November Patch Tuesday
Great news this month that a potential vaccine may be on its way; we don’t have the details, but change is coming. We had less information in November regarding how Microsoft details its advisories, making it harder to know how to prioritize patches. Another reason to attend Patch Tuesday though! This month, Microsoft resolved 112 CVEs tipping over the 110 CVE threshold. The updates broadly affected: Windows Operating System, Office and Office 365, Internet Explorer, Edge, Edge Chromium, Microsoft Exchange Server, Microsoft Dynamics, Azure Sphere, Windows Defender, Microsoft Teams, Azure SDK, DevOps, ChakraCore and Visual Studio. One vulnerability, CVE-2020-17087, had more details because it was already actively exploiting in the wild. This CVE was an Elevation of Privilege vulnerability in the Windows Kernel Cryptography Driver that allows threat actors to elevate their own privileges.