Security News > 2020 > November > November 2020 Patch Tuesday: Microsoft fixes actively exploited Windows Kernel flaw
Microsoft has plugged 112 security holes, including an actively exploited one.
The most information is available about CVE-2020-17087, a Windows Kernel privilege escalation vulnerability, because it's being actively exploited in the wild and because Google disclosed it on October 29, along with PoC exploit code.
The Adobe Connect updates, which fix two vulnerabilities that may allow arbitrary JavaScript execution in the browser, will be staggered: for hosted services, the update is already available, for on-premise deployments it will be available from November 13.
Intel took advantage of the November 2020 Patch Tuesday to released a mammoth batch of advisories, covering vulnerabilities in drivers, server boards, various software, firmware, drones, BIOS, and so on.
For November 2020 Patch Tuesday, SAP released 12 security notes and updated three previously released ones.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/MJIWsmc7ri0/
Related news
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft (source)
- Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws (source)
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)
- April's Patch Tuesday leaves unlucky Windows Hello users unable to login (source)
- Microsoft fixes bug causing Windows Server 2025 boot errors (source)
- Microsoft to remove the Location History feature in Windows (source)
- Microsoft testing fix for Windows 11 bug breaking SSH connections (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-11 | CVE-2020-17087 | Incorrect Calculation of Buffer Size vulnerability in Microsoft products Windows Kernel Local Elevation of Privilege Vulnerability | 0.0 |