Microsoft Security Bulletin Coverage for December 2020

December 8, 2020

SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of December 2020. A list of issues reported, along with SonicWall coverage information are as follows:

CVE-2020-17096 Windows NTFS Remote Code Execution Vulnerability
ASPY 136:Malformed-File dll.MP.6

CVE-2020-17121 Microsoft SharePoint Remote Code Execution Vulnerability
ASPY 135:Malformed-File cab.MP.2

CVE-2020-17140 Windows SMB Information Disclosure Vulnerability
IPS 15284 Windows SMBv2 Information Disclosure (CVE-2020-17140)

CVE-2020-17144 Microsoft Exchange Remote Code Execution Vulnerability
ASPY 134:Malformed-File exe.MP.167

CVE-2020-17152 Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
IPS 15283:Microsoft Dynamics 365 Remote Code Execution Vulnerability

CVE-2020-17158 Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
IPS 15283:Microsoft Dynamics 365 Remote Code Execution Vulnerability

Following vulnerabilities do not have exploits in the wild :
CVE-2020-16958 Windows Backup Engine Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16959 Windows Backup Engine Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16960 Windows Backup Engine Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16961 Windows Backup Engine Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16962 Windows Backup Engine Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16963 Windows Backup Engine Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16964 Windows Backup Engine Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16971 Azure SDK for Java Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-16996 Kerberos Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-17002 Azure SDK for C Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-17089 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-17092 Windows Network Connections Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-17094 Windows Error Reporting Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-17095 Hyper-V Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17097 Windows Digital Media Receiver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-17098 Windows GDI+ Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-17099 Windows Lock Screen Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-17103 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-17115 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-17117 Microsoft Exchange Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17118 Microsoft SharePoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17119 Microsoft Outlook Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-17120 Microsoft SharePoint Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-17122 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17123 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17124 Microsoft PowerPoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17125 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17126 Microsoft Excel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-17127 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17128 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17129 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17130 Microsoft Excel Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-17131 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-17132 Microsoft Exchange Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17133 Microsoft Dynamics Business Central/NAV Information Disclosure
There are no known exploits in the wild.
CVE-2020-17134 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-17135 Azure DevOps Server Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-17136 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-17137 DirectX Graphics Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-17138 Windows Error Reporting Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-17139 Windows Overlay Filter Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-17141 Microsoft Exchange Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17142 Microsoft Exchange Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17143 Microsoft Exchange Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-17145 Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-17147 Dynamics CRM Webclient Cross-site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2020-17148 Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17150 Visual Studio Code Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17153 Microsoft Edge for Android Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-17156 Visual Studio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17159 Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17160 Azure Sphere Security Feature Bypass Vulnerability
There are no known exploits in the wild.