Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2020.0217 Microsoft Patch Tuesday update for Windows for December 2020 9 December 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Windows Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Increased Privileges -- Existing Account Denial of Service -- Existing Account Provide Misleading Information -- Remote with User Interaction Access Confidential Data -- Existing Account Unauthorised Access -- Existing Account Reduced Security -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2020-17140 CVE-2020-17139 CVE-2020-17138 CVE-2020-17137 CVE-2020-17136 CVE-2020-17134 CVE-2020-17103 CVE-2020-17099 CVE-2020-17098 CVE-2020-17097 CVE-2020-17096 CVE-2020-17095 CVE-2020-17094 CVE-2020-17092 CVE-2020-16996 CVE-2020-16964 CVE-2020-16963 CVE-2020-16962 CVE-2020-16961 CVE-2020-16960 CVE-2020-16959 CVE-2020-16958 Member content until: Friday, January 8 2021 OVERVIEW Microsoft has released its monthly security patch update for the month of December 2020. This update resolves 23 vulnerabilities across the following products: [1] Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1903 for 32-bit Systems Windows 10 Version 1903 for ARM64-based Systems Windows 10 Version 1903 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for x64-based Systems Windows 10 Version 20H2 for 32-bit Systems Windows 10 Version 20H2 for ARM64-based Systems Windows 10 Version 20H2 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server, version 1903 (Server Core installation) Windows Server, version 1909 (Server Core installation) Windows Server, version 2004 (Server Core installation) Windows Server, version 20H2 (Server Core Installation) IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity ADV200013 Spoofing Important CVE-2020-16958 Elevation of Privilege Important CVE-2020-16959 Elevation of Privilege Important CVE-2020-16960 Elevation of Privilege Important CVE-2020-16961 Elevation of Privilege Important CVE-2020-16962 Elevation of Privilege Important CVE-2020-16963 Elevation of Privilege Important CVE-2020-16964 Elevation of Privilege Important CVE-2020-16996 Security Feature Bypass Important CVE-2020-17092 Elevation of Privilege Important CVE-2020-17094 Information Disclosure Important CVE-2020-17095 Remote Code Execution Critical CVE-2020-17096 Remote Code Execution Important CVE-2020-17097 Elevation of Privilege Important CVE-2020-17098 Information Disclosure Important CVE-2020-17099 Security Feature Bypass Important CVE-2020-17103 Elevation of Privilege Important CVE-2020-17134 Elevation of Privilege Important CVE-2020-17136 Elevation of Privilege Important CVE-2020-17137 Elevation of Privilege Important CVE-2020-17138 Information Disclosure Important CVE-2020-17139 Security Feature Bypass Important CVE-2020-17140 Information Disclosure Important MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1]. KB4592446, KB4592464, KB4592497, KB4586830, KB4592440 KB4586786, KB4592495, KB4586781, KB4592438, KB4592468 KB4592484, KB4592449, KB4593226, KB4586793 REFERENCES [1] Security Update Guide https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBX9AhyuNLKJtyKPYoAQhMkw//YAYsN5lrCk9XYmpYHPMNo5CTOtB2C7KA Jg8NPHX3nEgZI3Jc+2AHT9s7qlhPj9k5bG8LU19o4Y7GW173S9N6hPYOI6AOVZne htVSh/YwcwaagZ2Yie5D1HsqxqWb/gjgEY4VVfa01UtOvsuDWH7wHLP3OSgtT+oW mXGmZaQ29ZYdKbIs2LqzJAx36WV1popIyvz0NyLsQVW/C0Zm79i7Y1GGH4JfGLYJ jV43xv5H47bb5JgEAhOwyE2ptGvByIZwsAbCMCbtgSBu/c7ZWtYR5nAZWuxTD3B/ cF+gZWQF1kuvY8rXhb6cbOylhiqiYbEhqW8OjuTSqSumTIg243GcfAzgSkli4dAK eYwvLq3vCDw6ufadr3hxPymhcWErTKTQ/8L30pFNdCVPH5IkeRgdOdQvm2GixKhR f1mjvZ0NHeG0y/ekdPRfPZ6PIoH3zwhVOI5DJStAWMuuvalzA3J51WdNkot4BuE2 NSEkhCEJP5Ev/7iLgv+J8KnmB5uwgHD7UR0E2N379XaJ0Q6TpGTKyAfjYj4cUmVN 2ghMHONRVwmjKgs+jwioYPDzDinMTMPuZTjBDn/vYqtJeSKTfLbG8fm6db5OjnKw t53cDSfB4SUubfLIaGCSqIUhKmwUP3RW0AGRftGHQx37VXGrC1ywZKZ5c7TPhI0N lZJO0Sta39k= =aHtr -----END PGP SIGNATURE-----