Security News > 2020 > December > A light December 2020 Patch Tuesday for a no-stress end of the year
As expected, Microsoft fixed a smaller-than-usual number of CVEs on this December 2020 Patch Tuesday: 58 in total.
Satnam Narang, staff research engineer at Tenable, pointed out that CVE-2020-17132 addresses a patch bypass for CVE-2020-16875, which was reported and patched in September's Patch Tuesday release.
For December 2020 Patch Tuesday, SAP released 11 security notes and updated two previously released ones.
The most critical patch is for a missing authentication check vulnerability in SAP NetWeaver AS JAVA that has a "Perfect" CVSS score of 10.
"SAP Security Note #2974774, tagged with a CVSS score of 10, patches the aforementioned vulnerabilities. The patch is not provided for all support package levels The good news is that the note also provides a manual workaround that will prevent potential attackers from connecting to the P2P Server Socket port and from spying the communication between the cluster elements. This workaround can also be applied by customers running SAP NetWeaver AS JAVA on a support package level for which no patch is provided."
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/CWcfHz0oozg/
Related news
- March 2025 Patch Tuesday forecast: A return to normalcy (source)
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft (source)
- Week in review: Probing activity on Palo Alto Networks GlobalProtect portals, Patch Tuesday forecast (source)
- Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws (source)
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)
- April's Patch Tuesday leaves unlucky Windows Hello users unable to login (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-10 | CVE-2020-17132 | Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Remote Code Execution Vulnerability | 0.0 |
| 2020-09-11 | CVE-2020-16875 | Improper Privilege Management vulnerability in Microsoft Exchange Server 2016/2019 <p>A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.</p> <p>An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. | 0.0 |