Microsoft released a final batch of security updates for 2020 that address at least 58 flaws spanning across multiple company’s products. The December Patch Tuesday fixes issues in Microsoft Windows, PowerPoint, Microsoft Outlook, Microsoft Exchange, Microsoft Kerberos, Azure DevOps, Azure Sphere, and other solutions.
It is worth noting that none of the flaws patched this month have been reported as being actively exploited in the wild.
The December 2020 Patch Tuesday includes fixes for a number of remote code execution issues affecting Microsoft Windows NTFS (CVE-2020-17096), Microsoft Exchange, Microsoft SharePoint, Microsoft Excel, Microsoft PowerPoint (CVE-2020-17124), Microsoft Visual Studio (CVE-2020-17148, CVE-2020-17156, CVE-2020-17150).
The company has also addressed a security feature bypass (SFB) bug in Kerberos (CVE-2020-16996), which allows an attacker to gain an unauthorized access to the application.
Microsoft has also provided a workaround for a spoofing vulnerability affecting the Windows DNS Resolver that allows to spoof the DNS packet which can be cached by the DNS Forwarder or the DNS Resolver.