Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing

        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing

        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing

        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing

        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training

        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing

        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review

        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention

        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise

        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle

        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

I'VE BEEN BREACHED

Microsoft December 2020 Patch Tuesday Fixes 58 Vulnerabilities

Microsoft December 2020 Patch Tuesday Fixes 58 Vulnerabilities

Today is Microsoft’s December 2020 Patch Tuesday, and Windows administrators will be scrambling to put out fires, so be kind to them.

With the December 2020 Patch Tuesday security updates release, Microsoft has released fixes for 58 vulnerabilities and one advisory for Microsoft products. Of the 58 vulnerabilities fixed today, nine are classified as Critical, 48 as Important, and two as Moderate.

There are no zero-day or previously disclosed vulnerabilities fixed in the December 2020 updates.

For information about the non-security Windows updates, you can read about today’s Windows 10 KB4592449 & KB4592438 cumulative updates.

Guidance on disclosed DNS cache poisoning

Included in today’s Patch Tuesday updates is an advisory for a DNS cache poisoning vulnerability discovered by security researchers from Tsinghua University and the University of California.

“Microsoft is aware of a vulnerability involving DNS cache poisoning caused by IP fragmentation that affects Windows DNS Resolver. An attacker who successfully exploited this vulnerability could spoof the DNS packet which can be cached by the DNS Forwarder or the DNS Resolver,” Microsoft ADV 200013 explains.

To resolve this vulnerability, administrators can modify the Registry to change the maximum UDP packet size to 1,221 bytes. For DNS requests greater than 1,221 bytes, the DNS resolver will switch to TCP connections.

You can read more about these mitigations in our dedicated ‘Microsoft issues guidance for DNS cache poisoning vulnerability‘ article.

Also Read: 10 Practical Benefits of Managed IT Services

Vulnerabilities of interest

While there were no zero-days this month, there were quite a few vulnerabilities that are interesting.

Recent security updates from other companies

Other vendors who released security updates in October include:

The December 2020 Patch Tuesday Security Updates

Below is the full list of resolved vulnerabilities and released advisories in the December 2020 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.

TagCVE IDCVE TitleSeverity
Azure DevOpsCVE-2020-17145Azure DevOps Server and Team Foundation Services Spoofing VulnerabilityImportant
Azure DevOpsCVE-2020-17135Azure DevOps Server Spoofing VulnerabilityImportant
Azure SDKCVE-2020-17002Azure SDK for C Security Feature Bypass VulnerabilityImportant
Azure SDKCVE-2020-16971Azure SDK for Java Security Feature Bypass VulnerabilityImportant
Azure SphereCVE-2020-17160Azure Sphere Security Feature Bypass VulnerabilityImportant
Microsoft DynamicsCVE-2020-17147Dynamics CRM Webclient Cross-site Scripting VulnerabilityImportant
Microsoft DynamicsCVE-2020-17133Microsoft Dynamics Business Central/NAV Information DisclosureImportant
Microsoft DynamicsCVE-2020-17158Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution VulnerabilityCritical
Microsoft DynamicsCVE-2020-17152Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution VulnerabilityCritical
Microsoft EdgeCVE-2020-17153Microsoft Edge for Android Spoofing VulnerabilityModerate
Microsoft EdgeCVE-2020-17131Chakra Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Exchange ServerCVE-2020-17143Microsoft Exchange Information Disclosure VulnerabilityImportant
Microsoft Exchange ServerCVE-2020-17144Microsoft Exchange Remote Code Execution VulnerabilityImportant
Microsoft Exchange ServerCVE-2020-17141Microsoft Exchange Remote Code Execution VulnerabilityImportant
Microsoft Exchange ServerCVE-2020-17117Microsoft Exchange Remote Code Execution VulnerabilityCritical
Microsoft Exchange ServerCVE-2020-17132Microsoft Exchange Remote Code Execution VulnerabilityCritical
Microsoft Exchange ServerCVE-2020-17142Microsoft Exchange Remote Code Execution VulnerabilityCritical
Microsoft Graphics ComponentCVE-2020-17137DirectX Graphics Kernel Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-17098Windows GDI+ Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2020-17130Microsoft Excel Security Feature Bypass VulnerabilityImportant
Microsoft OfficeCVE-2020-17128Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-17129Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-17124Microsoft PowerPoint Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-17123Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-17119Microsoft Outlook Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2020-17125Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-17127Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-17126Microsoft Excel Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2020-17122Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2020-17115Microsoft SharePoint Spoofing VulnerabilityModerate
Microsoft Office SharePointCVE-2020-17120Microsoft SharePoint Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2020-17121Microsoft SharePoint Remote Code Execution VulnerabilityCritical
Microsoft Office SharePointCVE-2020-17118Microsoft SharePoint Remote Code Execution VulnerabilityCritical
Microsoft Office SharePointCVE-2020-17089Microsoft SharePoint Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-17136Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-16996Kerberos Security Feature Bypass VulnerabilityImportant
Microsoft WindowsCVE-2020-17138Windows Error Reporting Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-17092Windows Network Connections Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-17139Windows Overlay Filter Security Feature Bypass VulnerabilityImportant
Microsoft WindowsCVE-2020-17103Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-17134Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityImportant
Microsoft Windows DNSADV200013Microsoft Guidance for Addressing Spoofing Vulnerability in DNS ResolverImportant
Visual StudioCVE-2020-17148Visual Studio Code Remote Development Extension Remote Code Execution VulnerabilityImportant
Visual StudioCVE-2020-17159Visual Studio Code Java Extension Pack Remote Code Execution VulnerabilityImportant
Visual StudioCVE-2020-17156Visual Studio Remote Code Execution VulnerabilityImportant
Visual StudioCVE-2020-17150Visual Studio Code Remote Code Execution VulnerabilityImportant
Windows Backup EngineCVE-2020-16960Windows Backup Engine Elevation of Privilege VulnerabilityImportant
Windows Backup EngineCVE-2020-16958Windows Backup Engine Elevation of Privilege VulnerabilityImportant
Windows Backup EngineCVE-2020-16959Windows Backup Engine Elevation of Privilege VulnerabilityImportant
Windows Backup EngineCVE-2020-16961Windows Backup Engine Elevation of Privilege VulnerabilityImportant
Windows Backup EngineCVE-2020-16964Windows Backup Engine Elevation of Privilege VulnerabilityImportant
Windows Backup EngineCVE-2020-16963Windows Backup Engine Elevation of Privilege VulnerabilityImportant
Windows Backup EngineCVE-2020-16962Windows Backup Engine Elevation of Privilege VulnerabilityImportant
Windows Error ReportingCVE-2020-17094Windows Error Reporting Information Disclosure VulnerabilityImportant
Windows Hyper-VCVE-2020-17095Hyper-V Remote Code Execution VulnerabilityCritical
Windows Lock ScreenCVE-2020-17099Windows Lock Screen Security Feature Bypass VulnerabilityImportant
Windows MediaCVE-2020-17097Windows Digital Media Receiver Elevation of Privilege VulnerabilityImportant
Windows SMBCVE-2020-17096Windows NTFS Remote Code Execution VulnerabilityImportant
Windows SMBCVE-2020-17140Windows SMB Information Disclosure VulnerabilityImportant

Also Read: What Legislation Exists in Singapore Regarding Data Protection and Security?

0 Comments

Let us help you out.

Grab your free consultation NOW!

Privacy Ninja

Data Protection​

Cybersecurity

Support

Company

Locations

Singapore

7 Temasek Boulevard
#12-07, Suntec Tower One
Singapore 038987

Thailand

The Royal Place 1
2, 2/399 Mahatlek Luang 1 Alley, Lumphini, Pathum Wan, Bangkok 10330, Thailand



email-icon
Facebook Twitter Linkedin Youtube

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
TALK TO US
×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

× Chat with us