What can we help you with?

Supercharged PAM

Combine the best of Session Management and Credential Management solutions at a new, incredible value!

Learn More Learn More
Contact Chat with Sales Get Support

What is BeyondTrust?

Get a closer look inside the BeyondTrust identity & access security arsenal.

Learn More Learn More
Contact Chat with Sales Get Support

Gartner Peer Insights

Find out how customers & analysts alike review BeyondTrust.

Learn More Learn More
Contact Chat with Sales Get Support

Go Beyond Customer & Partner Conference

Our biggest customer conference of the year is happening in Miami and virtually on May 1-5, 2023.

Learn More Learn More
Contact Chat with Sales Get Support

Watch Our Video

Find out more about our integrations.

Learn More Learn More
Contact Chat with Sales Get Support

Leader in Intelligent Identity & Secure Access

Learn how BeyondTrust solutions protect companies from cyber threats.

Learn More Learn More
Contact Chat with Sales Get Support
Contact Chat with Sales Get Support

Welcome to the last Patch Tuesday of 2020! Nine vulnerabilities were rated as “Critical” this month by Microsoft out of the 58 security vulnerabilities total. None of the vulnerabilities were under active exploit prior to patching, nor were they disclosed to the public.

Microsoft Exchange Server

Microsoft Exchange was patched for three vulnerabilities, two of which were Critical and allowed for an authenticated attacker to execute arbitrary code as System on the Exchange Server. The attacks required no user interaction to be exploited. This could then completely compromise the server, as the attacker could create administrative accounts with full rights on the system.

SharePoint Server

Microsoft Sharepoint was also patched for a Critical vulnerability that required user interaction. An unauthenticated attacker could execute arbitrary code within the context of the current user on the client machine. This again is a reminder to always operate under the principles of least privilege.

Hyper-V

Windows 10 and Server 2016/2019 systems received a critical update for Hyper-V that allowed for a user with low privilege levels to execute code remotely on the host as System. This would then completely compromise the host device. Microsoft deems this vulnerability as critically severe but less likely for exploit due to the attack complexity.

Microsoft Edge

Microsoft Edge was patched for a Chakra Scripting Engine vulnerability. Due to improper memory management, an attacker could remotely execute code on the system if they could trick the user to interacting with malicious content. Microsoft rates this vulnerability as Critical but deems that exploitation is less likely due to the complexity of launching the attack.

Microsoft Dynamics

Microsoft Dynamics for Finance and Operations is vulnerable to a low-complexity, remote, unauthenticated attack that results in remote code execution with no user interaction. Because the attack is so simple to pull off, exploitation is more likely in the coming months. Admins should patch as soon as possible to protect against this vulnerability, which is rated as Critical by Microsoft.

Author, BeyondTrust Research Team

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Up next

You May Also Be Interested In: