Microsoft’s latest patch fixes more than 100 vulnerabilities

Microsoft has begun rolling out November 2020 Patch that fixes 112 different vulnerabilities in its services. As many as 17 vulnerabilities are classified as critical while 93 are listed as important. The remaining two are classified as moderate.

The latest patch also contains a fix for a zero-day privilege escalation vulnerability, tracked as CVE-2020-1708. The bug was recently exposed by Google's Project Zero team, which claimed it was getting exploited in the wild. The vulnerability enabled hackers to escalate system privileges. Hackers also exploited another a Chrome zero-day vulnerability, tracked as CVE-2020-15999, to conduct the attacks.

“The Windows Kernel Cryptography Driver (cng.sys) exposes a \Device\CNG device to user-mode programs and supports a variety of IOCTLs with non-trivial input structures. It constitutes a locally accessible attack surface that can be exploited for privilege escalation (such as sandbox escape),” Google's Project Zero team had said in a post.

The vulnerability affected all versions of Windows 7 and Windows Server distributions.

Apart from the Windows zero-day bug, the latest update also fixes 24 vulnerabilities that could have allowed remote code execution in applications such as Excel, SharePoint, and Windows Network File system.

According to Techradar, Microsoft's November 2020 Patch covers vulnerabilities in its services such as Microsoft Exchange Server, Microsoft Office, Windows 10, Windows Defender, Visual Studio, Microsoft Dynamics, and Azure Sphere.