fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing

        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing

        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing

        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing

        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training

        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing

        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review

        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention

        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise

        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle

        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

I'VE BEEN BREACHED

Microsoft November 2020 Patch Tuesday Fixes 112 Vulnerabilities

Microsoft November 2020 Patch Tuesday Fixes 112 Vulnerabilities

Today is Microsoft’s November 2020 Patch Tuesday, and Windows administrators worldwide will be running around putting out fires all day, so be nice to them.

With the November 2020 Patch Tuesday security updates release, Microsoft has released fixes for 112 vulnerabilities in Microsoft products. Of the 112 vulnerabilities fixed today, 17 are classified as Critical, and 93 are classified as Important, and two as moderate.

For information about the non-security Windows updates, you can read about today’s Windows 10 KB4586786 & KB4586781 Cumulative Updates.

Zero-day vulnerability patched

Included in today’s Patch Tuesday updates is a fix for a zero-day privilege escalation vulnerability in the Windows Kernel Cryptography Driver (cng.sys).

Last week, this vulnerability was disclosed by Google Project Zero after they detected it being used in targeted attacks. 

“The bug resides in the cng!CfgAdtpFormatPropertyBlock function and is caused by a 16-bit integer truncation issue,” Google explained.

The vulnerability is currently tracked as CVE-2020-17087.

Recent security updates from other companies

Other vendors who released security updates in October include:

Also Read: What Legislation Exists in Singapore Regarding Data Protection and Security?

The November 2020 Patch Tuesday Security Updates

Below is the full list of resolved vulnerabilities and released advisories in the November 2020 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.

TagCVE IDCVE TitleSeverity
Azure DevOpsCVE-2020-1325Azure DevOps Server and Team Foundation Services Spoofing VulnerabilityImportant
Azure SphereCVE-2020-16985Azure Sphere Information Disclosure VulnerabilityImportant
Azure SphereCVE-2020-16986Azure Sphere Denial of Service VulnerabilityImportant
Azure SphereCVE-2020-16987Azure Sphere Unsigned Code Execution VulnerabilityImportant
Azure SphereCVE-2020-16984Azure Sphere Unsigned Code Execution VulnerabilityImportant
Azure SphereCVE-2020-16981Azure Sphere Elevation of Privilege VulnerabilityImportant
Azure SphereCVE-2020-16982Azure Sphere Unsigned Code Execution VulnerabilityImportant
Azure SphereCVE-2020-16983Azure Sphere Tampering VulnerabilityImportant
Azure SphereCVE-2020-16988Azure Sphere Elevation of Privilege VulnerabilityCritical
Azure SphereCVE-2020-16993Azure Sphere Elevation of Privilege VulnerabilityImportant
Azure SphereCVE-2020-16994Azure Sphere Unsigned Code Execution VulnerabilityImportant
Azure SphereCVE-2020-16970Azure Sphere Unsigned Code Execution VulnerabilityImportant
Azure SphereCVE-2020-16992Azure Sphere Elevation of Privilege VulnerabilityImportant
Azure SphereCVE-2020-16989Azure Sphere Elevation of Privilege VulnerabilityImportant
Azure SphereCVE-2020-16990Azure Sphere Information Disclosure VulnerabilityImportant
Azure SphereCVE-2020-16991Azure Sphere Unsigned Code Execution VulnerabilityImportant
Common Log File System DriverCVE-2020-17088Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Microsoft BrowsersCVE-2020-17058Microsoft Browser Memory Corruption VulnerabilityCritical
Microsoft DynamicsCVE-2020-17005Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant
Microsoft DynamicsCVE-2020-17018Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant
Microsoft DynamicsCVE-2020-17021Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant
Microsoft DynamicsCVE-2020-17006Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant
Microsoft Exchange ServerCVE-2020-17083Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Exchange ServerCVE-2020-17085Microsoft Exchange Server Denial of Service VulnerabilityImportant
Microsoft Exchange ServerCVE-2020-17084Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-16998DirectX Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-17029Windows Canonical Display Driver Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-17004Windows Graphics Component Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-17038Win32k Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-17068Windows GDI+ Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-17065Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-17064Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-17066Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-17019Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-17067Microsoft Excel Security Feature Bypass VulnerabilityImportant
Microsoft OfficeCVE-2020-17062Microsoft Office Access Connectivity Engine Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-17063Microsoft Office Online Spoofing VulnerabilityImportant
Microsoft OfficeCVE-2020-17020Microsoft Word Security Feature Bypass VulnerabilityImportant
Microsoft Office SharePointCVE-2020-17016Microsoft SharePoint Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2020-16979Microsoft SharePoint Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2020-17015Microsoft SharePoint Spoofing VulnerabilityLow
Microsoft Office SharePointCVE-2020-17017Microsoft SharePoint Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2020-17061Microsoft SharePoint Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2020-17060Microsoft SharePoint Spoofing VulnerabilityImportant
Microsoft Scripting EngineCVE-2020-17048Chakra Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2020-17053Internet Explorer Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2020-17052Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2020-17054Chakra Scripting Engine Memory Corruption VulnerabilityImportant
Microsoft TeamsCVE-2020-17091Microsoft Teams Remote Code Execution VulnerabilityImportant
Microsoft WindowsCVE-2020-17032Windows Remote Access Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-17033Windows Remote Access Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-17026Windows Remote Access Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-17031Windows Remote Access Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-17027Windows Remote Access Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-17030Windows MSCTF Server Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-17028Windows Remote Access Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-17044Windows Remote Access Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-17045Windows KernelStream Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-17046Windows Error Reporting Denial of Service VulnerabilityLow
Microsoft WindowsCVE-2020-17043Windows Remote Access Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-17042Windows Print Spooler Remote Code Execution VulnerabilityCritical
Microsoft WindowsCVE-2020-17041Windows Print Configuration Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-17034Windows Remote Access Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-17049Kerberos Security Feature Bypass VulnerabilityImportant
Microsoft WindowsCVE-2020-17051Windows Network File System Remote Code Execution VulnerabilityCritical
Microsoft WindowsCVE-2020-17040Windows Hyper-V Security Feature Bypass VulnerabilityImportant
Microsoft WindowsCVE-2020-17047Windows Network File System Denial of Service VulnerabilityImportant
Microsoft WindowsCVE-2020-17036Windows Function Discovery SSDP Provider Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-17000Remote Desktop Protocol Client Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-1599Windows Spoofing VulnerabilityImportant
Microsoft WindowsCVE-2020-16997Remote Desktop Protocol Server Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-17001Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-17057Windows Win32k Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-17056Windows Network File System Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-17055Windows Remote Access Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-17010Win32k Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-17007Windows Error Reporting Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-17014Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-17025Windows Remote Access Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-17024Windows Client Side Rendering Print Provider Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-17013Win32k Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-17011Windows Port Class Library Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-17012Windows Bind Filter Driver Elevation of Privilege VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2020-17106HEVC Video Extensions Remote Code Execution VulnerabilityCritical
Microsoft Windows Codecs LibraryCVE-2020-17101HEIF Image Extensions Remote Code Execution VulnerabilityCritical
Microsoft Windows Codecs LibraryCVE-2020-17105AV1 Video Extension Remote Code Execution VulnerabilityCritical
Microsoft Windows Codecs LibraryCVE-2020-17102WebP Image Extensions Information Disclosure VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2020-17082Raw Image Extension Remote Code Execution VulnerabilityCritical
Microsoft Windows Codecs LibraryCVE-2020-17086Raw Image Extension Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2020-17081Microsoft Raw Image Extension Information Disclosure VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2020-17079Raw Image Extension Remote Code Execution VulnerabilityCritical
Microsoft Windows Codecs LibraryCVE-2020-17078Raw Image Extension Remote Code Execution VulnerabilityCritical
Microsoft Windows Codecs LibraryCVE-2020-17107HEVC Video Extensions Remote Code Execution VulnerabilityCritical
Microsoft Windows Codecs LibraryCVE-2020-17110HEVC Video Extensions Remote Code Execution VulnerabilityCritical
Microsoft Windows Codecs LibraryCVE-2020-17113Windows Camera Codec Information Disclosure VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2020-17108HEVC Video Extensions Remote Code Execution VulnerabilityCritical
Microsoft Windows Codecs LibraryCVE-2020-17109HEVC Video Extensions Remote Code Execution VulnerabilityCritical
Visual StudioCVE-2020-17104Visual Studio Code JSHint Extension Remote Code Execution VulnerabilityImportant
Visual StudioCVE-2020-17100Visual Studio Tampering VulnerabilityImportant
Windows DefenderCVE-2020-17090Microsoft Defender for Endpoint Security Feature Bypass VulnerabilityImportant
Windows KernelCVE-2020-17035Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2020-17087Windows Kernel Local Elevation of Privilege VulnerabilityImportant
Windows NDISCVE-2020-17069Windows NDIS Information Disclosure VulnerabilityImportant
Windows Update StackCVE-2020-17074Windows Update Orchestrator Service Elevation of Privilege VulnerabilityImportant
Windows Update StackCVE-2020-17073Windows Update Orchestrator Service Elevation of Privilege VulnerabilityImportant
Windows Update StackCVE-2020-17071Windows Delivery Optimization Information Disclosure VulnerabilityImportant
Windows Update StackCVE-2020-17075Windows USO Core Worker Elevation of Privilege VulnerabilityImportant
Windows Update StackCVE-2020-17070Windows Update Medic Service Elevation of Privilege VulnerabilityImportant
Windows Update StackCVE-2020-17077Windows Update Stack Elevation of Privilege VulnerabilityImportant
Windows Update StackCVE-2020-17076Windows Update Orchestrator Service Elevation of Privilege VulnerabilityImportant
Windows WalletServiceCVE-2020-16999Windows WalletService Information Disclosure VulnerabilityImportant
Windows WalletServiceCVE-2020-17037Windows WalletService Elevation of Privilege VulnerabilityImportant

Also Read: Letter of Consent MOM: Getting the Details Right

0 Comments

Let us help you out.

Grab your free consultation NOW!

Privacy Ninja

Data Protection​

Cybersecurity

Support

Company

Locations

Singapore

7 Temasek Boulevard
#12-07, Suntec Tower One
Singapore 038987

Thailand

The Royal Place 1
2, 2/399 Mahatlek Luang 1 Alley, Lumphini, Pathum Wan, Bangkok 10330, Thailand



email-icon
Facebook Twitter Linkedin Youtube

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
TALK TO US
×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

× Chat with us