Don't miss a single vulnerability this Patch Tuesday. The latest patches and updates from Microsoft and multiple third-party applications can be found in December's Patch Tuesday Index below.
The first gift of the holiday season comes from Microsoft in the form of the second lightest Patch Tuesday release of the year. December’s total of 58 new vulnerabilities pales in comparison to previous months, bringing 9 critical updates, all of which are remote code execution (RCE) bugs with the only exception being a memory corruption vulnerability.
Automox Patch Tuesday expert Justin Knapp will be breaking down all of December's Patch Tuesday releases tomorrow, December 9, 2020. Register here so you can prioritize the patches for your environment and ask any question you may have.
Updated Live. Last Update 1:02 PM EST December 8, 2020.
![]() |
|||
Product |
Title
|
Identifier
|
Severity
|
Mozilla Thunderbird | 1 security vulnerability fixed in Thunderbird 78.5.1 | MFSA 2020-53 | High |
![]() |
|||
Product |
Title
|
Identifier
|
Severity
|
Adobe Prelude | 1 Security Vulnerability fixed in Adobe Prelude | APSB20-70 | Critical |
Adobe Experience Manager | 2 Security Vulnerabilities fixed in Adobe Experience Manager | APSB20-72 | Critical |
Adobe Lightroom | 1 Security Vulnerability fixed in Adobe Lightroom | APSB20-74 | Critical |
Adobe Lightroom | 1 Security Vulnerability fixed in Adobe Acrobat | APSB20-75 | High |
![]() |
|||
Product |
Title
|
Identifier
|
Severity
|
Windows Hyper-V | Hyper-V Remote Code Execution Vulnerability | CVE-2020-17095 | Critical |
Microsoft Exchange Server | Microsoft Exchange Remote Code Execution Vulnerability | CVE-2020-17117 | Critical |
Microsoft Office SharePoint | Microsoft SharePoint Remote Code Execution Vulnerability | CVE-2020-17118 | Critical |
Microsoft Office SharePoint | Microsoft SharePoint Remote Code Execution Vulnerability | CVE-2020-17121 | Critical |
Microsoft Edge | Chakra Scripting Engine Memory Corruption Vulnerability | CVE-2020-17131 | Critical |
Microsoft Exchange Server | Microsoft Exchange Remote Code Execution Vulnerability | CVE-2020-17132 | Critical |
Microsoft Exchange Server | Microsoft Exchange Remote Code Execution Vulnerability | CVE-2020-17142 | Critical |
Microsoft Dynamics | Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability | CVE-2020-17152 | Critical |
Microsoft Dynamics | Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability | CVE-2020-17158 | Critical |
Windows Backup Engine | Windows Backup Engine Elevation of Privilege Vulnerability | CVE-2020-16958 | High |
Windows Backup Engine | Windows Backup Engine Elevation of Privilege Vulnerability | CVE-2020-16959 | High |
Windows Backup Engine | Windows Backup Engine Elevation of Privilege Vulnerability | CVE-2020-16960 | High |
Windows Backup Engine | Windows Backup Engine Elevation of Privilege Vulnerability | CVE-2020-16961 | High |
Windows Backup Engine | Windows Backup Engine Elevation of Privilege Vulnerability | CVE-2020-16962 | High |
Windows Backup Engine | Windows Backup Engine Elevation of Privilege Vulnerability | CVE-2020-16963 | High |
Windows Backup Engine | Windows Backup Engine Elevation of Privilege Vulnerability | CVE-2020-16964 | High |
Azure SDK | Azure SDK for Java Security Feature Bypass Vulnerability | CVE-2020-16971 | High |
Microsoft Windows | Kerberos Security Feature Bypass Vulnerability | CVE-2020-16996 | High |
Azure SDK | Azure SDK for C Security Feature Bypass Vulnerability | CVE-2020-17002 | High |
Microsoft Office SharePoint | Microsoft SharePoint Elevation of Privilege Vulnerability | CVE-2020-17089 | High |
Microsoft Windows | Windows Network Connections Service Elevation of Privilege Vulnerability | CVE-2020-17092 | High |
Windows Error Reporting | Windows Error Reporting Information Disclosure Vulnerability | CVE-2020-17094 | High |
Windows SMB | Windows NTFS Remote Code Execution Vulnerability | CVE-2020-17096 | High |
Windows Media | Windows Digital Media Receiver Elevation of Privilege Vulnerability | CVE-2020-17097 | High |
Microsoft Graphics Component | Windows GDI+ Information Disclosure Vulnerability | CVE-2020-17098 | High |
Windows Lock Screen | Windows Lock Screen Security Feature Bypass Vulnerability | CVE-2020-17099 | High |
Microsoft Windows | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | CVE-2020-17103 | High |
Microsoft Office | Microsoft Outlook Information Disclosure Vulnerability | CVE-2020-17119 | High |
Microsoft Office SharePoint | Microsoft SharePoint Information Disclosure Vulnerability | CVE-2020-17120 | High |
Microsoft Office | Microsoft Excel Remote Code Execution Vulnerability | CVE-2020-17122 | High |
Microsoft Office | Microsoft Excel Remote Code Execution Vulnerability | CVE-2020-17123 | High |
Microsoft Office | Microsoft PowerPoint Remote Code Execution Vulnerability | CVE-2020-17124 | High |
Microsoft Office | Microsoft Excel Remote Code Execution Vulnerability | CVE-2020-17125 | High |
Microsoft Office | Microsoft Excel Information Disclosure Vulnerability | CVE-2020-17126 | High |
Microsoft Office | Microsoft Excel Remote Code Execution Vulnerability | CVE-2020-17127 | High |
Microsoft Office | Microsoft Excel Remote Code Execution Vulnerability | CVE-2020-17128 | High |
Microsoft Office | Microsoft Excel Remote Code Execution Vulnerability | CVE-2020-17129 | High |
Microsoft Office | Microsoft Excel Security Feature Bypass Vulnerability | CVE-2020-17130 | High |
Microsoft Dynamics | Microsoft Dynamics Business Central/NAV Information Disclosure | CVE-2020-17133 | High |
Microsoft Windows | Windows Overlay Filter Security Feature Bypass Vulnerability | CVE-2020-17134 | High |
Azure DevOps | Azure DevOps Server Spoofing Vulnerability | CVE-2020-17135 | High |
Microsoft Windows | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | CVE-2020-17136 | High |
Microsoft Graphics Component | DirectX Graphics Kernel Elevation of Privilege Vulnerability | CVE-2020-17137 | High |
Microsoft Windows | Windows Error Reporting Information Disclosure Vulnerability | CVE-2020-17138 | High |
Microsoft Windows | Windows Overlay Filter Security Feature Bypass Vulnerability | CVE-2020-17139 | High |
Windows SMB | Windows SMB Information Disclosure Vulnerability | CVE-2020-17140 | High |
Microsoft Exchange Server | Microsoft Exchange Remote Code Execution Vulnerability | CVE-2020-17141 | High |
Microsoft Exchange Server | Microsoft Exchange Information Disclosure Vulnerability | CVE-2020-17143 | High |
Microsoft Exchange Server | Microsoft Exchange Remote Code Execution Vulnerability | CVE-2020-17144 | High |
Azure DevOps | Azure DevOps Server and Team Foundation Services Spoofing Vulnerability | CVE-2020-17145 | High |
Microsoft Dynamics | Dynamics CRM Webclient Cross-site Scripting Vulnerability | CVE-2020-17147 | High |
Visual Studio | Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability | CVE-2020-17148 | High |
Visual Studio | Visual Studio Code Remote Code Execution Vulnerability | CVE-2020-17150 | High |
Visual Studio | Git for Visual Studio Remote Code Execution Vulnerability | CVE-2020-17156 | High |
Visual Studio Code Language Support for Java Extension | Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability | CVE-2020-17159 | High |
Azure Sphere | Azure Sphere Security Feature Bypass Vulnerability | CVE-2020-17160 | High |
Microsoft Office SharePoint | Microsoft SharePoint Spoofing Vulnerability | CVE-2020-17115 | Medium |
Microsoft Edge | Microsoft Edge for Android Spoofing Vulnerability | CVE-2020-17153 | Medium |
About Automox
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.