Microsoft’s November 2020 Patch Tuesday has arrived which suggests Windows 10 directors have their work reduce out for them as a result of sheer variety of updates launched by the software program big.
With its November 2020 Patch Tuesday security update release, the corporate has launched fixes for a complete of 112 completely different vulnerabilities in its merchandise. Of the 112 vulnerabilities, 17 are categorized as vital, 93 are categorized as necessary and simply two as average.
In its newest Patch Tuesday, Microsoft has additionally launched a patch for a zero-day privilege escalation vulnerability within the Home windows Kernel Cryptography Driver (cng.sys) tracked as CVE-2020-17087. This vulnerability was not too long ago disclosed by Google’s Project Zero safety staff after its researchers detected that it was being exploited in real-world focused assaults.
Microsoft has patched vulnerabilities in plenty of its merchandise together with Azure Sphere, Microsoft Dynamics, Microsoft Alternate Server, Microsoft Workplace, Home windows 10, Visible Studio, Home windows Defender and extra and due to this, customers ought to patch their techniques now to keep away from falling sufferer to any potential assaults leveraging these vulnerabilities.
Revamped Safety Replace Information
Together with its current sequence of safety updates, Microsoft has additionally launched a brand new model of its Security Update Guide to make it simpler for customers and researchers alike to raised perceive the attributes of vulnerabilities in its software program.
In a blog post, the Microsoft Safety Response Heart supplied extra particulars on the up to date model of its Safety Replace Information, saying:
“With the launch of the brand new model of the Safety Replace Information, Microsoft is demonstrating its dedication to business requirements by describing the vulnerabilities with the Widespread Vulnerability Scoring System (CVSS). It is a exact methodology that describes the vulnerability with attributes such because the assault vector, the complexity of the assault, whether or not an adversary wants sure privileges, and many others.”
Whereas the Microsoft Security Response Center has been scoring Home windows and browser vulnerabilities since 2016, now it can rating each vulnerability and show the small print that make up that rating within the new model of its Safety Replace Information.
On the identical time, safety researchers will even now be capable to edit the columns displayed within the Safety Replace Information to indicate a vulnerability’s launch date, CVE quantity, CVE title, description, articles, FAQ, mitigations and extra.
By way of BleepingComputer