Virtual Administrator’s November 2020 Patch Recommendations

Patch Recommendations

This month Microsoft released patches for 112 vulnerabilities with 17 rated “Critical” and 93 “Important” in severity.

All patches have been approved in our patch policy.

 

112 vulnerabilities patched this month. The top concern this month is CVE-2020-17087 which is an elevation of privilege vulnerability in the Windows kernel. It is being actively exploited. The vulnerability was made possible with CVE-2020-15999 patched in Google Chrome a couple weeks ago. It cannot be used to elevate privileges. Also concerning are CVE-2020-17051 and CVE-2020-17056, which is a vulnerability in the NFS Service for Windows Server. CVE-2020-17083 and CVE-2020-17084 are both remote code execution (RCE) flaws within Microsoft Exchange Server. CVE-2020-17061 is a RCE vulnerability in Microsoft SharePoint. Some new SSUs this month for Windows 10

 

Heads Up! Some problems with some Windows 10 upgrades. More information under “Known Issues” below.

 

FYI – Windows 10 version 20H2 “October 2020 Update” (OS Build 19042) was released.

What’s new for IT pros in Windows 10, version 20H2

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-new-for-it-pros-in-windows-10-version-20h2/ba-p/1800132

 

Notable News – A new Security Update Guide was posted this month. Some good ideas for streamlining the information but unfortunately it lacks a lot of the details on how bugs could be used to exploit Windows. Hopefully it will improve over the coming months.

Vulnerability Descriptions in the New Version of the Security Update Guide

https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/

 

Disclosed: CVE-2020-17087

Exploited: CVE-2020-17087

 

Security Update Guide

https://portal.msrc.microsoft.com/en-us/security-guidance

 

Morphus Labs patch dashboard here: https://patchtuesdaydashboard.com

 

Affected software include:

  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Internet Explorer
  • Microsoft Edge (EdgeHTML-based)
  • Microsoft Edge (Chromium-based)
  • ChakraCore
  • Microsoft Exchange Server
  • Microsoft Dynamics
  • Microsoft Windows Codecs Library
  • Azure Sphere
  • Windows Defender
  • Microsoft Teams
  • Azure SDK
  • Azure DevOps
  • Visual Studio

 

Microsoft Security Advisories

 

ADV990001 | Latest Servicing Stack Updates (Published:11/13/2018 | Last Updated:09/08/2020)

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001

Reason for Revision: A Servicing Stack Update has been released for some versions of Windows.

 

ADV200002 | Chromium Security Updates for Microsoft Edge (Chromium-Based) (Published:01/28/2020 | Last Updated:11/11/2020)

https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV200002

This advisory will be updated whenever Microsoft releases a version of Microsoft Edge (Chromium-based) which incorporates publicly disclosed security updates from the Chromium project. Microsoft will document separately any vulnerabilities in Microsoft Edge (Chromium-based), that are not in Chromium, under a Microsoft-assigned CVE number (see, for example: CVE-2020-1341).

 

Known Issues

  • Windows 10 upgrades from “Windows 10, version 1809 or later to a later version of Windows 10” may lose the system/user certificates. More details and a workaround is provided in the link below. Basically if you try to upgrade a system with an older image of the new version, it can cause certificate issues. This will happen if the Latest cumulative update (LCU) in the image is older than the LCU on the machine to be upgraded
  • The SharePoint Server 2016/2019 patch (KB4486717,KB4486714)may cause problem with uploads larger than 100 MB to a classic document library. A workaround is list on the link below.
  • Microsoft continues to list unresolved older problems under the Known Issues for new patches. So if you have not yet experienced one of these issues it is unlikely it will occur now.

 

“System and user certificates might be lost”

https://support.microsoft.com/en-ie/help/4586781/windows-10-update-kb4586781

Applies to: Windows 10 Version 1809/193/2004

Symptom: System and user certificates might be lost when updating a device from Windows 10, version 1809 or later to a later version of Windows 10. Devices will only be impacted if they have already installed any Latest cumulative update (LCU) released September 16, 2020 or later and then proceed to update to a later version of Windows 10 from media or an installation source which does not have an LCU released October 13, 2020 or later integrated. This primarily happens when managed devices are updated using outdated bundles or media through an update management tool such as Windows Server Update Services (WSUS) or Microsoft Endpoint Configuration Manager. This might also happen when using outdated physical media or ISO images that do not have the latest updates integrated.

Note Devices using Windows Update for Business or that connect directly to Windows Update are not impacted. Any device connecting to Windows Update should always receive the latest versions of the feature update, including the latest LCU, without any extra steps.

Workaround: If you have already encountered this issue on your device, you can mitigate it within the uninstall window by going back to your previous version of Windows using the instructions here. The uninstall window might be 10 or 30 days depending on the configuration of your environment and the version you’re updating to. You will then need to update to the later version of Windows 10 after the issue is resolved in your environment. Note Within the uninstall window, you can increase the number of days you have to go back to your previous version of Windows 10 by using the DISM command /Set-OSUninstallWindow. You must make this change before the default uninstall window has lapsed. For more information, see DISM operating system uninstall command-line options.

Status: We are working on a resolution and will provide updated bundles and refreshed media in the coming weeks.

 

“SharePoint uploads larger than 100 MB”

https://support.microsoft.com/en-us/help/4486714/security-update-for-sharepoint-server-2019-nov-10-2020

https://support.microsoft.com/en-us/help/4486717/security-update-for-sharepoint-server-2016-nov-10-2020

Applies to: SharePoint Server 2016/2019

Symptom: An error may occur when you upload a file that’s larger than 100 MB to a classic document library.

Workaround: See link above

Status: Microsoft is investigating this issue and will post more information in this article when a fix becomes available.

 

Good resource for known issues with Windows 10 patches. Click on the version in the left column for the status of known issues.

Windows 10 release information

https://docs.microsoft.com/en-us/windows/release-information/

 

Monthly Rollup/Security Only/Windows 10/Server 2016,2019 KBs

Links are https://support.microsoft.com/en-us/help/####### with the KB number only.

 

Security and Quality Rollup

  • KB4586827 – Windows 7, Windows Server 2008 R2 (ESU)
  • KB4586845 – Windows 8.1, Windows Server 2012 R2
  • KB4586834 – Windows Server 2012
  • KB4586807 – Windows Server 2008 (ESU)

 

Security Only Update

  • KB4586805 – Windows 7, Windows Server 2008 R2 (ESU)
  • KB4586823 – Windows 8.1, Windows Server 2012 R2
  • KB4586808 – Windows Server 2012
  • KB4586817 – Windows Server 2008 (ESU)

 

Cumulative Update for Windows 10

  • KB4586787 – Original release version 1507 (OS Build 10240)
  • None – Version 1511 (OS Build 10586)
  • KB4586830 – Version 1607 “Anniversary Update” (OS Build 14393)
  • KB4586782 – Version 1703 “Creators Update” (OS Build 15063)
  • None – Version 1709 “Fall Creators Update” (OS Build 16299)
  • KB4586785 – Version 1803 “Spring Creators Update” (OS Build 17134)
  • KB4586793 – Version 1809 “October 2018 Update” (OS Build 17763)
  • KB4586786 – Version 1903 “May 2019 Update” (OS Build 18362)
  • KB4586786 – Version 1909 “November 2019 Update” (OS Build 18363)
  • KB4586781 – Version 2004 “May 2020 Update” (OS Build 19041)
  • KB4586781 – Version 20H2 “October 2020 Update” (OS Build 19042)

Note: Server 2016 uses the same KB as Windows 10 Version 1607. Server 2019 uses the same KB as Windows 10 Version 1809.

 

KB4586768 – Cumulative Security Update for Internet Explorer 11

This cumulative update is included in the monthly updates listed above. It can be installed instead of the monthly to secure Internet Explorer otherwise it is “superseded” by the monthly update.

 

None – Security Update for Adobe Flash Player

 

November 2020 updates for Microsoft Office

https://support.microsoft.com/en-us/help/4583503/november-2020-updates-for-microsoft-office

 

Notable CVEs

CVE-2020-17051 – Windows Network File System Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup)

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17051

CVE-2020-17056 – Windows Network File System Information Disclosure Vulnerability

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17056

 

CVE-2020-17052 – Scripting Engine Memory Corruption Vulnerability (Cumulative Update)

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17052

CVE-2020-17053- Internet Explorer Memory Corruption Vulnerability

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17053

 

CVE-2020-17061 – Microsoft SharePoint Remote Code Execution Vulnerability

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17061

 

CVE-2020-17083/CVE-2020-17084 – Microsoft Exchange Server Remote Code Execution Vulnerability

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17083

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17084

 

CVE-2020-17087 – Windows Kernel Local Elevation of Privilege Vulnerability (Cumulative Update/Monthly Rollup)

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-17087