Microsoft 10 listopada 2020 roku wydał nowy pakiet aktualizacji bezpieczeństwa w ramach comiesięcznego Patch Tuesday. Wydano łącznie 112 poprawek bezpieczeństwa, w tym 17 oznaczonych jako krytyczne.

Najistotniejsze podatności:

CVE-2020-17051 – luka typu RCE. Aktualnie nie ma żadnych szczegółów dotyczących podatności ani sposobu wykorzystania luki. Luka ta dotyczy praktycznie wszystkich obsługiwanych wersji systemu Windows.

CVE-2020-17087 – luka w zabezpieczeniach jądra systemu Windows związana z eskalacją uprawnień. Podatność powiązana jest z CVE-2020-15999 dotyczącą Google Chrome.

CVE-2020-17061 – luka typu RCE w Microsoft Sharepoint.

Pozostałe podatności:

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
AV1 Video Extension Remote Code Execution Vulnerability
CVE-2020-17105 No No Less Likely Less Likely Critical 7.8 6.8
Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
CVE-2020-1325 No No Less Likely Less Likely Important 5.4 4.7
Azure Sphere Denial of Service Vulnerability
CVE-2020-16986 No No Less Likely Less Likely Important 6.2 5.4
Azure Sphere Elevation of Privilege Vulnerability
CVE-2020-16981 No No Less Likely Less Likely Important 6.1 5.3
CVE-2020-16988 No No Less Likely Less Likely Critical 6.9 6.0
CVE-2020-16989 No No Less Likely Less Likely Important 5.4 4.7
CVE-2020-16992 No No Less Likely Less Likely Important 7.5 7.5
CVE-2020-16993 No No Less Likely Less Likely Important 5.4 4.7
Azure Sphere Information Disclosure Vulnerability
CVE-2020-16985 No No Less Likely Less Likely Important 6.2 5.4
CVE-2020-16990 No No Less Likely Less Likely Important 6.2 5.4
Azure Sphere Tampering Vulnerability
CVE-2020-16983 No No Less Likely Less Likely Important 5.7 5.0
Azure Sphere Unsigned Code Execution Vulnerability
CVE-2020-16970 No No Less Likely Less Likely Important 8.1 7.1
CVE-2020-16982 No No Less Likely Less Likely Important 6.1 5.3
CVE-2020-16984 No No Less Likely Less Likely Important 6.2 5.4
CVE-2020-16987 No No Less Likely Less Likely Important 6.2 5.4
CVE-2020-16991 No No Less Likely Less Likely Important 6.2 5.4
CVE-2020-16994 No No Less Likely Less Likely Important 6.2 5.4
Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2020-17048 No No Less Likely Less Likely Critical 4.2 3.8
CVE-2020-17054 No No Less Likely Less Likely Important 4.2 3.7
DirectX Elevation of Privilege Vulnerability
CVE-2020-16998 No No More Likely More Likely Important 7.0 6.1
HEIF Image Extensions Remote Code Execution Vulnerability
CVE-2020-17101 No No Less Likely Less Likely Critical 7.8 6.8
HEVC Video Extensions Remote Code Execution Vulnerability
CVE-2020-17106 No No Less Likely Less Likely Critical 7.8 6.8
CVE-2020-17107 No No Less Likely Less Likely Critical 7.8 6.8
CVE-2020-17108 No No Less Likely Less Likely Critical 7.8 6.8
CVE-2020-17109 No No Less Likely Less Likely Critical 7.8 6.8
CVE-2020-17110 No No Less Likely Less Likely Critical 7.8 6.8
Internet Explorer Memory Corruption Vulnerability
CVE-2020-17053 No No More Likely More Likely Critical 7.5 6.7
Kerberos Security Feature Bypass Vulnerability
CVE-2020-17049 No No Less Likely Less Likely Important 6.6 5.8
Microsoft Browser Memory Corruption Vulnerability
CVE-2020-17058 No No Less Likely Less Likely Critical 7.5 6.7
Microsoft Defender for Endpoint Security Feature Bypass Vulnerability
CVE-2020-17090 No No Less Likely Less Likely Important 5.3 4.6
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2020-17005 No No Important 5.4 4.7
CVE-2020-17006 No No Less Likely Less Likely Important 5.4 4.7
CVE-2020-17018 No No Less Likely Less Likely Important 5.4 4.7
CVE-2020-17021 No No Less Likely Less Likely Important 5.4 4.7
Microsoft Excel Remote Code Execution Vulnerability
CVE-2020-17019 No No Less Likely Less Likely Important 7.8 6.8
CVE-2020-17064 No No Less Likely Less Likely Important 7.8 6.8
CVE-2020-17065 No No Less Likely Less Likely Important 7.8 6.8
CVE-2020-17066 No No Less Likely Less Likely Important 7.8 6.8
Microsoft Excel Security Feature Bypass Vulnerability
CVE-2020-17067 No No Less Likely Less Likely Important 7.8 6.8
Microsoft Exchange Server Denial of Service Vulnerability
CVE-2020-17085 No No Less Likely Less Likely Important 6.2 5.4
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2020-17083 No No Less Likely Less Likely Important 5.5 4.8
CVE-2020-17084 No No Less Likely Less Likely Important 8.5 7.4
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
CVE-2020-17062 No No Less Likely Less Likely Important 7.8 6.8
Microsoft Office Online Spoofing Vulnerability
CVE-2020-17063 No No Less Likely Less Likely Important 6.8 5.9
Microsoft Raw Image Extension Information Disclosure Vulnerability
CVE-2020-17081 No No Less Likely Less Likely Important 5.5 4.8
Microsoft SharePoint Information Disclosure Vulnerability
CVE-2020-16979 No No Less Likely Less Likely Important 5.3 4.6
CVE-2020-17017 No No Less Likely Less Likely Important 5.3 4.6
Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2020-17061 No No More Likely More Likely Important 8.8 7.7
Microsoft SharePoint Spoofing Vulnerability
CVE-2020-17015 No No Less Likely Less Likely Low 4.3 3.8
CVE-2020-17016 No No Less Likely Less Likely Important 8.0 7.0
CVE-2020-17060 No No Less Likely Less Likely Important 5.4 4.7
Microsoft Teams Remote Code Execution Vulnerability
CVE-2020-17091 No No Less Likely Less Likely Important 7.8 6.8
Microsoft Word Security Feature Bypass Vulnerability
CVE-2020-17020 No No Less Likely Less Likely Important 3.3 2.9
Raw Image Extension Remote Code Execution Vulnerability
CVE-2020-17078 No No Less Likely Less Likely Critical 7.8 6.8
CVE-2020-17079 No No Less Likely Less Likely Critical 7.8 6.8
CVE-2020-17082 No No Less Likely Less Likely Critical 7.8 6.8
CVE-2020-17086 No No Less Likely Less Likely Important 7.8 6.8
Remote Desktop Protocol Client Information Disclosure Vulnerability
CVE-2020-17000 No No Less Likely Less Likely Important 5.5 4.8
Remote Desktop Protocol Server Information Disclosure Vulnerability
CVE-2020-16997 No No Less Likely Less Likely Important 7.7 6.7
Scripting Engine Memory Corruption Vulnerability
CVE-2020-17052 No No More Likely More Likely Critical 7.5 6.7
Visual Studio Code JSHint Extension Remote Code Execution Vulnerability
CVE-2020-17104 No No Less Likely Less Likely Important 7.8 6.8
Visual Studio Tampering Vulnerability
CVE-2020-17100 No No Less Likely Less Likely Important 5.5 4.8
WebP Image Extensions Information Disclosure Vulnerability
CVE-2020-17102 No No Less Likely Less Likely Important 5.5 4.8
Win32k Elevation of Privilege Vulnerability
CVE-2020-17010 No No More Likely More Likely Important 7.8 6.8
CVE-2020-17038 No No More Likely More Likely Important 7.8 6.8
Win32k Information Disclosure Vulnerability
CVE-2020-17013 No No Less Likely Less Likely Important 5.5 4.8
Windows Bind Filter Driver Elevation of Privilege Vulnerability
CVE-2020-17012 No No Less Likely Less Likely Important 7.8 6.8
Windows Camera Codec Information Disclosure Vulnerability
CVE-2020-17113 No No Less Likely Less Likely Important 5.5 5.0
Windows Canonical Display Driver Information Disclosure Vulnerability
CVE-2020-17029 No No Less Likely Less Likely Important 5.5 4.8
Windows Client Side Rendering Print Provider Elevation of Privilege Vulnerability
CVE-2020-17024 No No Less Likely Less Likely Important 7.8 6.8
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2020-17088 No No More Likely More Likely Important 7.8 7.2
Windows Delivery Optimization Information Disclosure Vulnerability
CVE-2020-17071 No No Less Likely Less Likely Important 5.5 4.8
Windows Error Reporting Denial of Service Vulnerability
CVE-2020-17046 No No Less Likely Less Likely Low 5.5 5.0
Windows Error Reporting Elevation of Privilege Vulnerability
CVE-2020-17007 No No Less Likely Less Likely Important 7.0 6.1
Windows Function Discovery SSDP Provider Information Disclosure Vulnerability
CVE-2020-17036 No No Less Likely Less Likely Important 5.5 4.8
Windows GDI+ Remote Code Execution Vulnerability
CVE-2020-17068 No No Less Likely Less Likely Important 7.8 6.8
Windows Graphics Component Information Disclosure Vulnerability
CVE-2020-17004 No No Less Likely Less Likely Important 5.5 4.8
Windows Hyper-V Security Feature Bypass Vulnerability
CVE-2020-17040 No No Less Likely Less Likely Important 6.5 5.7
Windows Kernel Elevation of Privilege Vulnerability
CVE-2020-17035 No No Less Likely Less Likely Important 7.8 6.8
Windows Kernel Local Elevation of Privilege Vulnerability
CVE-2020-17087 Yes Yes Detected Detected Important 7.8 7.2
Windows KernelStream Information Disclosure Vulnerability
CVE-2020-17045 No No Less Likely Less Likely Important 5.5 4.8
Windows MSCTF Server Information Disclosure Vulnerability
CVE-2020-17030 No No Less Likely Less Likely Important 5.5 4.8
Windows NDIS Information Disclosure Vulnerability
CVE-2020-17069 No No Less Likely Less Likely Important 5.5 4.8
Windows Network File System Denial of Service Vulnerability
CVE-2020-17047 No No Less Likely Less Likely Important 7.5 6.7
Windows Network File System Information Disclosure Vulnerability
CVE-2020-17056 No No More Likely More Likely Important 5.5 4.8
Windows Network File System Remote Code Execution Vulnerability
CVE-2020-17051 No No More Likely More Likely Critical 9.8 8.5
Windows Port Class Library Elevation of Privilege Vulnerability
CVE-2020-17011 No No Less Likely Less Likely Important 7.8 6.8
Windows Print Configuration Elevation of Privilege Vulnerability
CVE-2020-17041 No No Less Likely Less Likely Important 7.8 6.8
Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2020-17001 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-17014 No No Less Likely Less Likely Important 7.8 7.0
Windows Print Spooler Remote Code Execution Vulnerability
CVE-2020-17042 No No Less Likely Less Likely Critical 8.8 7.7
Windows Remote Access Elevation of Privilege Vulnerability
CVE-2020-17055 No No Less Likely Less Likely Important 7.8 6.8
CVE-2020-17025 No No Less Likely Less Likely Important 7.8 6.8
CVE-2020-17026 No No Less Likely Less Likely Important 7.8 6.8
CVE-2020-17027 No No Less Likely Less Likely Important 7.8 6.8
CVE-2020-17028 No No Less Likely Less Likely Important 7.8 6.8
CVE-2020-17031 No No Less Likely Less Likely Important 7.8 6.8
CVE-2020-17032 No No Less Likely Less Likely Important 7.8 6.8
CVE-2020-17033 No No Less Likely Less Likely Important 7.8 6.8
CVE-2020-17034 No No Less Likely Less Likely Important 7.8 6.8
CVE-2020-17043 No No Less Likely Less Likely Important 7.8 6.8
CVE-2020-17044 No No Less Likely Less Likely Important 7.8 6.8
Windows Spoofing Vulnerability
CVE-2020-1599 No No Less Likely Less Likely Important 5.5 4.8
Windows USO Core Worker Elevation of Privilege Vulnerability
CVE-2020-17075 No No Less Likely Less Likely Important 7.8 6.8
Windows Update Medic Service Elevation of Privilege Vulnerability
CVE-2020-17070 No No Less Likely Less Likely Important 7.8 6.8
Windows Update Orchestrator Service Elevation of Privilege Vulnerability
CVE-2020-17073 No No Less Likely Less Likely Important 7.8 6.8
CVE-2020-17074 No No Less Likely Less Likely Important 7.8 6.8
CVE-2020-17076 No No Less Likely Less Likely Important 7.8 6.8
Windows Update Stack Elevation of Privilege Vulnerability
CVE-2020-17077 No No Less Likely Less Likely Important 7.8 6.8
Windows WalletService Elevation of Privilege Vulnerability
CVE-2020-17037 No No Less Likely Less Likely Important 7.8 6.8
Windows WalletService Information Disclosure Vulnerability
CVE-2020-16999 No No Less Likely Less Likely Important 5.5 4.8
Windows Win32k Elevation of Privilege Vulnerability
CVE-2020-17057 No No More Likely More Likely Important 7.0 6.1