Karlston Posted December 9, 2020 Share Posted December 9, 2020 Microsoft Windows Security Updates December 2020 overview Today is the last Microsoft Patch Day of the year 2020. Microsoft released security updates and non-security updates for all supported client and server versions of the company's Windows operating system, and updates for other company products such as Microsoft Office, Microsoft Edge, Internet Explorer, or the .NET Framework. Our Patch Day overview provides you with detailed information on released patches, security issues, and related information. You can download an Excel spreadsheet of the released security updates, check out the operating system distribution, find links to all support pages, and the list of known issues here in this guide. Check out the November 2020 Security Updates overview here in case you missed it. Microsoft Windows Security Updates December 2020 Download the following Excel spreadsheet that contains the released security updates to your system. Note that Microsoft's new platform is quite slow and that it may be possible that updates are missing. Let us know in the comments if you notice anything missing: Security Updates 2020 12 Microsoft Windows Executive Summary Microsoft released security updates for all supported versions of Windows. Security updates were also released for the following Microsoft products: Microsoft Edge (desktop and Android), Microsoft Office, Microsoft Exchange Server, Azure DevOps, Visual Studio, Azure SDK, Azure Sphere Windows 10 version 1903 has reached end of servicing today. There won't be any Preview updates for Windows in December 2020. Microsoft .NET Core updates will be offered via Windows Updates from this month on. Operating System Distribution Windows 7 (extended support only): 9 vulnerabilities: 0 critical and 9 important Windows 8.1: 5 vulnerabilities: 0 rated critical and 5 rated important Windows 10 version 1809: 19 vulnerabilities: 1 critical and 18 important CVE 2020 17095 -- Hyper-V Remote Code Execution Vulnerability Windows 10 version 1903 and 1909: 18 vulnerabilities: 1 critical and 17 important CVE 2020 17095 -- Hyper-V Remote Code Execution Vulnerability Windows 10 version 2004 and 20H2: 19 vulnerabilities, 1 critical, 18 important CVE 2020 17095 -- Hyper-V Remote Code Execution Vulnerability Windows Server products Windows Server 2008 R2 (extended support only): 9 vulnerabilities: 0 critical and 9 important Windows Server 2012 R2: 6 vulnerabilities: 0 critical and 6 important. Windows Server 2016: 16 vulnerabilities: 1 critical and 15 important. CVE 2020 17095 -- Hyper-V Remote Code Execution Vulnerability Windows Server 2019: 20 vulnerabilities: 1 critical and 19 are important CVE 2020 17095 -- Hyper-V Remote Code Execution Vulnerability Other Microsoft Products Internet Explorer 11: 0 vulnerabilities: Microsoft Edge (classic): 1 vulnerabilities: 1 critical CVE 2020 17131 -- Chakra Scripting Engine Memory Corruption Vulnerability Microsoft Edge (Chromium) see here (latest security patches from the Chromium project) Windows Security Updates Windows 7 SP1 and Windows Server 2008 R2 Monthly Rollup: KB4592471 Security-only: KB4592503 Updates and improvements: Fixed a security vulnerability by preventing programs that runs as System from printing to FILE ports. Security updates Windows 8.1 and Windows Server 2012 R2 Monthly Rollup: KB4592484 Security-only: KB4592495 Updates and improvements: Fixed an issue that prevented PDF24 Creator version 9.1.1 from opening .txt files. (Monthly Rollup only) Fixed a security vulnerability by preventing programs that runs as System from printing to FILE ports. Security updates Windows 10 version 1809 Support page: KB4592440 Updates and improvements: Fixed a security vulnerability by preventing programs that runs as System from printing to FILE ports. Security updates Windows 10 version 1903 and 1909 Support page: KB4592449 Updates and improvements: Fixed a security vulnerability by preventing programs that runs as System from printing to FILE ports. Security updates Windows 10 version 2004 and 20H2 Support page: KB4592438 Updates and improvements: Fixed a security vulnerability by preventing programs that runs as System from printing to FILE ports. Security updates Other security updates KB4592468 -- 2020-12 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012 (KB4592468) KB4592497 -- 2020-12 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012 (KB4592497) KB4592498 -- 2020-12 Security Monthly Quality Rollup for Windows Server 2008 (KB4592498) KB4592504 -- 2020-12 Security Only Quality Update for Windows Server 2008 (KB4592504) KB4592464 -- 2020-12 Cumulative Update for Windows 10 Version 1507 (KB4592464) KB4593226 -- 2020-12 Cumulative Update for Windows Server 2016 and Windows 10 Version 1607 (KB4593226) KB4592473 -- 2020-12 Cumulative Update for Windows 10 Version 1703 (KB4592473) KB4592446 -- 2020-12 Cumulative Update for Windows 10 Version 1803 (KB4592446) Servicing Stack Updates: 2020-12 Servicing Stack Update for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB4592510) 2020-12 Servicing Stack Update for Windows Server, version 20H2, Windows 10 Version 20H2, Windows Server, version 2004, and Windows 10 Version 2004 (KB4593175) Known Issues Windows 7 SP1 and Windows Server 2008 R2 Updates will fail to install with the error "“Failure to configure Windows updates. Reverting Changes. Do not turn off your computer" if ESU is not supported or activated. Certain operations may fail on cluster shared volumes. Workarounds available. Windows 8.1 and Server 2012 R2 Certain operations may fail on cluster shared volumes. Workarounds available. Windows 10 version 1809 Devices with "some" Asian language packs may throw the error "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.". Microsoft suggests to either try and uninstall the language packs and make sure that a recent version of Windows 10 is installed, or to reset the PC. Windows 10 version 1903 and 1909 System and user certificates may be lost when updating a device from Windows 10 version 1809 or later, to a later version of Windows 10. Does not affect Windows Update devices or Windows Update for business devices. Workaround available. Windows 10 version 2004 and 20H2 System and user certificates may be lost when updating a device from Windows 10 version 1809 or later, to a later version of Windows 10. Does not affect Windows Update devices or Windows Update for business devices. Workaround available. The correct Furigana characters may not be displayed when using the Microsoft Japanese Input Method Editor. Microsoft is working on a resolution. Security advisories and updates ADV 200013 -- Microsoft Guidance for Addressing Spoofing Vulnerability in DNS Resolver ADV 990001 -- Latest Servicing Stack Updates Non-security related updates Microsoft Office Updates You find Office update information here. How to download and install the December 2020 security updates Updates are already available via Windows Updates and other update management systems. Default Windows installations are configured to find and install updates automatically, but it is also possible to download updates manually to install them. Tip: it is essential that you create a backup of the system before you install Windows updates as things may go wrong and backups help you restore the previous status quo. You can check manually for updates in the following way: Open the Start Menu of the Windows operating system, type Windows Update and select the result. Select check for updates in the application that opens. Updates may be installed automatically when they are found or offered by Windows; this depends on the operating system and version that is used, and update settings. Direct update downloads Below are resource pages with direct download links, if you prefer to download the updates to install them manually. Windows 7 and Server 2008 R2 KB4592471 -- 2020-12 Security Monthly Quality Rollup for Windows 7 KB4592503 -- 2020-12 Security Only Quality Update for Windows 7 Windows 8.1 and Windows Server 2012 R2 KB4592484 -- 2020-12 Security Monthly Quality Rollup for Windows 8.1 KB4592495 -- 2020-12 Security Only Quality Update for Windows 8.1 Windows 10 (version 1809) KB4592440 -- 2020-12 Cumulative Update for Windows 10 Version 1809 Windows 10 (version 1903) KB4592449 -- 2020-12 Cumulative Update for Windows 10 Version 1903 Windows 10 (version 1909) KB4592449 -- 2020-12 Cumulative Update for Windows 10 Version 1909 Windows 10 (version 2004) KB4592438 -- 2020-12 Cumulative Update for Windows 10 Version 2004 Windows 10 (version 20H2) KB4592438 -- 2020-12 Cumulative Update for Windows 10 Version 20H2 Microsoft Windows Security Updates December 2020 overview Link to comment Share on other sites More sharing options...
Karlston Posted December 9, 2020 Author Share Posted December 9, 2020 Patch Tuesday, Good Riddance 2020 Edition Microsoft today issued its final batch of security updates for Windows PCs in 2020, ending the year with a relatively light patch load. Nine of the 58 security vulnerabilities addressed this month earned Microsoft’s most-dire “critical” label, meaning they can be abused by malware or miscreants to seize remote control over PCs without any help from users. Mercifully, it does not appear that any of the flaws fixed this month are being actively exploited, nor have any them been detailed publicly prior to today. The critical bits reside in updates for Microsoft Exchange Server, Sharepoint Server, and Windows 10 and Server 2016 systems. Additionally, Microsoft released an advisory on how to minimize the risk from a DNS spoofing weakness in Windows Server 2008 through 2019. Some of the sub-critical “important” flaws addressed this month also probably deserve prompt patching in enterprise environments, including a trio of updates tackling security issues with Microsoft Office. “Given the speed with which attackers often weaponize Microsoft Office vulnerabilities, these should be prioritized in patching,” said Allan Liska, senior security architect at Recorded Future. “The vulnerabilities, if exploited, would allow an attacker to execute arbitrary code on a victim’s machine. These vulnerabilities affect Microsoft Excel 2013 through 2019, Microsoft 365 32 and 64 bit versions, Microsoft Office 2019 32 and 64 bit versions, and Microsoft Excel for Mac 2019.” We also learned this week that Redmond quietly addressed a scary “zero-click” vulnerability in its Microsoft Teams platform that would have let anyone execute code of their choosing just by sending the target a specially-crafted chat message to a Teams users. The bug was cross-platform, meaning it could also have been used to deliver malicious code to people using Teams on non-Windows devices. Researcher Oskars Vegeris said in a proof-of-concept post to Github that he reported the flaw to Microsoft at the end of August, but that Microsoft didn’t assign the bug a Common Vulnerabilities and Exposure (CVE) rating because it has a policy of not doing so for bugs that can be fixed from Microsoft’s end without user interaction. According to Vegeris, Microsoft addressed the Teams flaw at the end of October. But he said the bug they fixed was the first of five zero or one-click remote code execution flaws he has found and reported in Teams. Reached via LinkedIn, Vegeris declined to say whether Microsoft has yet addressed the remaining Teams issues. Separately, Adobe issued security updates for its Prelude, Experience Manager and Lightroom software. There were no security updates for Adobe Flash Player, which is fitting considering Adobe is sunsetting the program at the end of the year. Microsoft is taking steps to remove Flash from its Windows browsers, and Google and Firefox already block Flash by default. It’s a good idea for Windows users to get in the habit of updating at least once a month, but for regular users (read: not enterprises) it’s usually safe to wait a few days until after the patches are released, so that Microsoft has time to iron out any chinks in the new armor. But before you update, please make sure you have backed up your system and/or important files. It’s not uncommon for a Windows update package to hose one’s system or prevent it from booting properly, and some updates have been known to erase or corrupt files. So do yourself a favor and backup before installing any patches. Windows 10 even has some built-in tools to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once. And if you wish to ensure Windows has been set to pause updating so you can back up your files and/or system before the operating system decides to reboot and install patches on its own schedule, see this guide. Patch Tuesday, Good Riddance 2020 Edition Link to comment Share on other sites More sharing options...
funkyy Posted December 10, 2020 Share Posted December 10, 2020 Manually updated my Win 7 (x64) with the Security Only update and the December SSU, and all went smoothly, as it has done since January. Link to comment Share on other sites More sharing options...
3175x175(CURRENT).thumb.jpg.b05acc060982b36f5891ba728e6d953c.jpg)
Recommended Posts
Archived
This topic is now archived and is closed to further replies.