-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2020.0217
       Microsoft Patch Tuesday update for Windows for December 2020
                              9 December 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Windows
Operating System:     Windows
Impact/Access:        Execute Arbitrary Code/Commands -- Existing Account            
                      Increased Privileges            -- Existing Account            
                      Denial of Service               -- Existing Account            
                      Provide Misleading Information  -- Remote with User Interaction
                      Access Confidential Data        -- Existing Account            
                      Unauthorised Access             -- Existing Account            
                      Reduced Security                -- Existing Account            
Resolution:           Patch/Upgrade
CVE Names:            CVE-2020-17140 CVE-2020-17139 CVE-2020-17138
                      CVE-2020-17137 CVE-2020-17136 CVE-2020-17134
                      CVE-2020-17103 CVE-2020-17099 CVE-2020-17098
                      CVE-2020-17097 CVE-2020-17096 CVE-2020-17095
                      CVE-2020-17094 CVE-2020-17092 CVE-2020-16996
                      CVE-2020-16964 CVE-2020-16963 CVE-2020-16962
                      CVE-2020-16961 CVE-2020-16960 CVE-2020-16959
                      CVE-2020-16958  
Member content until: Friday, January  8 2021

OVERVIEW

        Microsoft has released its monthly security patch update for the
        month of December 2020.
        
        This update resolves 23 vulnerabilities across the following
        products: [1]
        
         Windows 10 Version 1607 for 32-bit Systems
         Windows 10 Version 1607 for x64-based Systems
         Windows 10 Version 1803 for 32-bit Systems
         Windows 10 Version 1803 for ARM64-based Systems
         Windows 10 Version 1803 for x64-based Systems
         Windows 10 Version 1809 for 32-bit Systems
         Windows 10 Version 1809 for ARM64-based Systems
         Windows 10 Version 1809 for x64-based Systems
         Windows 10 Version 1903 for 32-bit Systems
         Windows 10 Version 1903 for ARM64-based Systems
         Windows 10 Version 1903 for x64-based Systems
         Windows 10 Version 1909 for 32-bit Systems
         Windows 10 Version 1909 for ARM64-based Systems
         Windows 10 Version 1909 for x64-based Systems
         Windows 10 Version 2004 for 32-bit Systems
         Windows 10 Version 2004 for ARM64-based Systems
         Windows 10 Version 2004 for x64-based Systems
         Windows 10 Version 20H2 for 32-bit Systems
         Windows 10 Version 20H2 for ARM64-based Systems
         Windows 10 Version 20H2 for x64-based Systems
         Windows 10 for 32-bit Systems
         Windows 10 for x64-based Systems
         Windows 8.1 for 32-bit systems
         Windows 8.1 for x64-based systems
         Windows RT 8.1
         Windows Server 2012
         Windows Server 2012 (Server Core installation)
         Windows Server 2012 R2
         Windows Server 2012 R2 (Server Core installation)
         Windows Server 2016
         Windows Server 2016  (Server Core installation)
         Windows Server 2019
         Windows Server 2019  (Server Core installation)
         Windows Server, version 1903 (Server Core installation)
         Windows Server, version 1909 (Server Core installation)
         Windows Server, version 2004 (Server Core installation)
         Windows Server, version 20H2 (Server Core Installation)


IMPACT

        Microsoft has given the following details regarding these vulnerabilities.
        
         Details         Impact                   Severity
         ADV200013       Spoofing                 Important
         CVE-2020-16958  Elevation of Privilege   Important
         CVE-2020-16959  Elevation of Privilege   Important
         CVE-2020-16960  Elevation of Privilege   Important
         CVE-2020-16961  Elevation of Privilege   Important
         CVE-2020-16962  Elevation of Privilege   Important
         CVE-2020-16963  Elevation of Privilege   Important
         CVE-2020-16964  Elevation of Privilege   Important
         CVE-2020-16996  Security Feature Bypass  Important
         CVE-2020-17092  Elevation of Privilege   Important
         CVE-2020-17094  Information Disclosure   Important
         CVE-2020-17095  Remote Code Execution    Critical
         CVE-2020-17096  Remote Code Execution    Important
         CVE-2020-17097  Elevation of Privilege   Important
         CVE-2020-17098  Information Disclosure   Important
         CVE-2020-17099  Security Feature Bypass  Important
         CVE-2020-17103  Elevation of Privilege   Important
         CVE-2020-17134  Elevation of Privilege   Important
         CVE-2020-17136  Elevation of Privilege   Important
         CVE-2020-17137  Elevation of Privilege   Important
         CVE-2020-17138  Information Disclosure   Important
         CVE-2020-17139  Security Feature Bypass  Important
         CVE-2020-17140  Information Disclosure   Important


MITIGATION

        Microsoft recommends updating the software with the version made
        available on the Microsoft Update Catalogue for the following
        Knowledge Base articles. [1].
        
         KB4592446, KB4592464, KB4592497, KB4586830, KB4592440
         KB4586786, KB4592495, KB4586781, KB4592438, KB4592468
         KB4592484, KB4592449, KB4593226, KB4586793


REFERENCES

        [1] Security Update Guide
            https://portal.msrc.microsoft.com/en-us/security-guidance

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX9AhyuNLKJtyKPYoAQhMkw//YAYsN5lrCk9XYmpYHPMNo5CTOtB2C7KA
Jg8NPHX3nEgZI3Jc+2AHT9s7qlhPj9k5bG8LU19o4Y7GW173S9N6hPYOI6AOVZne
htVSh/YwcwaagZ2Yie5D1HsqxqWb/gjgEY4VVfa01UtOvsuDWH7wHLP3OSgtT+oW
mXGmZaQ29ZYdKbIs2LqzJAx36WV1popIyvz0NyLsQVW/C0Zm79i7Y1GGH4JfGLYJ
jV43xv5H47bb5JgEAhOwyE2ptGvByIZwsAbCMCbtgSBu/c7ZWtYR5nAZWuxTD3B/
cF+gZWQF1kuvY8rXhb6cbOylhiqiYbEhqW8OjuTSqSumTIg243GcfAzgSkli4dAK
eYwvLq3vCDw6ufadr3hxPymhcWErTKTQ/8L30pFNdCVPH5IkeRgdOdQvm2GixKhR
f1mjvZ0NHeG0y/ekdPRfPZ6PIoH3zwhVOI5DJStAWMuuvalzA3J51WdNkot4BuE2
NSEkhCEJP5Ev/7iLgv+J8KnmB5uwgHD7UR0E2N379XaJ0Q6TpGTKyAfjYj4cUmVN
2ghMHONRVwmjKgs+jwioYPDzDinMTMPuZTjBDn/vYqtJeSKTfLbG8fm6db5OjnKw
t53cDSfB4SUubfLIaGCSqIUhKmwUP3RW0AGRftGHQx37VXGrC1ywZKZ5c7TPhI0N
lZJO0Sta39k=
=aHtr
-----END PGP SIGNATURE-----