On Patchday in November, Microsoft will take care of Defender, Internet Explorer, Teams and Windows, among other things. Overall 112 security patches are available via Windows Update. 17 Gaps are identified with the threat level ” classified as critical “. Most of the remaining vulnerabilities are classified as ” important “.

Attacks on Windows Now a patch is available for the kernel vulnerability (CVE – 2020 – 17087) available. However, the vulnerability is not considered critical, as attackers must already have access to vulnerable computers. If this is the case, attackers could acquire higher user rights. Of these are Windows 7 to 10 and different Windows server versions affected.

Microsoft has cleaned up the description of security holes. This should enable admins to better assess the danger posed by a vulnerability at a glance.

Further details on this and other vulnerabilities are not known. As can be seen from the warning message, Microsoft has revised the display and no longer describes detailed details on gaps and possible attack scenarios.

Even more vulnerabilities A vulnerability in the Windows Network File System (NFS), for example, is considered critical. Based on the classification, it can be assumed that attacks from a distance and without authentication are possible.

In addition, attackers could use the video codec extensions AV1 and HEVC as a starting point for remote code execution Take advantage of attacks. A vulnerability in teams could also leave malicious code on the computer.

Less is more? In a blog post Microsoft justifies the modified description of security vulnerabilities with the fact that the description the threat level of a vulnerability with the help of the Common Vulnerability Scoring System (CVSS) provides more tangible information for admins. In addition to the classification of a security vulnerability, Microsoft now also lists the individual parameters that make up a CVSS classification. So you can see at first glance whether attacks from a distance are possible and whether a victim has to play along or not.

Intel CPU gap Microsoft has also released microcode updates against the Intel CPU gap Playtypus.

Windows 10 Version 2004 and 20 H2 and Windows Server 2004 and 20 H2 Windows 10 version 1903 and 1909 and Windows Server Version 1903 and 1909 Windows 10 Version 1809 and Windows Server 2019 Windows 10 Version 1803 Windows 10 version 1607 and Windows Server 2016 Windows 10 Version 1507

Note on microcode updates built into running text.

(of)