Security News > 2020 > November > Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Microsoft's November Patch Tuesday roundup of security fixes tackled an unusually large crop of remote code execution bugs.
Twelve of Microsoft's 17 critical patches were tied to RCE bugs.
"One of the most critical vulnerabilities patched this Tuesday is CVE-2020-17051, a remote code execution vulnerability found in Windows' Network File System," wrote Chris Hass, director of information security and research at Automox, in his Patch Tuesday analysis.
It describes a heavier reliance on the industry standard Common Vulnerability Scoring System to provide more generalized vulnerability information for Patch Tuesday security bulletins.
"Microsoft's decision to remove CVE description information from its Patch Tuesday release is a bad move, plain and simple. By relying on CVSSv3 ratings alone, Microsoft is eliminating a ton of valuable vulnerability data that can help inform organizations of the business risk a particular flaw poses to them," he wrote.
News URL
https://threatpost.com/microsoft-patch-tuesday-critical-bugs/161098/
Related news
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Microsoft cleans up hot mess of Patch Tuesday preview (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Microsoft slips Task Manager and processor count fixes into Patch Tuesday (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- October 2024 Patch Tuesday forecast: Recall can be recalled (source)
- Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits (source)
- Patch Tuesday: Internet Explorer Vulnerabilities Still Pose a Problem (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-11 | CVE-2020-17051 | Unspecified vulnerability in Microsoft products Windows Network File System Remote Code Execution Vulnerability | 9.8 |