Daily Bulletin

Technology



Microsoft has released updates resolving a total of 112 unique common vulnerabilities and exposures (CVEs) this month. This puts us back up over the 110 CVE threshold. In October Microsoft did not have an update for the browsers and there was a noticeable dip in the total number of CVEs addressed. The updates this month affect the Windows Operating System, Office and Office 365, Internet Explorer, Edge, Edge Chromium, Microsoft Exchange Server, Microsoft Dynamics, Azure Sphere, Windows Defender, Microsoft Teams, Azure SDK, DevOps, ChakraCore and Visual Studio.

One vulnerability has known exploits occurring in the wild already. CVE-2020-17087 is an Elevation of Privilege vulnerability in the Windows Kernel Cryptography Driver, which allows an attacker to elevate their privileges on the system. The vulnerability affects Extended Security Update (ESU) Win 7 and Server 2008 up to the latest Windows 10 20H2 versions. While the vulnerability is only rated as Important by Microsoft, it is a zero-day vulnerability and has been publicly disclosed. This means attackers have already been detected using it in the wild and information on how to exploit it has been distributed publicly, allowing additional threat actors easy access to reproduce this exploit. CVE-2020-17087 was discovered by Google researchers as being exploited in tandem with a Google Chrome flaw (CVE-2020-15999), for which an update was made available on October 20. The two vulnerabilities should be resolved as soon as possible.

Microsoft released Windows 10 20H2 on October 21. While it is light in new features, it includes a couple of nice additions. This release brings full integration of Edge Chromium, improved task bar, better refresh rates for gaming monitors (Yay!), and a slew of fixes to the previous major branch update 2004. It’s important to note how the servicing timelines for Windows 10 branch updates play out. The H1 release is the larger “New Features” release and the H2 release is meant to provide stabilization. So, 2004 had a larger set of new features introduced, but an 18-month lifecycle from release date. 20H2 focused on stabilizing what 2004 introduced and adding a smaller set of enhancements but is meant to be the stable branch for Enterprise, Education, and IoT Enterprise editions with a 30-month lifecycle.

There are a number of Service Stack Updates this month, but the good news is that as of Windows 10 20H2 they are combining the Servicing Stack Update (SSU) with the monthly cumulative update rollup to simplify the process of updating. You would need to enable your 2004 to turn on the 20H2 update or deploy the 20H2 branch upgrade to earlier Win 10 versions, but once you do it will be smoother sailing from there on.

On the third party updates front, today was a little light, but you will want to be sure to account for some very important recent activity.

Oct 20: Google Chrome 86.0.4240.111 resolves 5 CVEs including CVE-2020-15999 (zero-day)

Nov 2: Google Chrome 86.0.4240.183 resolves 10 CVEs including CVE-2020-16009 (zero-day)

Nov 3: Adobe Acrobat and Reader APSB20-67 resolves 14 CVEs

Nov 9: Mozilla Firefox 82.0.3 and ESR 78.4.1 resolving 1 CVE (discovered in Tianfu Cup 2020 International Cybersecurity Contest)

Nov 10: Google Chrome for Android 86.0.4240.185 includes 6 CVEs including CVE-2020-16010 (zero-day)


Everything You Need To Know About The Nangs Melbourne

arrow_forward

Insulation inspiration: how to insulate your home

arrow_forward

Australians Are The Most Enthusiastic Casino Gamblers

arrow_forward

The Conversation
INTERWEBS DIGITAL AGENCY

Business News

5 Major Tips And Strategies To Overcome Communication Breakdown At The Workplace

Communication breakdown in the workplace is one of the biggest challenges for the business and its employees. Big or small, every workplace is made up of different types of people coming from dif...

NewsServices.com - avatar NewsServices.com

World leading Aussie sun safe clothing brand, SParms, sponsors PGA Legends Tour

SParms signs historic agreement with the PGA of Australia to take on the naming rights sponsorship of the PGA Legends Tour for two years. With more and more people picking up golf clubs over the ...

Tess Sanders Lazarus - avatar Tess Sanders Lazarus

Sole Trader Versus Partnership: Which Should You Choose?

In Australia, there are a few main business structures businesses can register to operate legally in the country. The two most common structures are sole trader and partnership. These structures a...

NewsServices.com - avatar NewsServices.com