Daily Bulletin

Men's Weekly

.

  • Written by Todd Schell, Senior Product Manager, Security, Ivanti

For all of you who have asked for a pause to Patch Tuesday, you did not get exactly what you wanted for Christmas, but close. December Patch Tuesday is the lightest of 2020. Only 58 unique CVEs were resolved, nine of which are rated as Critical. There is also one advisory (ADV200013), which provides guidance for addressing a spoofing vulnerability in DNS Resolver. There were no publicly disclosed or exploited vulnerabilities this month on the Microsoft side. Adobe released a couple of low severity updates for Adobe Reader for Android and Adobe Connect. The Adobe Reader release (APSB20-67) from December 3 resolved 14 vulnerabilities, four of which were Critical. This is the more urgent release from Adobe for the month. Adobe Flash had an update for December Patch Tuesday, but it did not include any resolved vulnerabilities.

 

Of the nine critical vulnerabilities, three affect Microsoft Exchange Server, two affect SharePoint and two affect Microsoft Dynamics 365. The remaining two affect Hyper-V and Chakra Core. The SharePoint vulnerability (CVE-2020-17121) could allow an attacker to gain access to create a site and execute code remotely within the kernel.   

 

Microsoft also outlined guidance to address vulnerabilities in DNS resolver as part of Advisory 200013 (ADV200013). The vulnerability is a spoofing vulnerability in DNS resolver that could allow an attacker to exploit a DNS cache poisoning caused by IP fragmentation. An attacker could spoof the DNS packet which can be cached by the DNS forwarder or the DNS resolver. A workaround for configuring DNS servers is outlined in the advisory.

 

In a blog post Microsoft officially announced that the Service Stack Updates and Latest Cumulative Update (LCU) can now be deployed together for Windows 10 2004 and 20H2 branches. This provides a much easier deployment experience for 2004 and later branches to merge the LCU and SSU together, simplifying the experience that was a bit clunky and painful previously.


Overall, there are only three Critical updates to deploy this month. Exchange Server, SharePoint Server, and Windows 10 and Server 2016, and later cumulative updates. Consider this an early Christmas gift from Microsoft and look forward to 2021!

Business News

Tuning Strategies for Modern Trucks: Putting SCT X4 Performance to the Test

The Case for Aftermarket Tuning in Modern Trucks Factory programmers aren't trying to thrill you. They’re chasing emissions compliance, warranty safety nets, and broad market compatibility. That co...

Daily Bulletin - avatar Daily Bulletin

Automotive Expert, Raffy Sgroi, Warns: Australia is Building Snowflakes in the Desert with EV Policy

With the National Electric Vehicle Strategy due for a comprehensive review during 2026, automotive expert and senior government advisor, Raffy Sgroi, warns that Australia is rushing electric vehic...

Daily Bulletin - avatar Daily Bulletin

China Gold Coin Group Launched 2026 Chinese Dragon Silver Bullion Coin at World Money Fair in Berlin

China Gold Coin Group Co., Ltd. unveiled its 2026 Chinese Dragon Silver Bullion Coin at the World Money Fair held in Berlin, Germany, from January 29 to 31. Led by Mr Jinpu Jiao, Chairman of the Boa...

Daily Bulletin - avatar Daily Bulletin

Speed Dating For Business