December Patch Tuesday 2020

Copyright © 2020 Ivanti. All rights reserved.
Patch Tuesday Webinar
Wednesday, December 9, 2020
Hosted by: Chris Goettl & Todd Schell
Dial in: 1-877-668-4490 (US)
Event ID: 177 920 8201

Agenda
December 2020 Patch Tuesday Overview
In the News & 2021 Predictions
Bulletins and Releases
Between Patch Tuesdays
Q & A
1
2
3
4
5

Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved.
Overview

In the News

In the News
Source: Microsoft
 Advisory 200013: Spoofing Vulnerability in DNS Resolver
 https://msrc.microsoft.com/update-guide/vulnerability/ADV200013
 SSUs and LCUs in one Update
 https://techcommunity.microsoft.com/t5/windows-it-pro-blog/deploy-windows-
ssus-and-lcus-together-with-one-cumulative-update/ba-p/1967887
 CentOS Project Shifts Focus to CentOS Stream
 https://lists.centos.org/pipermail/centos-announce/2020-
December/048208.html

Adobe Flash End of Life
 December 31st is the official End of Life of Adobe Flash
 https://www.adobe.com/products/flashplayer/end-of-life.html
 Adobe Enterprise EoL Page
 https://www.adobe.com/products/flashplayer/enterprise-end-of-life.html
 Remove Flash Player:
 Versions installed through Windows, IE, Edge: KB4577586 (Security Tool)
 https://support.microsoft.com/en-us/help/4577586/update-for-removal-of-adobe-flash-player
 Versions installed through other means:
 https://helpx.adobe.com/flash-player/kb/uninstall-flash-player-windows.html
 https://helpx.adobe.com/flash-player/kb/uninstall-flash-player-mac-os.html
Source: Microsoft

Microsoft Patch Tuesday Updates of Interest
 Advisory 990001 Latest Servicing Stack Updates (SSU)
 https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001
 Updated SSUs this month
 Windows 7/Server 2008 R2
 Windows 10 2004/Windows Server 2004
 Windows 10 20H2/Windows Server 20H2
 Development Tool and Other Updates
 Azure DevOps Server 2019-2020
 Azure SDK for Java
 Azure Sphere
 C SDK for Azure IoT
 Microsoft Visual Studio 2017-2019
 Team Foundation Server 2015-2018
 Visual Studio Code Source: Microsoft

Windows 10 Lifecycle Awareness
 Windows 10 Branch Support
Source: Microsoft

Windows 10 Lifecycle Awareness (cont)
 Enterprise LTSB/LTSC Support
 Complete Lifecycle Fact Sheet
 https://docs.microsoft.com/en-us/lifecycle/faq/windows
 https://docs.microsoft.com/en-us/lifecycle/products/windows-server
 https://docs.microsoft.com/en-us/lifecycle/products/windows-10-enterprise-
and-education
Source: Microsoft

Patch Content Announcements
 Announcements Posted on Community Forum Pages
 https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
 Subscribe to receive email for the desired product(s)

2021 Predictions: Ransomware Escalation
In October 2020, the Department of the Treasury issued an advisory stating that
facilitating ransomware payments with a Sanctions Nexus could result in legal
ramifications or fees, starting us off on the path to trying to curb the rapid
increase in ransom payments. This is an escalation toward trying to reduce
ransomware payments, but it also puts victims in an even tighter spot as they
are often paying for data to not go public more than to recover from the
encryption and disruption to their environments. Escalation is needed, but not
after a company has already fallen victim. In 2021, we will see this escalation
continue, but it will take shape as more clearly defined steps companies should
be taking and fines or ramifications if they fail to do their due diligence.

2021 Predictions: User is the new Perimeter
The world has been shifting away from traditional networks to hybrid cloud-
prem and device agnostic, an existing trend that was accelerated by COVID-19.
Since COVID, perimeters have changed more drastically. Threat actors will
continue to target remote workers. Remote Desktop Protocol (RDP) and Virtual
Private Network (VPN) technologies alone will leave companies exposed. To
regain control and provide more fluid perimeters to securely control who has
access to applications and data, companies will turn to Zero Trust Access
Control.

2021 Predictions: Vulnerability Lifecycle
Management
 Vulnerability remediation will continue to be a struggle for many organizations.
The median time to cre
ate a functional exploit is 22 days. The average shelf life of an exploit is seven
years. Threat actors can move faster than most companies and are getting long
life out of the exploits they create. To stay ahead of attackers, companies will
look to improve visibility and telemetry to understand trending exploits and to
mitigate or eliminate these vulnerabilities to significantly reduce their exposure.

A Call to Help Design
 Join our Co-Design Team
 https://www.surveymonkey.com/r/R3XWV3T
Source: Microsoft
Vulnerability
Assessment
Open
Security
Incident
Patch
Assessment
Open
Change
Request
Patch
Remediation
(Delegated)
Repeat
Process
1 2 3 4 5
Continuous Vulnerability Management

Bulletins and Releases

MS20-12-W10: Windows 10 Update
 Maximum Severity: Critical
 Affected Products: Microsoft Windows 10 Versions 1607, 1709, 1803, 1809, 1903,
1909, 2004, 20H2, Server 2016, Server 2019, Server version 1709, Server version
1803, Server version 2004, IE 11, Legacy Edge and Edge Chromium
 Description: This bulletin references 10KB articles. See KBs for the list of changes.
 Impact: Remote Code Execution, Security Feature Bypass, Spoofing, Elevation of
Privilege and Information Disclosure
 Fixes 23 Vulnerabilities: No vulnerabilities are publicly disclosed or known
exploited. See the Security Update Guide for the complete list of CVEs.
 Restart Required: Requires restart
 Known Issues: See next slides

December Known Issues for Windows 10
 KB 4593226 – Windows 10, Version 1607 and Server 2016
 [Min Password] After installing KB4467684, the cluster service may fail to start with
the error “2245 (NERR_PasswordTooShort)” if the group policy “Minimum
Password Length” is configured with greater than 14 characters. Workaround:
Set the domain default "Minimum Password Length" policy to less than or equal to
14 characters. Microsoft is working on a resolution.
 KB 4592440 – Windows 10, Version 1809, Server 2019 All Versions
 [Asian Packs] After installing KB 4493509, devices with some Asian language
packs installed may receive the error, "0x800f0982 -
PSFX_E_MATCHING_COMPONENT_NOT_FOUND.“ Workaround: Uninstall
and reinstall any recently added language packs or select Check for Updates and
install the April 2019 Cumulative Update. See KB for more recovery details.
Microsoft is working on a resolution.

December Known Issues for Windows 10 (cont)
 KB 4592449 – Windows 10 version 1903, Windows Server version
1903, Windows 10 version 1909, Windows Server version 1909
 [Outdated Updates] System and user certificates might be lost when updating a
device from Windows 10, version 1809 or later to a later version of Windows 10.
This primarily happens when managed devices are updated using outdated
bundles or media through an update management tool such as Windows Server
Update Services (WSUS) or Microsoft Endpoint Configuration Manager.
Note: Devices using Windows Update for Business or that connect directly to
Windows Update are not impacted.
Workaround: If you have already encountered this issue on your device, you can
mitigate it within the uninstall window by going back to your previous version of
Windows. The uninstall window might be 10 or 30 days depending on the
configuration of your environment and the version you’re updating to. See
directions here.
Microsoft is working on a resolution.

December Known Issues for Windows 10 (cont)
 KB 4592438 – Windows 10 version 2004, Windows Server version
2004, Windows 10 version 20H2, Windows Server version 20H2
 [Editor] Users of the Microsoft Input Method Editor (IME) for Japanese or Chinese
languages might experience issues when attempting various tasks. You might
have issues with input, receive unexpected results, or might not be able to enter
text.
For more information about the issues, workaround steps, and the currently
resolved issues, please see KB 4564002.
 [Outdated Updates]

MS20-12-EXCH: Security Updates for Exchange Server
 Affected Products: Microsoft Exchange Server 2013 - 2019
 Description: This security update fixes vulnerabilities in Microsoft
Exchange. This bulletin is based on KBs 4593465, 4593466, and
4593467.
 Impact: Remote Code Execution and Information Disclosure
 Fixes 6 Vulnerabilities: No CVEs are publicly disclosed or known
exploited. CVE-2020-17117, CVE-2020-17132, CVE-2020-17141,
CVE-2020-17142, CVE-2020-17143, and CVE-2020-17144 are fixed
in this release.
 Known Issues: Must install update with administrator privileges

MS20-12-SPT: Security Updates for SharePoint Server
 Affected Products: Microsoft SharePoint Enterprise Server 2013 & 2016, Microsoft
SharePoint Foundation Server 2010 and 2013, and Microsoft SharePoint Server 2010
& 2019
 Description: This security update resolves vulnerabilities in Microsoft Office that
could allow remote code execution if a user opens a specially crafted Office file. This
bulletin is based on 8 KB articles.
 Impact: Remote Code Execution, Spoofing, Elevation of Privilege and Information
Disclosure
 Fixes 6 Vulnerabilities: No CVEs are publicly disclosed or known exploited. CVE-
2020-17089, CVE-2020-17115, CVE-2020-17118, CVE-2020-17120, CVE-2020-
17121, and CVE-2020-17122 are fixed in this release.
 Known Issues: None reported

MS20-12-MR2K8-ESU: Monthly Rollup for Windows Server 2008
 Maximum Severity: Important
 Affected Products: Microsoft Windows Server 2008 and IE 9
 Description: This security update includes improvements and fixes that were a part
of update KB 4586807 (released November 10, 2020). Bulletin is based on KB
4592498. Addresses a security vulnerability by preventing applications that run as a
SYSTEM account from printing to "FILE:" ports. Security updates to Windows
Graphics and Windows Peripherals.
 Impact: Spoofing and Information Disclosure
2020-17098 is fixed in this release.
 Known Issues: [File Rename] See next slide.

November Known Issues for Server 2008
 KB 4592498 – Windows Server 2008 (Monthly Rollup)
 [File Rename] Certain operations, such as rename, that you perform on files or folders that
are on a Cluster Shared Volume (CSV) may fail with the error,
“STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform
the operation on a CSV owner node from a process that doesn’t have administrator
privilege. Workaround: Perform the operation from a process that has administrator
privilege or perform the operation from a node that doesn’t have CSV ownership. Microsoft
is working on a resolution.
 KB 4592504 – Windows Server 2008 (Security-only Update)
 [File Rename]

MS20-12-SO2K8-ESU: Security-only Update for Windows Server 2008
 Affected Products: Microsoft Windows Server 2008
 Description: Bulletin is based on KB 4592504. Addresses a security vulnerability by
preventing applications that run as a SYSTEM account from printing to "FILE:" ports.
Security updates to Windows Graphics and Windows Peripherals.
 Impact: Spoofing and Information Disclosure
2020-17098 is fixed in this release.
 Known Issues: [File Rename] See previous slide.

MS20-12-MR7-ESU: Monthly Rollup for Win 7
MS20-12-MR2K8R2-ESU Monthly Rollup for Server 2008 R2
 Affected Products: Microsoft Windows 7, Server 2008 R2, and IE
Graphics, Windows Peripherals, Windows Storage and Filesystems, and Windows File
Server and Clustering.
 Impact: Spoofing, Elevation of Privilege and Information Disclosure
 Known Issues: [File Rename]

MS20-12-SO7-ESU: Security-only Update for Win 7
MS20-12-SO2K8R2-ESU: Security-only Update for Server 2008 R2
 Affected Products: Microsoft Windows 7 and Server 2008 R2
Security updates to Windows Graphics, Windows Peripherals, Windows Storage and
Filesystems, and Windows File Server and Clustering.
 Impact: Spoofing, Elevation of Privilege and Information Disclosure

MS20-12-MR8: Monthly Rollup for Server 2012
 Affected Products: Microsoft Windows Server 2012 and IE
 Description: This security update includes improvements and fixes that were a part of
update KB 4586834 (released November 10, 2020). Bulletin is based on KB 4592468.
Addresses a security vulnerability by preventing applications that run as a SYSTEM
account from printing to "FILE:" ports. Security updates to Windows Graphics, Windows
Peripherals, and Windows Core Networking.
2020-16996, CVE-2020-17092, CVE-2020-17096, CVE-2020-17097, CVE-2020-17098,
and CVE-2020-17140 are fixed in this release.

MS20-12-SO8: Security-only Update for Windows Server 2012
 Affected Products: Microsoft Windows Server 2012
Security updates to Windows Graphics, Windows Peripherals, and Windows Core
Networking.
2020-16996, CVE-2020-17092, CVE-2020-17096, CVE-2020-17097, CVE-2020-

MS20-12-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2
 Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE
Graphics, Windows Peripherals, and Windows Core Networking.
2020-16996, CVE-2020-17092, CVE-2020-17096, CVE-2020-17097, CVE-2020-

MS20-12-SO81: Security-only Update for Win 8.1 and Server 2012 R2
 Affected Products: Microsoft Windows 8.1, Server 2012 R2
Security updates to Windows Graphics, Windows Peripherals, and Windows Core
Networking.
2020-16996, CVE-2020-17092, CVE-2020-17096, CVE-2020-17097, CVE-2020-

MS20-12-OFF: Security Updates for Microsoft Office
 Affected Products: Excel 2010-2016, Office 2010-2016, Office Online Server,
Outlook 2010-2016, Office 2019 for macOS, and Office Web Applications
 Description: This security update resolves multiple vulnerabilities in Microsoft Office
applications. Consult the Security Update Guide for specific details on each. This
bulletin references 15 KB articles plus release notes for MacOS.
 Impact: Remote Code Execution, Security Feature Bypass and Information
Disclosure
 Restart Required: Requires application restart

MS20-12-O365: Security Updates Microsoft 365 Apps and Office 2019
 Affected Products: Microsoft 365 Apps, Office 2019
 Description: This month’s update resolved various bugs and performance issues in
Microsoft 365 Apps and Office 2019 applications. Information on Microsoft 365 Apps
security updates is available at https://docs.microsoft.com/en-
us/officeupdates/microsoft365-apps-security-updates.
 Impact: Remote Code Execution, Security Feature Bypass and Information
Disclosure
 Restart Required: Requires application restart

Between Patch Tuesdays

Release Summary
 Security Updates: iTunes(1), Firefox (1), Firefox ESR (1), Google Chrome (2), Node.JD (3),
Thunderbird (2), VMware Workstation (2)
 Non-Security Updates: Adobe Acrobat DC (1), Adobe Reader DC (1), AIMP (1), Apache
Tomcat (3), BlueJeans (1), Box Edit (1), Camtasia (2), Ccleaner (1), Cisco WebEx Teams (1),
Dropbox (2), Falcon sensor for Windows (1), GoodSync (7), Google Chrome (1), Google Drive
File Stream (2), GoTo Opener (2), Jabra Direct (1), Malwarebytes (2), Nitro Pro (2), Node.JS (3),
Notepad++ (1), Opera Browser (7), PDF-Xchange PRO (1), PeaZip (1), Plex Media Server (2),
RingCentral App (3), Royal TS (1), SeaMonkey (1), Skype (1), Slack Machine-Wide Installer (6),
Snagit (1), Splunk Universal Forwarder (1), Tableau Desktop (7), Tableau Reader (1),
TeamViewer (2), Thunderbird (1), TightVNC (2), TortoiseHG (1), VMWare Workstation (2),
WinSCP (1), Zoom Client (1), Zoom Outlook Plugin (2)

Third Party CVE Information
 iTunes 12.11.0.26
 AI-201118, QAI1211026
 Fixes 6 Vulnerabilities: CVE-2020-10002, CVE-2020-27895, CVE-2020-27911,
CVE-2020-27912, CVE-2020-27917, CVE-2020-27918
 Firefox 83.0
 FF-201117, QFF830
CVE-2020-26952, CVE-2020-26953, CVE-2020-26954, CVE-2020-26955, CVE-
2020-26956, CVE-2020-26957, CVE-2020-26958, CVE-2020-26959, CVE-2020-
26960, CVE-2020-26961, CVE-2020-26962, CVE-2020-26963, CVE-2020-26964,
2020-26969
 Node.JS 15.2.1 (Current)
 NOJSC-201117, QNODEJSC1521
 Fixes 1 Vulnerability: CVE-2020-8277

Third Party CVE Information (cont)
 Node.JS 14.15.1 (LTS Upper)
 NOJSLU, QNODEJSCLU14151
 Node.JS 12.19.1 (LTS Lower)
 NOJSLL, QNODEJSCLL12191
 Firefox ESR 78.5.0
 FFE-201117, QFFE7850
2020-26960, CVE-2020-26961, CVE-2020-26965, CVE-2020-26966, CVE-2020-
26968

 Google Chrome 86.0.4240.198
 Chrome-201111, QGC8604240198
 Fixes 2 Vulnerabilities: CVE-2020-16013, CVE-2020-16017
 Google Chrome 87.0.4280.66
 Chrome-201117, QGC870428066
2020-16021, CVE-2020-16022, CVE-2020-16023, CVE-2020-16024, CVE-2020-
16025, CVE-2020-16026, CVE-2020-16027, CVE-2020-16028, CVE-2020-16029,
2020-16034, CVE-2020-16035, CVE-2020-16036

 Thunderbird 78.5.0
 TB-201119, QTB7850
 Fixes 12 Vulnerabilities: CVE-2020-15999, CVE-2020-16012, CVE-2020-26951, CVE-
2020-26953, CVE-2020-26956, CVE-2020-26958, CVE-2020-26959, CVE-2020-26960,
CVE-2020-26961, CVE-2020-26965, CVE-2020-26966, CVE-2020-26968
 Thunderbird 78.5.1
 TB-201202, QTB7851
 VMWare Workstation Player and Pro 15.5.7
 VMWP15-20119 and VMWw15-20119
 QVMWP1557 and QVMWW1557
 Fixes 8 Vulnerabilities: CVE-2020-3981, CVE-2020-3982, CVE-2020-3986, CVE-2020-
3987, CVE-2020-3988, CVE-2020-3989, CVE-2020-3990, CVE-2020-4004

Q & A

December Patch Tuesday 2020

More Related Content

What's hot

Similar to December Patch Tuesday 2020

More from Ivanti

Recently uploaded

December Patch Tuesday 2020