November Patch Tuesday

11. November 2020

Great news this month that a potential vaccine may be on its way; we don’t have the details, but change is coming. We had less information in November regarding how Microsoft details its advisories, making it harder to know how to prioritize patches. Another reason to attend Patch Tuesday though! This month, Microsoft resolved 112 CVEs tipping over the 110 CVE threshold. The updates broadly affected: Windows Operating System, Office and Office 365, Internet Explorer, Edge, Edge Chromium, Microsoft Exchange Server, Microsoft Dynamics, Azure Sphere, Windows Defender, Microsoft Teams, Azure SDK, DevOps, ChakraCore and Visual Studio. One vulnerability, CVE-2020-17087, had more details because it was already actively exploiting in the wild. This CVE was an Elevation of Privilege vulnerability in the Windows Kernel Cryptography Driver that allows threat actors to elevate their own privileges.

Moderatoren

Chris Goettl
Vice President, Product Management, Security
Ivanti
Todd Schell
Product Manager for Patch
Ivanti