Security News > 2020 > November > November 2020 Patch Tuesday: Microsoft fixes actively exploited Windows Kernel flaw
Microsoft has plugged 112 security holes, including an actively exploited one.
The most information is available about CVE-2020-17087, a Windows Kernel privilege escalation vulnerability, because it's being actively exploited in the wild and because Google disclosed it on October 29, along with PoC exploit code.
The Adobe Connect updates, which fix two vulnerabilities that may allow arbitrary JavaScript execution in the browser, will be staggered: for hosted services, the update is already available, for on-premise deployments it will be available from November 13.
Intel took advantage of the November 2020 Patch Tuesday to released a mammoth batch of advisories, covering vulnerabilities in drivers, server boards, various software, firmware, drones, BIOS, and so on.
For November 2020 Patch Tuesday, SAP released 12 security notes and updated three previously released ones.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/MJIWsmc7ri0/
Related news
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Microsoft cleans up hot mess of Patch Tuesday preview (source)
- Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Microsoft slips Task Manager and processor count fixes into Patch Tuesday (source)
- Microsoft plans to boot security vendors out of the Windows kernel (source)
- Recall the Recall recall? Microsoft thinks it can make that Windows feature palatable (source)
- Microsoft fixes Windows KB5043145 reboot loops, USB and Bluetooth issues (source)
- What Is Inside Microsoft’s Major Windows 11 Update? (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-11 | CVE-2020-17087 | Incorrect Calculation of Buffer Size vulnerability in Microsoft products Windows Kernel Local Elevation of Privilege Vulnerability | 7.8 |