Skip to main content
SolarWinds MSP
  • Login
  • Support
  • Partnerships
    • Partnerships Overview
    • Solution Provider Program
    • Technology Alliance Program
    • Distributor Program
SolarWinds MSP
  • Products
    • Monitoring & Management
    • N-central Automate. Tackle complex networks. Get remote monitoring and management built for efficiency and scale.
    • RMM Start fast. Grow at your own pace. Try this powerful but easy remote monitoring and management solution.
    • Backup
    • Backup Get data protection for servers, workstations, applications, documents, and Microsoft 365 from one dashboard.
    • Security
    • EDR Defend against ransomware, zero-day attacks, and evolving threats with endpoint detection and response.
    • Mail Assure Leverage mail protection and archiving to keep your users safe from email threats and downtime.
    • Passportal Adopt and enforce best practices for password and documentation management with ease.
    • Tools & Services
    • MSP Manager Increase helpdesk efficiency with a robust PSA, ticketing, reporting, and billing management solution.
    • Take Control Help support customers and their devices with remote support tools designed to be fast and powerful.
    • View All
  • Solutions

    Solutions

    • Security Protect your customers and expand your business by offering layered security services without the complexity.
    • Monitoring Choose the right remote monitoring and management solution to meet you where you are and grow with you.
    • Operational Efficiency Boost profits by improving efficiency via automation, resources and training, and time-saving products.
    • IT Departments Keep your organization productive by easily managing IT from a single, easy-to-use, web-based dashboard.
    • Remote Monitoring Solutions Comparison Compare SolarWinds RMM and N-central side by side. Sign up to talk to a specialist to find the right fit.
    • View All
  • Resources
    • Download
    • Resource Library
    • Product Information
    • Free Tools
    • Learn
    • MSP Institute Webinar Series
    • Daily Live Demos
    • MSP Advice Project
    • Ask the N-central Experts
    • Upcoming Webcasts
    • Connect
    • Blog
    • Security Resource Center
    • Events
    • RMM Foundations Training
  • About
    • Company
    • About Us
    • Leadership
    • Careers
    • News & Press
    • Awards & Recognition
    • Support & Policies
    • Customer Success
    • Customer Support
    • Legal
    • Security
    • Get in Touch
    • Contact
    • Get a Quote
    • Worldwide Sales & Support
  • IT Departments
  • Contact Sales
    • Contact Sales
    • General Inquiry
    • Get a Quote
    • Worldwide Sales & Support
    • Talk to Specialist
    • Security Solutions
    • Monitoring Solutions
    • Operational Efficiency
  • Try Now
    • Monitoring & Management
    • N-central
    • RMM
    • Backup
    • Security
    • EDR
    • Mail Assure
    • Passportal
    • Tools & Services
    • MSP Manager
    • Take Control
  • Request a Quote
  • Try Now
    • SolarWinds RMM
    • SolarWinds N-central
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Mail Assure
    • SolarWinds Passportal
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
Request quote
Filter Blogs
  • Filter by:
  • MSP Business
    • Automation
    • Backup & Disaster Recovery
    • Security-series
    • Best Practices
    • Business
    • Business Growth
    • Business Risk
    • Cloud Computing
    • Customer Service
    • Cybersecurity
    • Cybersecurity Awareness Month
    • Data
    • GDPR
    • Internet of Things
    • IT Support
    • ITSM
    • LOGICcards
    • Machine Learning
    • Mail
    • Managed Services
    • Marketing
    • Mobile
    • Networking
    • Operations
    • Podcast
    • Product
    • PSA
    • Remote Management
    • Research & Trends
    • Risk Intelligence
    • Security
    • Security Vlog
    • Service Desk
    • Services & Support
    • The Head Nerds
    • Tips & Advice
    • Training
Home Blog MSP Business Security November 2020 Patch Tuesday Update: 111 CVE Numbers Addressed
Security

November 2020 Patch Tuesday Update: 111 CVE Numbers Addressed

By Gill Langston
12 November, 2020

This has been an interesting Patch Tuesday for me, mainly because this is the first month of using Microsoft’s new version of its Security Update Guide. The new system makes it incredibly easy to find the vulnerabilities that aren’t rated as “Critical,” but are listed as “Exploitation Detected,” or “Exploitation More Likely.” The added vulnerability view lets you add columns to the data to find these hidden items. However, the descriptions and details aren’t as in-depth as the previous version, so learning to navigate the new portal will take some time. As a result, content on this post may change slightly as I discover more information. If that happens, I’ll include any updates to this post at the end. I appreciate your patience as I get use to the new update guide. 

This month brings us fixes for 112 vulnerabilities—back to what has become a normal amount for this year after last month’s lighter drop. Of these vulnerabilities, 16 are marked as “Critical” and 87 as “Important.” These include some of the usual suspects, as well as one high-profile, zero-day vulnerability that was announced after last month’s Patch Tuesday. As always, let’s review the Criticals and some of the Importants that may warrant attention.

Operating system

There were surprisingly few “Critical” operating system vulnerabilities this month—only two. First we have CVE-2020-17051, titled Windows Network File System Remote Code Execution Vulnerability. This is a remote code vulnerability listed as “Exploitation More Likely.” It has the highest CVSS rating (9.8) of the vulnerabilities this month. It’s remotely exploitable and doesn’t require any user interaction. This generally means any network exposed system is vulnerable—and with no workarounds listed, this one should get primary attention this month. Make sure to install updates for Windows 7 up to the current version of Windows 10, including server versions.

Next is a Windows Print Spooler Remote Code Execution Vulnerability, CVE-2020-17042. This vulnerability does require user interaction, but doesn’t require special privileges to execute. Microsoft lists it as “Exploitation Less Likely,” and it also affects Windows 7 up to Windows 10, including server versions.

Besides those Criticals, there are several others to pay attention to on the operating system side.

Let’s focus on the previously announced zero-day vulnerability first. CVE-2020-17087 is a Windows Kernel Local Elevation of Privilege Vulnerability that was disclosed by Google’s Project Zero, as reported last month. It’s a privilege escalation vulnerability someone could use with another Chrome vulnerability (which has since been fixed). It’s listed as “Exploitation Detected” and affects Windows 7 up to Windows 10, including server versions. 

There’s also another Windows Network File System Information Disclosure Vulnerability, CVE-2020-17056, that’s listed as “Exploitation More Likely.” However, this one requires access to the vulnerable system, meaning an attacker could use it as part of a chained attack after gaining access to the system. It would disclose information in memory. This vulnerability affects Windows 8.1 up to Windows 10, including server versions.

CVE-2020-17088 is a Windows Common Log File System Driver Elevation of Privilege Vulnerability that Microsoft listed as “Exploitation More Likely” with a low complexity and requires no user interaction.

There is a Win32k Elevation of Privilege Vulnerability, CVE-2020-17010, that also has a low complexity rating. It’s listed as “Exploitation More Likely” on all supported Windows 10 versions, including server.

Finally, CVE-2020-16998 is a DirectX Elevation of Privilege Vulnerability that requires no user interaction and is listed as “Exploitation More Likely.”

Browsers

Last month there were no browser vulnerabilities, and while I stated Microsoft may make up for it this month, there are still only four “Critical” browser vulnerabilities this month.

CVE-2020-17052 is a Scripting Engine Memory Corruption Vulnerability in Internet Explorer 11 and the Edge-HTML version of Microsoft Edge that appears to be related to malicious Exchange Web Service subscription notifications. It’s listed as “Exploitation More Likely.” It would grant the attacker access to the system and requires user interaction. There’s a mitigation listed on the details, but it would block some important Exchange functions. At this time, there is no update available on the Exchange side, but Microsoft said it’s planning one.

CVE-2020-17048 is listed as “Exploitation Less Likely.” It’s a Chakra Scripting Engine Memory Corruption Vulnerability that requires user interaction and would grant the attacker access to the system. It’s found in Internet Explorer 11 and the Edge-HTML version of Microsoft Edge as well.

The Internet Explorer Memory Corruption Vulnerability labeled as CVE-2020-17053 is listed as “Exploitation Less Likely” and does require a user to access a malicious URL. It would grant the attacker full control of the system. This vulnerability affects Internet Explorer 11.

The last “Critical” browser vulnerability is CVE-2020-17058. It’s titled Microsoft Browser Memory Corruption Vulnerability, and it affects Internet Explorer 11 and the Edge-HTML version of Microsoft Edge browser. It’s listed as “Exploitation Less Likely,” and at this point there is only proof-of-concept code with no known exploits.

Other applications

While there are no other “Critical” vulnerabilities in the other applications list, there is one SharePoint vulnerability that warrants extra attention. CVE-2020-17061 is a Microsoft SharePoint Remote Code Execution Vulnerability that is a low complexity attack—this is likely why it’s listed as “Exploitation More Likely.”

Other notable vulnerabilities

There are 10 vulnerabilities listed in the video extensions offered in the Windows App Store. While I won’t list each one here, the Raw Image, HEVC Video, AV1, and HEIF Image extensions are all affected. According to Microsoft, they will apply the updates automatically; no action is required.

There are several other applications this month that have fixes for vulnerabilities that are not listed as “Critical” or have any known exploits, but here are the highlights:

  • Three other vulnerabilities in Microsoft SharePoint including spoofing and information disclosure
  • Three vulnerabilities fixed in Microsoft Exchange 2013-2019, including remote code execution and denial of service
  • The usual suspects of Excel, Office, and Visual Studio
  • Eight vulnerability fixes for Azure Sphere, and one for Azure DevOps server

Summary

With the vulnerability count back up above 100, there are plenty of vulnerabilities to fix this month. I recommend starting with critical servers and then your workstations to address both the disclosed zero-day vulnerability from last month and the remotely exploitable Windows Network File System Remote Code Execution Vulnerability that has a 9.8 CVSS score. Then turn attention to Exchange and SharePoint servers if you’re still running on-premises versions. With Microsoft regularly announcing Exchange vulnerabilities, consider moving to Microsoft 365 to lessen the amount of systems you have to regularly pay attention to each month for “patch duty.” Finally, make sure your Office installations are up-to-date.

Again, we’ll likely see these Patch Tuesday blogs evolve as I learn to better interpret and consolidate the information from the new guide format.

Until next time, let’s stay safe out there!

 

Gill Langston is head security nerd for SolarWinds MSP. You can follow Gill on Twitter at @cybersec_nerd

 

You might also like...
Security

February 2021 Patch Tuesday: Many “Exploitation More Likely” and an update to a Netlogon fix from last year

Automation

What the Head Nerds Were Up to in 2020

Security

January 2021 Patch Tuesday: One Actively Exploited Vulnerability and a Few Likely to Be

Security

December 2020 Patch Tuesday—A quiet(er) finish to a busy year in vulnerabilities

Security

National Computer Security Day—It’s Not Just About the Computer Anymore

Security

US-CERT Releases Warning to Healthcare Organizations about Elevated Ransomware Risks

Want to stay up to date?

Get the latest MSP tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a subscription.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site

Recent Posts
  • Three things I learned working for an MSP
  • Earning word-of-mouth referrals for your IT business
  • Backup automation part 1: Deploying backup devices
  • Ultimate Guide: MySQL Backup
  • Most common automation requests and how to solve them: Ep 2
Categories:
  • Security (240)
  • Tips & Advice (130)
  • Best Practices (97)
  • Backup & Disaster Recovery (96)
  • Managed Services (89)
  • The Head Nerds (82)
  • Business Growth (79)
  • IT Support (43)
  • Business (41)
  • Automation (40)
  • Operations (38)
  • Cybersecurity (37)
  • Mail (33)
  • Remote Management (30)
  • ITSM (26)
  • Networking (22)
  • Data (21)
  • Cloud Computing (21)
  • Marketing (15)
  • PSA (13)
  • Product (11)
  • Service Desk (6)
  • Services & Support (5)
  • Mobile (4)
  • Risk Intelligence (4)
  • GDPR (3)
  • Internet of Things (3)
  • Customer Service (3)
  • Research & Trends (2)
  • Training (2)
  • Business Risk (1)
  • LOGICcards (1)
  • Cybersecurity Awareness Month (1)
Show moreless
SolarWinds MSP

Products
  • SolarWinds RMM
  • SolarWinds N-central
  • SolarWinds Backup
  • SolarWinds EDR
  • SolarWinds MSP Manager
  • SolarWinds Mail Assure
  • SolarWinds Risk Intelligence
  • SolarWinds Take Control
  • SolarWinds Passportal
  • All Products Use Cases
Solutions
  • Security Solutions
  • Monitoring Solutions
  • Efficiency Solutions
  • Identify which RMM solution is right for me
  • Drive Efficiency with Automation
  • Manage my MSP Business More Efficiently
  • Manage my IT Department More Efficiently
  • Layered Security
  • Cross-Platform Support
  • Data-Driven Insights
About
  • About Us
  • Careers
  • Newsroom
  • Leadership Team
  • Upcoming Events
  • Subscription Preferences
  • SolarWinds
  • SolarWinds Trust Center
  • COVID-19 Response
Support
  • SolarWinds RMM
  • Solarwinds N-central
  • SolarWinds Backup
  • SolarWinds Mail Assure
  • SolarWinds Take Control
  • SolarWinds MSP Manager
  • Solarwinds Risk Intelligence
  • Solarwinds Threat Monitor
  • SolarWinds Passportal
  • SolarWinds Take Control Downloads
  • Backup & Recovery Downloads
  • Service Status

Footer 2

  • Legal Documents
  • Privacy
  • California Privacy Rights
  • Security Information
  • Sitemap

© SolarWinds MSP Canada ULC and SolarWinds MSP UK Ltd.
All Rights Reserved.