Don't miss a single vulnerability this Patch Tuesday. The latest patches and updates from Microsoft and multiple third-party applications can be found in November's Patch Tuesday Index below.
Automox Patch Tuesday expert Jay Goodman will be breaking down all of November's Patch Tuesday releases tomorrow, November 11, 2020. Register here so you can prioritize the patches for your environment and ask any question you may have.
We went ahead and included some out-of-band patches from Google, Adobe, Mozilla, and Apple as their were some zero-days and critical fixes released.
Updated Live. Last Update 10:41 AM EST November 10 2020.
![]() |
|||
Product |
Description
|
Identifier
|
Severity
|
Google Chrome | CVE-2020-16009 currently has known exploit code in the wild. | Chrome 86.0.4240.183 | High |
![]() |
|||
Product |
Title
|
Identifier
|
Severity
|
Adobe Connect | 2 Security Vulnerabilities fixed in Adobe Connect | APSB20-69 | High |
Adobe Reader Mobile | 1 Security Vulnerability fixed in Adobe Reader Mobile | APSB20-71 | High |
Adobe Illustrator | 7 Security Vulnerabilities fixed in Adobe Illustrator | APSB20-53 | High |
Adobe Dreamweaver | 1 Security Vulnerability fixed in Adobe Dreamweaver | APSB20-55 | High |
Adobe Marketo | 1 Security Vulnerability fixed in Adobe Marketo | APSB20-60 | High |
Adobe Animate | 4 Security Vulnerabilities fixed in Adobe Animate | APSB20-61 | High |
Adobe After Effects | 2 Security Vulnerabilities fixed in Adobe After Effects | APSB20-62 | High |
Adobe Photoshop | 1 Security Vulnerability fixed in Adobe Photoshop | APSB20-63 | High |
Adobe Premiere Pro | 1 Security Vulnerability fixed in Adobe Premiere Pro | APSB20-64 | High |
Adobe Media Encoder | 1 Security Vulnerability fixed in Adobe Media Encoder | APSB20-65 | High |
Adobe InDesign | 1 Security Vulnerability fixed in Adobe InDesign | APSB20-66 | High |
Adobe Creative Cloud | 1 Security Vulnerability fixed in Adobe Creative Cloud | APSB20-68 | High |
Adobe Acrobat and Reader | 14 Security Vulnerabilities fixed in Adobe Acrobat and Reader | APSB20-67 | High |
![]() |
|||
Product |
Title
|
Identifier
|
Severity
|
Mozilla Firefox & Firefox ESR | 1 security vulnerability in Firefox 82.0.3 and Firefox ESR 78.4.1 | MFSA 2020-49 | Critical |
Mozilla VPN | 1 OAuth session fixation vulnerability | MFSA 2020-48 | Medium |
![]() |
|||
Product |
Title
|
Identifier
|
Severity
|
macOS Catalina 10.15.7 Update | 3 Zero-Day Exploits | CVE-2020-27930, -27932, -27950 | Critical |
![]() |
|||
Product |
Title
|
Identifier
|
Severity
|
Azure Sphere | Azure Sphere Elevation of Privilege Vulnerability | CVE-2020-16988 | Critical |
Microsoft Windows | Windows Print Spooler Remote Code Execution Vulnerability | CVE-2020-17042 | Critical |
Microsoft Scripting Engine | Chakra Scripting Engine Memory Corruption Vulnerability | CVE-2020-17048 | Critical |
Microsoft Windows | Windows Network File System Remote Code Execution Vulnerability | CVE-2020-17051 | Critical |
Microsoft Scripting Engine | Scripting Engine Memory Corruption Vulnerability | CVE-2020-17052 | Critical |
Microsoft Scripting Engine | Internet Explorer Memory Corruption Vulnerability | CVE-2020-17053 | Critical |
Microsoft Browsers | Microsoft Browser Memory Corruption Vulnerability | CVE-2020-17058 | Critical |
Microsoft Windows Codecs Library | Microsoft Raw Image Extension Remote Code Execution Vulnerability | CVE-2020-17078 | Critical |
Microsoft Windows Codecs Library | Microsoft Raw Image Extension Remote Code Execution Vulnerability | CVE-2020-17079 | Critical |
Microsoft Windows Codecs Library | Microsoft Raw Image Extension Remote Code Execution Vulnerability | CVE-2020-17082 | Critical |
Microsoft Windows Codecs Library | HEIF Image Extensions Remote Code Execution Vulnerability | CVE-2020-17101 | Critical |
Microsoft Windows Codecs Library | AV1 Video Extension Remote Code Execution Vulnerability | CVE-2020-17105 | Critical |
Microsoft Windows Codecs Library | HEVC Video Extensions Remote Code Execution Vulnerability | CVE-2020-17106 | Critical |
Microsoft Windows Codecs Library | HEVC Video Extensions Remote Code Execution Vulnerability | CVE-2020-17107 | Critical |
Microsoft Windows Codecs Library | HEVC Video Extensions Remote Code Execution Vulnerability | CVE-2020-17108 | Critical |
Microsoft Windows Codecs Library | HEVC Video Extensions Remote Code Execution Vulnerability | CVE-2020-17109 | Critical |
Microsoft Windows Codecs Library | HEVC Video Extensions Remote Code Execution Vulnerability | CVE-2020-17110 | Critical |
Azure DevOps | Azure DevOps Server and Team Foundation Services Spoofing Vulnerability | CVE-2020-1325 | High |
Microsoft Windows | Windows Spoofing Vulnerability | CVE-2020-1599 | High |
Azure Sphere | Azure Sphere Unsigned Code Execution Vulnerability | CVE-2020-16970 | High |
Microsoft Office SharePoint | Microsoft SharePoint Information Disclosure Vulnerability | CVE-2020-16979 | High |
Azure Sphere | Azure Sphere Elevation of Privilege Vulnerability | CVE-2020-16981 | High |
Azure Sphere | Azure Sphere Unsigned Code Execution Vulnerability | CVE-2020-16982 | High |
Azure Sphere | Azure Sphere Tampering Vulnerability | CVE-2020-16983 | High |
Azure Sphere | Azure Sphere Unsigned Code Execution Vulnerability | CVE-2020-16984 | High |
Azure Sphere | Azure Sphere Information Disclosure Vulnerability | CVE-2020-16985 | High |
Azure Sphere | Azure Sphere Denial of Service Vulnerability | CVE-2020-16986 | High |
Azure Sphere | Azure Sphere Unsigned Code Execution Vulnerability | CVE-2020-16987 | High |
Azure Sphere | Azure Sphere Elevation of Privilege Vulnerability | CVE-2020-16989 | High |
Azure Sphere | Azure Sphere Information Disclosure Vulnerability | CVE-2020-16990 | High |
Azure Sphere | Azure Sphere Unsigned Code Execution Vulnerability | CVE-2020-16991 | High |
Azure Sphere | Azure Sphere Elevation of Privilege Vulnerability | CVE-2020-16992 | High |
Azure Sphere | Azure Sphere Elevation of Privilege Vulnerability | CVE-2020-16993 | High |
Azure Sphere | Azure Sphere Unsigned Code Execution Vulnerability | CVE-2020-16994 | High |
Microsoft Windows | Kerberos Security Feature Bypass Vulnerability | CVE-2020-16996 | High |
Microsoft Windows | Remote Desktop Protocol Server Information Disclosure Vulnerability | CVE-2020-16997 | High |
Microsoft Graphics Component | DirectX Elevation of Privilege Vulnerability | CVE-2020-16998 | High |
Windows WalletService | Windows WalletService Information Disclosure Vulnerability | CVE-2020-16999 | High |
Microsoft Windows | Remote Desktop Protocol Client Information Disclosure Vulnerability | CVE-2020-17000 | High |
Microsoft Windows | Windows Print Spooler Elevation of Privilege Vulnerability | CVE-2020-17001 | High |
Microsoft Graphics Component | Windows Graphics Component Information Disclosure Vulnerability | CVE-2020-17004 | High |
Microsoft Dynamics | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | CVE-2020-17005 | High |
Microsoft Dynamics | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | CVE-2020-17006 | High |
Microsoft Windows | Windows Error Reporting Elevation of Privilege Vulnerability | CVE-2020-17007 | High |
Microsoft Windows | Win32k Elevation of Privilege Vulnerability | CVE-2020-17010 | High |
Microsoft Windows | Windows Port Class Library Elevation of Privilege Vulnerability | CVE-2020-17011 | High |
Microsoft Windows | Windows Bind Filter Driver Elevation of Privilege Vulnerability | CVE-2020-17012 | High |
Microsoft Windows | Win32k Information Disclosure Vulnerability | CVE-2020-17013 | High |
Microsoft Windows | Windows Print Spooler Elevation of Privilege Vulnerability | CVE-2020-17014 | High |
Microsoft Office SharePoint | Microsoft SharePoint Spoofing Vulnerability | CVE-2020-17016 | High |
Microsoft Office SharePoint | Microsoft SharePoint Information Disclosure Vulnerability | CVE-2020-17017 | High |
Microsoft Dynamics | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | CVE-2020-17018 | High |
Microsoft Office | Microsoft Excel Remote Code Execution Vulnerability | CVE-2020-17019 | High |
Microsoft Office | Microsoft Word Security Feature Bypass Vulnerability | CVE-2020-17020 | High |
Microsoft Dynamics | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | CVE-2020-17021 | High |
Microsoft Windows | Windows Client Side Rendering Print Provider Elevation of Privilege Vulnerability | CVE-2020-17024 | High |
Microsoft Windows | Windows Remote Access Elevation of Privilege Vulnerability | CVE-2020-17025 | High |
Microsoft Windows | Windows Remote Access Elevation of Privilege Vulnerability | CVE-2020-17026 | High |
Microsoft Windows | Windows Remote Access Elevation of Privilege Vulnerability | CVE-2020-17027 | High |
Microsoft Windows | Windows Remote Access Elevation of Privilege Vulnerability | CVE-2020-17028 | High |
Microsoft Graphics Component | Windows Canonical Display Driver Information Disclosure Vulnerability | CVE-2020-17029 | High |
Microsoft Windows | Windows MSCTF Server Information Disclosure Vulnerability | CVE-2020-17030 | High |
Microsoft Windows | Windows Remote Access Elevation of Privilege Vulnerability | CVE-2020-17031 | High |
Microsoft Windows | Windows Remote Access Elevation of Privilege Vulnerability | CVE-2020-17032 | High |
Microsoft Windows | Windows Remote Access Elevation of Privilege Vulnerability | CVE-2020-17033 | High |
Microsoft Windows | Windows Remote Access Elevation of Privilege Vulnerability | CVE-2020-17034 | High |
Windows Kernel | Windows Kernel Elevation of Privilege Vulnerability | CVE-2020-17035 | High |
Microsoft Windows | Windows Function Discovery SSDP Provider Information Disclosure Vulnerability | CVE-2020-17036 | High |
Windows WalletService | Windows WalletService Elevation of Privilege Vulnerability | CVE-2020-17037 | High |
Microsoft Graphics Component | Win32k Elevation of Privilege Vulnerability | CVE-2020-17038 | High |
Microsoft Windows | Windows Hyper-V Security Feature Bypass Vulnerability | CVE-2020-17040 | High |
Microsoft Windows | Windows Print Configuration Elevation of Privilege Vulnerability | CVE-2020-17041 | High |
Microsoft Windows | Windows Remote Access Elevation of Privilege Vulnerability | CVE-2020-17043 | High |
Microsoft Windows | Windows Remote Access Elevation of Privilege Vulnerability | CVE-2020-17044 | High |
Microsoft Windows | Windows KernelStream Information Disclosure Vulnerability | CVE-2020-17045 | High |
Microsoft Windows | Windows Network File System Denial of Service Vulnerability | CVE-2020-17047 | High |
Microsoft Windows | Kerberos Security Feature Bypass Vulnerability | CVE-2020-17049 | High |
Microsoft Scripting Engine | Chakra Scripting Engine Memory Corruption Vulnerability | CVE-2020-17054 | High |
Microsoft Windows | Windows Remote Access Elevation of Privilege Vulnerability | CVE-2020-17055 | High |
Microsoft Windows | Windows Network File System Remote Code Execution Vulnerability | CVE-2020-17056 | High |
Microsoft Windows | Windows Win32k Elevation of Privilege Vulnerability | CVE-2020-17057 | High |
Microsoft Office SharePoint | Microsoft SharePoint Spoofing Vulnerability | CVE-2020-17060 | High |
Microsoft Office SharePoint | Microsoft SharePoint Remote Code Execution Vulnerability | CVE-2020-17061 | High |
Microsoft Office | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | CVE-2020-17062 | High |
Microsoft Office | Microsoft SharePoint Spoofing Vulnerability | CVE-2020-17063 | High |
Microsoft Office | Microsoft Excel Remote Code Execution Vulnerability | CVE-2020-17064 | High |
Microsoft Office | Microsoft Excel Remote Code Execution Vulnerability | CVE-2020-17065 | High |
Microsoft Office | Microsoft Excel Remote Code Execution Vulnerability | CVE-2020-17066 | High |
Microsoft Office | Microsoft Excel Security Feature Bypass Vulnerability | CVE-2020-17067 | High |
Microsoft Graphics Component | Windows GDI+ Remote Code Execution Vulnerability | CVE-2020-17068 | High |
Windows NDIS | Windows NDIS Information Disclosure Vulnerability | CVE-2020-17069 | High |
Windows Update Stack | Windows Update Medic Service Elevation of Privilege Vulnerability | CVE-2020-17070 | High |
Windows Update Stack | Windows Delivery Optimization Information Disclosure Vulnerability | CVE-2020-17071 | High |
Windows Update Stack | Windows Update Orchestrator Service Elevation of Privilege Vulnerability | CVE-2020-17073 | High |
Windows Update Stack | Windows Update Orchestrator Service Elevation of Privilege Vulnerability | CVE-2020-17074 | High |
Windows Update Stack | Windows USO Core Worker Elevation of Privilege Vulnerability | CVE-2020-17075 | High |
Windows Update Stack | Windows Update Orchestrator Service Elevation of Privilege Vulnerability | CVE-2020-17076 | High |
Windows Update Stack | Windows Update Stack Elevation of Privilege Vulnerability | CVE-2020-17077 | High |
Microsoft Windows Codecs Library | Microsoft Raw Image Extension Information Disclosure Vulnerability | CVE-2020-17081 | High |
Microsoft Exchange Server | Microsoft Exchange Server Remote Code Execution Vulnerability | CVE-2020-17083 | High |
Microsoft Exchange Server | Microsoft Exchange Server Remote Code Execution Vulnerability | CVE-2020-17084 | High |
Microsoft Exchange Server | Microsoft Exchange Server Denial of Service Vulnerability | CVE-2020-17085 | High |
Microsoft Windows Codecs Library | Microsoft Raw Image Extension Remote Code Execution Vulnerability | CVE-2020-17086 | High |
Windows Kernel | Windows Kernel Local Elevation of Privilege Vulnerability | CVE-2020-17087 | High |
Common Log File System Driver | Windows Common Log File System Driver Elevation of Privilege Vulnerability | CVE-2020-17088 | High |
Windows Defender | Microsoft Defender for Endpoint Security Feature Bypass Vulnerability | CVE-2020-17090 | High |
Microsoft Teams | Microsoft Teams Remote Code Execution Vulnerability | CVE-2020-17091 | High |
Visual Studio | Visual Studio Tampering Vulnerability | CVE-2020-17100 | High |
Microsoft Windows Codecs Library | WebP Image Extensions Information Disclosure Vulnerability | CVE-2020-17102 | High |
Visual Studio | Visual Studio Code JSHint Extension Remote Code Execution Vulnerability | CVE-2020-17104 | High |
Microsoft Office SharePoint | Microsoft SharePoint Spoofing Vulnerability | CVE-2020-17015 | Low |
Microsoft Windows | Windows Error Reporting Denial of Service Vulnerability | CVE-2020-17046 | Low |
About Automox
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.