score of 9.8.
II. Severity
Severity: important
(Severity: low, moderate, important, and critical)
III. Affected Products
Microsoft Windows, Microsoft Office, and Microsoft Exchange Server
IV. Vulnerability Details
CVE ID | Vulnerability Name | Severity | Affected Products |
CVE-2020-17051 | Windows Network File System Remote Code Execution Vulnerability | Important | Windows 10, 7, RT8.1, 8; Windows Server 2008/R2, 2012/R2, 2016, 2019; Windows Server versions 1903, 1909, 2004, and 20H2 |
CVE-2020-17042 | Windows Print Spooler Remote Code Execution Vulnerability | Important | Windows 10, 7, RT8.1, 8; Windows Server 2008/R2, 2012/R2, 2016, 2019; Windows Server versions 1903, 1909, 2004, and 20H2 |
CVE-2020-17110 CVE-2020-17109 CVE-2020-17108 CVE-2020-17107 CVE-2020-17106 | HEVC Video Extensions Remote Code Execution Vulnerability | Important | HEVC Video Extensions |
CVE-2020-17105 | AV1 Video Extension Remote Code Execution Vulnerability | Important | AV1 Video Extension |
CVE-2020-17101 | HEIF Image Extensions Remote Code Execution Vulnerability | Important | HEIF Image Extension |
CVE-2020-17082 CVE-2020-17079 CVE-2020-17078 | Raw Image Extension Remote Code Execution Vulnerability | Important | Raw Image Extension |
CVE-2020-17058 | Microsoft Browser Memory Corruption Vulnerability | Important | Internet Explorer 11, Microsoft Edge (EdgeHTML-based) |
CVE-2020-17053 | Internet Explorer Memory Corruption Vulnerability | Important | Internet Explorer 11 |
CVE-2020-17052 | Scripting Engine Memory Corruption Vulnerability | Important | Internet Explorer 11, Microsoft Edge (EdgeHTML-based) |
CVE-2020-17048 | Chakra Scripting Engine Memory Corruption Vulnerability | Important | ChakraCore, Microsoft Edge (EdgeHTML-based) |
CVE-2020-16988 | Azure Sphere Elevation of Privilege Vulnerability | Important | Azure Sphere |
(Note: Vulnerabilities listed above are important ones. For more information, refer to the official website of Microsoft.)
V. Security Recommendations
1. Use Windows Update or download patches from the following address to fix the vulnerabilities:
https://msrc.microsoft.com/update-guide/
2. Back up data remotely to protect your data.
Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.