Η Microsoft κυκλοφόρησε χθες τις καθιερωμένες μηνιαίες ενημερώσεις ασφαλείας, γνωστές ως Patch Tuesday. Το Patch Tuesday για το Νοέμβριο του 2020 διορθώνει 112 ευπάθειες ασφαλείας σε ένα ευρύ φάσμα προϊόντων.

Η εταιρεία διορθώνει, επίσης, μια zero-day ευπάθεια των Windows που αποκαλύφθηκε στις 30 Οκτωβρίου από τις ομάδες ασφαλείας της Google, Google Project Zero και TAG. Σύμφωνα με τους ερευνητές, η ευπάθεια χρησιμοποιούνταν ήδη από εγκληματίες.
Είναι γνωστή ως CVE-2020-17087 και σύμφωνα με τη Google, χρησιμοποιούνταν μαζί με ένα άλλο zero-day σφάλμα στο Chrome για να στοχεύσει χρήστες Windows 7 και Windows 10.
Οι ερευνητές της Google ενημέρωσαν τη Microsoft για τη zero-day ευπάθεια και η εταιρεία τη διόρθωσε χθες με την κυκλοφορία του Patch Tuesday Νοεμβρίου 2020.
Σύμφωνα με τη Microsoft, η ευπάθεια CVE-2020-17087 βρίσκεται στο Windows kernel και επηρεάζει όλες τις υποστηριζόμενες εκδόσεις του λειτουργικού συστήματος των Windows. Αυτό περιλαμβάνει όλες τις εκδόσεις μετά τα Windows 7 και όλες τις διανομές Windows Server.
Πέρα, όμως, από το παραπάνω σφάλμα, το Patch Tuesday διορθώνει άλλες 111 ευπάθειες, συμπεριλαμβανομένων 24 σφαλμάτων που επιτρέπουν την εκτέλεση κώδικα απομακρυσμένα (RCE) σε εφαρμογές όπως το Excel, το Microsoft Sharepoint, το Microsoft Exchange Server, το Windows Network File System, το Windows GDI+ component, την υπηρεσία Windows printing spooler και το Microsoft Teams.

Στον παρακάτω πίνακα, μπορείτε να βρείτε όλες τις ευπάθειες που διορθώνονται στο Patch Tuesday Νοεμβρίου 2020:
Tag | CVE ID | CVE Title | Severity |
---|---|---|---|
Azure DevOps | CVE-2020-1325 | Azure DevOps Server and Team Foundation Services Spoofing Vulnerability | Important |
Azure Sphere | CVE-2020-16985 | Azure Sphere Information Disclosure Vulnerability | Important |
Azure Sphere | CVE-2020-16986 | Azure Sphere Denial of Service Vulnerability | Important |
Azure Sphere | CVE-2020-16987 | Azure Sphere Unsigned Code Execution Vulnerability | Important |
Azure Sphere | CVE-2020-16984 | Azure Sphere Unsigned Code Execution Vulnerability | Important |
Azure Sphere | CVE-2020-16981 | Azure Sphere Elevation of Privilege Vulnerability | Important |
Azure Sphere | CVE-2020-16982 | Azure Sphere Unsigned Code Execution Vulnerability | Important |
Azure Sphere | CVE-2020-16983 | Azure Sphere Tampering Vulnerability | Important |
Azure Sphere | CVE-2020-16988 | Azure Sphere Elevation of Privilege Vulnerability | Critical |
Azure Sphere | CVE-2020-16993 | Azure Sphere Elevation of Privilege Vulnerability | Important |
Azure Sphere | CVE-2020-16994 | Azure Sphere Unsigned Code Execution Vulnerability | Important |
Azure Sphere | CVE-2020-16970 | Azure Sphere Unsigned Code Execution Vulnerability | Important |
Azure Sphere | CVE-2020-16992 | Azure Sphere Elevation of Privilege Vulnerability | Important |
Azure Sphere | CVE-2020-16989 | Azure Sphere Elevation of Privilege Vulnerability | Important |
Azure Sphere | CVE-2020-16990 | Azure Sphere Information Disclosure Vulnerability | Important |
Azure Sphere | CVE-2020-16991 | Azure Sphere Unsigned Code Execution Vulnerability | Important |
Common Log File System Driver | CVE-2020-17088 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
Micrοsoft Browsers | CVE-2020-17058 | Microsoft Browser Memory Corruption Vulnerability | Critical |
Micrοsoft Dynamics | CVE-2020-17005 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
Micrοsoft Dynamics | CVE-2020-17018 | Micrοsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
Micrοsoft Dynamics | CVE-2020-17021 | Micrοsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
Microsoft Dynamics | CVE-2020-17006 | Micrοsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
Microsoft Exchange Server | CVE-2020-17083 | Micrοsoft Exchange Server Remote Code Execution Vulnerability | Important |
Microsoft Exchange Server | CVE-2020-17085 | Micrοsoft Exchange Server Denial of Service Vulnerability | Important |
Micrοsoft Exchange Server | CVE-2020-17084 | Micrοsoft Exchange Server Remote Code Execution Vulnerability | Important |
Micrοsoft Graphics Component | CVE-2020-16998 | DirectX Elevation of Privilege Vulnerability | Important |
Micrοsoft Graphics Component | CVE-2020-17029 | Windows Canonical Display Driver Information Disclosure Vulnerability | Important |
Micrοsoft Graphics Component | CVE-2020-17004 | Windows Graphics Component Information Disclosure Vulnerability | Important |
Micrοsoft Graphics Component | CVE-2020-17038 | Win32k Elevation of Privilege Vulnerability | Important |
Micrοsoft Graphics Component | CVE-2020-17068 | Windows GDI+ Remote Code Execution Vulnerability | Important |
Micrοsoft Office | CVE-2020-17065 | Microsoft Excel Remote Code Execution Vulnerability | Important |
Micrοsoft Office | CVE-2020-17064 | Microsoft Excel Remote Code Execution Vulnerability | Important |
Micrοsoft Office | CVE-2020-17066 | Microsoft Excel Remote Code Execution Vulnerability | Important |
Micrοsoft Office | CVE-2020-17019 | Micrοsoft Excel Remote Code Execution Vulnerability | Important |
Micrοsoft Office | CVE-2020-17067 | Micrοsoft Excel Security Feature Bypass Vulnerability | Important |
Microsoft Office | CVE-2020-17062 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | Important |
Micrοsoft Office | CVE-2020-17063 | Micrοsoft Office Online Spoofing Vulnerability | Important |
Microsoft Office | CVE-2020-17020 | Microsoft Word Security Feature Bypass Vulnerability | Important |
Micrοsoft Office SharePoint | CVE-2020-17016 | Micrοsoft SharePoint Spoofing Vulnerability | Important |
Microsoft Office SharePoint | CVE-2020-16979 | Micrοsoft SharePoint Information Disclosure Vulnerability | Important |
Micrοsoft Office SharePoint | CVE-2020-17015 | Micrοsoft SharePoint Spoofing Vulnerability | Low |
Microsoft Office SharePoint | CVE-2020-17017 | Microsoft SharePoint Information Disclosure Vulnerability | Important |
Micrοsoft Office SharePoint | CVE-2020-17061 | Microsoft SharePoint Remote Code Execution Vulnerability | Important |
Microsoft Office SharePoint | CVE-2020-17060 | Micrοsoft SharePoint Spoofing Vulnerability | Important |
Micrοsoft Scripting Engine | CVE-2020-17048 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2020-17053 | Internet Explorer Memory Corruption Vulnerability | Critical |
Micrοsoft Scripting Engine | CVE-2020-17052 | Scripting Engine Memory Corruption Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2020-17054 | Chakra Scripting Engine Memory Corruption Vulnerability | Important |
Microsoft Teams | CVE-2020-17091 | Microsoft Teams Remote Code Execution Vulnerability | Important |
Micrοsoft Windows | CVE-2020-17032 | Windows Remote Access Elevation of Privilege Vulnerability | Important |
Micrοsoft Windows | CVE-2020-17033 | Windows Remote Access Elevation of Privilege Vulnerability | Important |
Micrοsoft Windows | CVE-2020-17026 | Windows Remote Access Elevation of Privilege Vulnerability | Important |
Micrοsoft Windows | CVE-2020-17031 | Windows Remote Access Elevation of Privilege Vulnerability | Important |
Micrοsoft Windows | CVE-2020-17027 | Windows Remote Access Elevation of Privilege Vulnerability | Important |
Micrοsoft Windows | CVE-2020-17030 | Windows MSCTF Server Information Disclosure Vulnerability | Important |
Micrοsoft Windows | CVE-2020-17028 | Windows Remote Access Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-17044 | Windows Remote Access Elevation of Privilege Vulnerability | Important |
Micrοsoft Windows | CVE-2020-17045 | Windows KernelStream Information Disclosure Vulnerability | Important |
Microsoft Windows | CVE-2020-17046 | Windows Error Reporting Denial of Service Vulnerability | Low |
Micrοsoft Windows | CVE-2020-17043 | Windows Remote Access Elevation of Privilege Vulnerability | Important |
Micrοsoft Windows | CVE-2020-17042 | Windows Print Spooler Remote Code Execution Vulnerability | Critical |
Micrοsoft Windows | CVE-2020-17041 | Windows Print Configuration Elevation of Privilege Vulnerability | Important |
Micrοsoft Windows | CVE-2020-17034 | Windows Remote Access Elevation of Privilege Vulnerability | Important |
Micrοsoft Windows | CVE-2020-17049 | Kerberos Security Feature Bypass Vulnerability | Important |
Micrοsoft Windows | CVE-2020-17051 | Windows Network File System Remote Code Execution Vulnerability | Critical |
Microsoft Windows | CVE-2020-17040 | Windows Hyper-V Security Feature Bypass Vulnerability | Important |
Micrοsoft Windows | CVE-2020-17047 | Windows Network File System Denial of Service Vulnerability | Important |
Microsoft Windows | CVE-2020-17036 | Windows Function Discovery SSDP Provider Information Disclosure Vulnerability | Important |
Microsoft Windows | CVE-2020-17000 | Remote Desktop Protocol Client Information Disclosure Vulnerability | Important |
Microsoft Windows | CVE-2020-1599 | Windows Spoofing Vulnerability | Important |
Microsoft Windows | CVE-2020-16997 | Remote Desktop Protocol Server Information Disclosure Vulnerability | Important |
Microsoft Windows | CVE-2020-17001 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-17057 | Windows Win32k Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-17056 | Windows Network File System Information Disclosure Vulnerability | Important |
Microsoft Windows | CVE-2020-17055 | Windows Remote Access Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-17010 | Win32k Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-17007 | Windows Error Reporting Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-17014 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-17025 | Windows Remote Access Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-17024 | Windows Client Side Rendering Print Provider Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-17013 | Win32k Information Disclosure Vulnerability | Important |
Microsoft Windows | CVE-2020-17011 | Windows Port Class Library Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-17012 | Windows Bind Filter Driver Elevation of Privilege Vulnerability | Important |
Microsoft Windows Codecs Library | CVE-2020-17106 | HEVC Video Extensions Remote Code Execution Vulnerability | Critical |
Microsoft Windows Codecs Library | CVE-2020-17101 | HEIF Image Extensions Remote Code Execution Vulnerability | Critical |
Microsoft Windows Codecs Library | CVE-2020-17105 | AV1 Video Extension Remote Code Execution Vulnerability | Critical |
Microsoft Windows Codecs Library | CVE-2020-17102 | WebP Image Extensions Information Disclosure Vulnerability | Important |
Microsoft Windows Codecs Library | CVE-2020-17082 | Raw Image Extension Remote Code Execution Vulnerability | Critical |
Microsoft Windows Codecs Library | CVE-2020-17086 | Raw Image Extension Remote Code Execution Vulnerability | Important |
Microsoft Windows Codecs Library | CVE-2020-17081 | Microsoft Raw Image Extension Information Disclosure Vulnerability | Important |
Microsoft Windows Codecs Library | CVE-2020-17079 | Raw Image Extension Remote Code Execution Vulnerability | Critical |
Microsoft Windows Codecs Library | CVE-2020-17078 | Raw Image Extension Remote Code Execution Vulnerability | Critical |
Microsoft Windows Codecs Library | CVE-2020-17107 | HEVC Video Extensions Remote Code Execution Vulnerability | Critical |
Microsoft Windows Codecs Library | CVE-2020-17110 | HEVC Video Extensions Remote Code Execution Vulnerability | Critical |
Microsoft Windows Codecs Library | CVE-2020-17113 | Windows Camera Codec Information Disclosure Vulnerability | Important |
Microsoft Windows Codecs Library | CVE-2020-17108 | HEVC Video Extensions Remote Code Execution Vulnerability | Critical |
Microsoft Windows Codecs Library | CVE-2020-17109 | HEVC Video Extensions Remote Code Execution Vulnerability | Critical |
Visual Studio | CVE-2020-17104 | Visual Studio Code JSHint Extension Remote Code Execution Vulnerability | Important |
Visual Studio | CVE-2020-17100 | Visual Studio Tampering Vulnerability | Important |
Windows Defender | CVE-2020-17090 | Microsoft Defender for Endpoint Security Feature Bypass Vulnerability | Important |
Windows Kernel | CVE-2020-17035 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2020-17087 | Windows Kernel Local Elevation of Privilege Vulnerability | Important |
Windows NDIS | CVE-2020-17069 | Windows NDIS Information Disclosure Vulnerability | Important |
Windows Update Stack | CVE-2020-17074 | Windows Update Orchestrator Service Elevation of Privilege Vulnerability | Important |
Windows Update Stack | CVE-2020-17073 | Windows Update Orchestrator Service Elevation of Privilege Vulnerability | Important |
Windows Update Stack | CVE-2020-17071 | Windows Delivery Optimization Information Disclosure Vulnerability | Important |
Windows Update Stack | CVE-2020-17075 | Windows USO Core Worker Elevation of Privilege Vulnerability | Important |
Windows Update Stack | CVE-2020-17070 | Windows Update Medic Service Elevation of Privilege Vulnerability | Important |
Windows Update Stack | CVE-2020-17077 | Windows Update Stack Elevation of Privilege Vulnerability | Important |
Windows Update Stack | CVE-2020-17076 | Windows Update Orchestrator Service Elevation of Privilege Vulnerability | Important |
Windows WalletService | CVE-2020-16999 | Windows WalletService Information Disclosure Vulnerability | Important |
Windows WalletService | CVE-2020-17037 | Windows WalletService Elevation of Privilege Vulnerability | Important |
Πηγή: ZDNet