Virtual Administrator’s December 2020 Patch Recommendations

Patch Recommendations

This month Microsoft released patches for 58 vulnerabilities with 9 rated “Critical”, 46 “Important” and 3 “Moderate” in severity.

 

All patches have been approved in our patch policy.

 

Fewer patches this month with no new known issues reported.  At least so far nothing is being actively exploited or has been detailed publicly. There is a serious remote code execution (RCE) vulnerability (CVE-2020-17118) patched in SharePoint. Microsoft Exchange (CVE-2020-17117, CVE-2020-17132 and CVE-2020-17142) patches RCE’s with KB4593465 involving improper validation of cmdlet arguments. An RCE in Hyper-V (CVE-2020-17095) is patched.  Also a remote code execution vulnerability (CVE-2020-17096) in Windows NTFS is patched. Links and more information is under “Notable CVEs” below. There is one new advisory ADV200013 and new SSUs for Windows 7 and 10.

 

Heads Up! Adobe will end support of Flash Player on December 31, 2020.

Adobe Flash Player EOL General Information Page

https://www.adobe.com/products/flashplayer/end-of-life.html

Adobe Flash end of support on December 31, 2020

https://docs.microsoft.com/en-us/lifecycle/announcements/adobe-flash-end-of-support

 

FYI – Some problems started last month with some Windows 10 upgrades. More information under “Known Issues” below.

Only a limited number of machines are at risk. A scenario would be if you had a fully patched version of an older Windows 10 then tried to upgrade to a newer Windows 10 using an image that did not have at least the October Cumulative Update applied.

 

Adobe Flash Player EOL General Information Page

https://www.adobe.com/products/flashplayer/end-of-life.html

Adobe Flash end of support on December 31, 2020

https://docs.microsoft.com/en-us/lifecycle/announcements/adobe-flash-end-of-support

 

Disclosed: None

Exploited: None

 

Security Update Guide

https://portal.msrc.microsoft.com/en-us/security-guidance

 

Morphus Labs patch dashboard here: https://patchtuesdaydashboard.com

 

Affected software include:

  • Microsoft Windows
  • Microsoft Edge (EdgeHTML-based)
  • Microsoft Edge for Android
  • ChakraCore
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Microsoft Exchange Server
  • Azure DevOps
  • Microsoft Dynamics
  • Visual Studio
  • Azure SDK
  • Azure Sphere

 

Microsoft Security Advisories

 

ADV990001 | Latest Servicing Stack Updates (Published:11/13/2018 | Last Updated:12/08/2020)

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001

Reason for Revision: A Servicing Stack Update has been released for some versions of Windows.

 

ADV200002 | Chromium Security Updates for Microsoft Edge (Chromium-Based) (Published:01/28/2020 | Last Updated:12/08/2020)

https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV200002

This advisory will be updated whenever Microsoft releases a version of Microsoft Edge (Chromium-based) which incorporates publicly disclosed security updates from the Chromium project. Microsoft will document separately any vulnerabilities in Microsoft Edge (Chromium-based), that are not in Chromium, under a Microsoft-assigned CVE number (see, for example: CVE-2020-1341).

 

ADV200013 | Microsoft Guidance for Addressing Spoofing Vulnerability in DNS Resolver (Published:12/08/2020)

https://msrc.microsoft.com/update-guide/vulnerability/ADV200013

Reason for Revision: Microsoft is aware of a vulnerability involving DNS cache poisoning caused by IP fragmentation that affects Windows DNS Resolver. QID Detection Logic (Authenticated):

This authenticated QID will check for workaround in registry key “HKLM\SYSTEM\CurrentControlSet\Services\DNS\Parameters” ,value “MaximumUdpPacketSize” and data 1221

 

Known Issues

Starting last month Windows 10 upgrades from “Windows 10, version 1809 or later to a later version of Windows 10” may lose the system/user certificates. More details and a workaround is provided in the link below. Basically if you try to upgrade a system with an older image of the new version, it can cause certificate issues. This will happen if the Latest cumulative update (LCU) in the image is older than the LCU on the machine to be upgraded

 

Microsoft continues to list unresolved older problems under the Known Issues for new patches. So if you have not yet experienced one of these issues it is unlikely it will occur now.

 

“System and user certificates might be lost”

https://support.microsoft.com/en-us/help/4592438/windows-10-update-kb4592438

Applies to: Windows 10 Version 1809/1903/2004

Symptom: System and user certificates might be lost when updating a device from Windows 10, version 1809 or later to a later version of Windows 10. Devices will only be impacted if they have already installed any Latest cumulative update (LCU) released September 16, 2020 or later and then proceed to update to a later version of Windows 10 from media or an installation source which does not have an LCU released October 13, 2020 or later integrated. This primarily happens when managed devices are updated using outdated bundles or media through an update management tool such as Windows Server Update Services (WSUS) or Microsoft Endpoint Configuration Manager. This might also happen when using outdated physical media or ISO images that do not have the latest updates integrated.

Note Devices using Windows Update for Business or that connect directly to Windows Update are not impacted. Any device connecting to Windows Update should always receive the latest versions of the feature update, including the latest LCU, without any extra steps.

Workaround: If you have already encountered this issue on your device, you can mitigate it within the uninstall window by going back to your previous version of Windows using the instructions here. The uninstall window might be 10 or 30 days depending on the configuration of your environment and the version you’re updating to. You will then need to update to the later version of Windows 10 after the issue is resolved in your environment. Note Within the uninstall window, you can increase the number of days you have to go back to your previous version of Windows 10 by using the DISM command /Set-OSUninstallWindow. You must make this change before the default uninstall window has lapsed. For more information, see DISM operating system uninstall command-line options.

Status: We are working on a resolution and will provide updated bundles and refreshed media in the coming weeks.

 

Good resource for known issues with Windows 10 patches. Click on the version in the left column for the status of known issues.

Windows 10 release information

https://docs.microsoft.com/en-us/windows/release-information/

 

Monthly Rollup/Security Only/Windows 10/Server 2016,2019 KBs

Links are https://support.microsoft.com/en-us/help/####### with the KB number only.

 

Security and Quality Rollup

  • KB4592471 – Windows 7, Windows Server 2008 R2 (ESU)
  • KB4592484 – Windows 8.1, Windows Server 2012 R2
  • KB4592468 – Windows Server 2012
  • KB4592498 – Windows Server 2008 (ESU)

 

Security Only Update

  • KB4592503 – Windows 7, Windows Server 2008 R2 (ESU)
  • KB4592495 – Windows 8.1, Windows Server 2012 R2
  • KB4592497 – Windows Server 2012
  • KB4592504 – Windows Server 2008 (ESU)

 

Cumulative Update for Windows 10

  • KB4592464 – Original release version 1507 (OS Build 10240)
  • None – Version 1511 (OS Build 10586)
  • KB4593226 – Version 1607 “Anniversary Update” (OS Build 14393)
  • KB4592473 – Version 1703 “Creators Update” (OS Build 15063)
  • None – Version 1709 “Fall Creators Update” (OS Build 16299)
  • KB4592446 – Version 1803 “Spring Creators Update” (OS Build 17134)
  • KB4592440 – Version 1809 “October 2018 Update” (OS Build 17763)
  • KB4592449 – Version 1903 “May 2019 Update” (OS Build 18362)
  • KB4592449 – Version 1909 “November 2019 Update” (OS Build 18363)
  • KB4592438 – Version 2004 “May 2020 Update” (OS Build 19041)
  • KB4592438 – Version 20H2 “October 2020 Update” (OS Build 19042)

 

Note: Server 2016 uses the same KB as Windows 10 Version 1607. Server 2019 uses the same KB as Windows 10 Version 1809.

 

None – Security Update for Adobe Flash Player

 

December 2020 updates for Microsoft Office

https://support.microsoft.com/en-us/help/4583521/december-2020-updates-for-microsoft-office

 

 

Notable CVEs

 

CVE-2020-17095 Hyper-V Remote Code Execution Vulnerability (Cumulative Update)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17095

To exploit this vulnerability, an attacker could run a specially crafted application on a Hyper-V guest that could cause the Hyper-V host operating system to execute arbitrary code when it fails to properly validate vSMB packet data.

 

CVE-2020-17096 Windows NTFS Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17096

A local attacker could run a specially crafted application that would elevate the attacker’s privileges.

A remote attacker with SMBv2 access to a vulnerable system could send specially crafted requests over a network to exploit this vulnerability and execute code on the target system.

 

CVE-2020-17117 Microsoft Exchange Remote Code Execution Vulnerability (KB4593465)

https://msrc.microsoft.com/update-guide/en-us/vulnerability/CVE-2020-17117

 

CVE-2020-17118 Microsoft SharePoint Remote Code Execution Vulnerability (KB4493138,KB4493149,KB4486751,KB4486753)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17118

 

CVE-2020-17132 Microsoft Exchange Remote Code Execution Vulnerability (KB4593465)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17132

The vulnerability occurs due to improper validation of cmdlet arguments. The attacker must be authenticated.

 

CVE-2020-17142  Microsoft Exchange Remote Code Execution Vulnerability (KB4593465)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17142

The vulnerability occurs due to improper validation of cmdlet arguments. The attacker must be authenticated.