BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    Use Cases and Industries
    See All Products
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

December 2020 Patch Tuesday

December 9, 2020

  • Blog
  • Archive

Welcome to the last Patch Tuesday of 2020! Nine vulnerabilities were rated as “Critical” this month by Microsoft out of the 58 security vulnerabilities total. None of the vulnerabilities were under active exploit prior to patching, nor were they disclosed to the public.

Microsoft Exchange Server

Microsoft Exchange was patched for three vulnerabilities, two of which were Critical and allowed for an authenticated attacker to execute arbitrary code as System on the Exchange Server. The attacks required no user interaction to be exploited. This could then completely compromise the server, as the attacker could create administrative accounts with full rights on the system.

SharePoint Server

Microsoft Sharepoint was also patched for a Critical vulnerability that required user interaction. An unauthenticated attacker could execute arbitrary code within the context of the current user on the client machine. This again is a reminder to always operate under the principles of least privilege.

Hyper-V

Windows 10 and Server 2016/2019 systems received a critical update for Hyper-V that allowed for a user with low privilege levels to execute code remotely on the host as System. This would then completely compromise the host device. Microsoft deems this vulnerability as critically severe but less likely for exploit due to the attack complexity.

Microsoft Edge

Microsoft Edge was patched for a Chakra Scripting Engine vulnerability. Due to improper memory management, an attacker could remotely execute code on the system if they could trick the user to interacting with malicious content. Microsoft rates this vulnerability as Critical but deems that exploitation is less likely due to the complexity of launching the attack.

Microsoft Dynamics

Microsoft Dynamics for Finance and Operations is vulnerable to a low-complexity, remote, unauthenticated attack that results in remote code execution with no user interaction. Because the attack is so simple to pull off, exploitation is more likely in the coming months. Admins should patch as soon as possible to protect against this vulnerability, which is rated as Critical by Microsoft.

Author, BeyondTrust Research Team

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Up next

From December 8, 2020:
BeyondTrust Extends Support for Securely Managing Cloud Infrastructure with Latest Release of DevOps Secrets Safe
From December 10, 2020:
BeyondTrust Wins “Diversity in Tech Employer Award”, A Culmination of Expanded Inclusion Initiatives in 2020

You May Also Be Interested In:

Whitepapers

Mapping BeyondTrust Solutions to the Identity, Credential, and Access Management (ICAM) Architecture

Whitepapers

Four Key Ways Governments Can Prepare for the Growing Ransomware Threat

Whitepapers

The Operational Technology (OT) Remote Access Challenge

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.