Microsoft released a November patch that corrects 112 newly discovered security vulnerabilities in the software giant’s products.
Of the 112 vulnerabilities that were fixed, 17 were rated critical, 93 were rated important, and 2 were moderate.
The fixes include a fix for the privilege escalation flaw in the Windows kernel encryption driver CVE-2020-17087, a flaw that the Project Zero team from Google discovered last week.
Microsoft has classified the CVE-2020-17087 vulnerability as significant in terms of severity, and an attacker interested in exploiting the flaw needs to have physical access to the various installations of Windows Server, Windows 10, Windows 7, Windows 8.1, or Windows RT affected by the flaw.
Security updates include a range of programs, including Microsoft Windows, Office, Office Services, Web Apps, Internet Explorer, Edge, Exchange Server, Microsoft Dynamics, Windows Codecs Library, Azure Sphere, Windows Defender, Microsoft Teams, and Visual Studio.
The update fixes a number of RCE remote code execution vulnerabilities that affect Exchange Server, Network File System, and Microsoft Teams, as well as a security override bug in Windows Hyper-V virtualization software.
The CVE-2020-17051 vulnerability has a rating of 9.8 out of 10, making it a serious security vulnerability, however, Microsoft said: The complexity of the attack – the circumstances beyond the attacker’s control that must exist in order to exploit the vulnerability – makes it low.
Other critical flaws that Microsoft fixed this month include memory corruption vulnerabilities in Microsoft Scripting Engine and Internet Explorer, and several RCE remote code execution flaws in the HEVC video extension codecs library.
As with critical vulnerabilities, the warnings associated with these security vulnerabilities are understated and information about how the RCE remote code execution flaws or any Windows Hyper-V security feature is being bypassed.
Microsoft strongly recommends that Windows users and system administrators apply the latest security patches to resolve the threats associated with these issues.