Jumping right back to a triple digit volume of vulnerabilities resolved, Microsoft covers 112 CVEs this November affecting products ranging from our standard Windows Operating Systems and Microsoft Office products to some new entries such as Azure Sphere.
Microsoft CVE-2020-17087: Windows Kernel Local Elevation of Privilege Vulnerability
Coming as no surprise to anyone, the previously disclosed CVE-2020-17087 zero-day affecting all supported versions of Windows has a patch this month. It is with this same patch that over half of the additional vulnerabilities detailed this month can be remediated, so definitely have your patching cycles ready. CVE-2020-17087 is a buffer overflow vulnerability behind the Windows Kernel Cryptography Driver that gave local attackers the ability to escalate privileges. Luckily, as seen via Rapid7's AttackerKB analysis "exploitability is at least somewhat more limited than it might appear at first glance." This does not diminish the need to prioritize Operating System patching because of the next vulnerability up for discussion: CVE-2020-17051.
Microsoft CVE-2020-17051: Windows Network File System Remote Code Execution
CVE-2020-17051 is this month's highest severity vulnerability sitting at CVSS 9.8. Microsoft describes CVE-2020-17051 as a Remote Code Execution vulnerability affecting Windows Network File System. At the time of writing, information regarding this vulnerability is light but Microsoft has noted that it has low attack complexity and does not require user interaction to exploit. This is aptly represented by the high CVSS score. At this point, this vulnerability is not known to be e ..
Support the originator by clicking the read the rest link below.
