Security News > 2020 > December > Patch Tuesday, Good Riddance 2020 Edition

Microsoft today issued its final batch of security updates for Windows PCs in 2020, ending the year with a relatively light patch load. Nine of the 58 security vulnerabilities addressed this month earned Microsoft's most-dire "Critical" label, meaning they can be abused by malware or miscreants to seize remote control over PCs without any help from users.

Some of the sub-critical "Important" flaws addressed this month also probably deserve prompt patching in enterprise environments, including a trio of updates tackling security issues with Microsoft Office.

"Given the speed with which attackers often weaponize Microsoft Office vulnerabilities, these should be prioritized in patching," said Allan Liska, senior security architect at Recorded Future.

"The vulnerabilities, if exploited, would allow an attacker to execute arbitrary code on a victim's machine. These vulnerabilities affect Microsoft Excel 2013 through 2019, Microsoft 365 32 and 64 bit versions, Microsoft Office 2019 32 and 64 bit versions, and Microsoft Excel for Mac 2019.".

It's a good idea for Windows users to get in the habit of updating at least once a month, but for regular users it's usually safe to wait a few days until after the patches are released, so that Microsoft has time to iron out any chinks in the new armor.

News URL

https://krebsonsecurity.com/2020/12/patch-tuesday-good-riddance-2020-edition/