VERT Threat Alert: December 2020 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s December 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-918 on Wednesday, December 9th.
In-The-Wild & Disclosed CVEs
There are no In-The-Wild or Disclosed CVEs patched this month.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.
| Tag | CVE Count | CVEs |
| Microsoft Dynamics | 4 | CVE-2020-17147, CVE-2020-17152, CVE-2020-17158, CVE-2020-17133 |
| Windows Hyper-V | 1 | CVE-2020-17095 |
| Azure Sphere | 1 | CVE-2020-17160 |
| Windows Error Reporting | 1 | CVE-2020-17094 |
| Microsoft Windows | 7 | CVE-2020-17092, CVE-2020-17103, CVE-2020-17134, CVE-2020-17136, CVE-2020-17138, CVE-2020-17139, CVE-2020-16996 |
| Microsoft Edge | 2 | CVE-2020-17131, CVE-2020-17153 |
| Windows Media | 1 | CVE-2020-17097 |
| Windows Lock Screen | 1 | CVE-2020-17099 |
| Azure SDK | 2 | CVE-2020-16971, CVE-2020-17002 |
| Visual Studio | 4 | CVE-2020-17148, CVE-2020-17150, CVE-2020-17156, CVE-2020-17159 |
| Azure DevOps | 2 | CVE-2020-17135, CVE-2020-17145 |
| Microsoft Graphics Component | 2 | CVE-2020-17135, CVE-2020-17145 |
| Windows Backup Engine | 7 | CVE-2020-16958, CVE-2020-16959, CVE-2020-16960, CVE-2020-16961, CVE-2020-16962, CVE-2020-16963, CVE-2020-16964 |
| Microsoft Exchange Server | 6 | CVE-2020-17117, CVE-2020-17132, CVE-2020-17141, CVE-2020-17142, CVE-2020-17143, CVE-2020-17144 |
| Windows SMB | 2 | CVE-2020-17096, CVE-2020-17140 |
| Microsoft Office | 10 | CVE-2020-17119, CVE-2020-17122, CVE-2020-17123, CVE-2020-17124, CVE-2020-17125, CVE-2020-17126, CVE-2020-17127, CVE-2020-17128, CVE-2020-17129, CVE-2020-17130 |
| Microsoft Office SharePoint | 5 | CVE-2020-17089, CVE-2020-17118, CVE-2020-17115, CVE-2020-17120, CVE-2020-17121 |
Other Information
There was one advisory included with the December security guidance.
Microsoft Guidance for Addressing Spoofing Vulnerability in DNS Resolver [ADV200013]
Microsoft has announced that they are aware of a DNS cache poisoning vulnerability that impacts the Windows DNS Resolver and could allow the caching of spoofed DNS packets. They have released a workaround documented in this advisory.
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tyler Reguly. Read the original post at: https://www.tripwire.com/state-of-security/vert/vert-threat-alert-december-2020-patch-tuesday-analysis/
