Security News > 2020 > December > Microsoft Patches Critical SharePoint, Exchange Security Holes
Microsoft's final batch of security patches for 2020 shipped today with fixes for at least 58 documented vulnerabilities affecting a wide range of OS and software products.
The December security updates include fixes for code execution vulnerabilities in the company's flagship Windows operating system and serious problems in Microsoft Sharepoint, Microsoft Exchange, HyperV, and a Kerberos security feature bypass.
Microsoft slapped a "Critical" severity rating on nine of the 58 bulletins, while 46 are rated "Important." None of the documented bugs are under active attack and Microsoft said it was unaware of the availability of public exploit code.
CVE-2020-17132 - Microsoft Exchange Remote Code Execution Vulnerability - This is one of several Exchange code execution bugs, and it is credited to three different researchers.
CVE-2020-17121 - Microsoft SharePoint Remote Code Execution Vulnerability - Originally reported through the ZDI program, this patch corrects a bug that could allow an authenticated user to execute arbitrary.
News URL
Related news
- Don't Overlook These 6 Critical Okta Security Configurations (source)
- Microsoft's End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now (source)
- 89% of Enterprise GenAI Usage Is Invisible to Organizations Exposing Critical Security Risks, New Report Reveals (source)
- New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint (source)
- URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters: Are You at Risk? (source)
- Microsoft Exchange Online outage affects Outlook web users (source)
- Microsoft: Exchange Online bug mistakenly quarantines user emails (source)
- AI agents swarm Microsoft Security Copilot (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-10 | CVE-2020-17121 | Unspecified vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server Microsoft SharePoint Remote Code Execution Vulnerability | 0.0 |
| 2020-12-10 | CVE-2020-17132 | Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Remote Code Execution Vulnerability | 0.0 |