Skip to main content
PDQ.com mobilePDQ.com desktop
Support

November 2020 Patch Tuesday Vulnerabilities

Jordan HammondJordan Hammond
·

Another Patch Tuesday is here, and we are back into the triple digits. It is almost a relief; last month was such an outlier that I assumed an error in reporting. It looks like for November, 112 vulnerabilities are being patched, with 17 being rated as critical. One is actively being exploited. Microsoft has rolled out its new Security update guide, and with that comes much less information on what is being patched. So I suppose we will see below how close I can make this similar to previous month’s blogs.

Some Highlights (Or Lowlights)

CVE-2020-17087 - This one was disclosed by Google late last month. It is combined with a Chrome bug that will allow an attacker to escape the browser sandbox and execute code on the target system. This one is considered actively used and known. Even being known, the patch is deemed to be Important, not Critical, which seems odd.

CVE-2020-17051 - This vulnerability has to do with NFS. Without seeing more information about this, I can tell you that it is rated a 9.8 on CVSS, which is just about as bad as can be. The complexity required is low, and it does not require user interaction. Add those together, and I think it is safe to assume this one will be getting a name as more information is released. 

CVE-2020-17042 - This is a vulnerability for the Print Spooler Service. It also has a low complexity for an attack, but it does require user interaction, so it is not as big a risk as we assume CVE-2020-17051 is. 

In Review

While we lack as much information as we used to have, based on context clues, we can gather that this one has some pretty severe issues that we want to get patched as soon as possible. It has known exploits and exploits based on what we have looked like; it could be wormable. Overall, 24 vulnerabilities can be attacked by Remote Execution, and 2(one for Sharepoint CVE-2020-17061) does not require user interaction to exploit. So test quickly and patch soon.

Ready to get started with PDQ Deploy & Inventory? Work less, automate more.

Start your 14-day free trial
Sign up in seconds

Don't miss the next post!

Release of PDQ Deploy and PDQ Inventory 19.2.137.0

Announcing PDQ Inventory and PDQ Deploy 19.2.137.0

PDQ.com
© 2020 PDQ.com Corporation

Products

  • PDQ Deploy
  • PDQ Inventory
  • PDQ Link
  • Enterprise SL
  • Pricing
  • Downloads
  • Licensing
  • Buy