Microsoft Security Bulletin Coverage for December 2020

By

SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of December 2020. A list of issues reported, along with SonicWall coverage information are as follows:

CVE-2020-17096 Windows NTFS Remote Code Execution Vulnerability
ASPY 136:Malformed-File dll.MP.6

CVE-2020-17121 Microsoft SharePoint Remote Code Execution Vulnerability
ASPY 135:Malformed-File cab.MP.2

CVE-2020-17140 Windows SMB Information Disclosure Vulnerability
IPS 15284 Windows SMBv2 Information Disclosure (CVE-2020-17140)

CVE-2020-17144 Microsoft Exchange Remote Code Execution Vulnerability
ASPY 134:Malformed-File exe.MP.167

CVE-2020-17152 Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
IPS 15283:Microsoft Dynamics 365 Remote Code Execution Vulnerability

CVE-2020-17158 Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
IPS 15283:Microsoft Dynamics 365 Remote Code Execution Vulnerability

Following vulnerabilities do not have exploits in the wild :
CVE-2020-16958 Windows Backup Engine Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16959 Windows Backup Engine Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16960 Windows Backup Engine Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16961 Windows Backup Engine Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16962 Windows Backup Engine Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16963 Windows Backup Engine Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16964 Windows Backup Engine Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-16971 Azure SDK for Java Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-16996 Kerberos Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-17002 Azure SDK for C Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-17089 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-17092 Windows Network Connections Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-17094 Windows Error Reporting Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-17095 Hyper-V Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17097 Windows Digital Media Receiver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-17098 Windows GDI+ Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-17099 Windows Lock Screen Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-17103 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-17115 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-17117 Microsoft Exchange Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17118 Microsoft SharePoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17119 Microsoft Outlook Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-17120 Microsoft SharePoint Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-17122 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17123 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17124 Microsoft PowerPoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17125 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17126 Microsoft Excel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-17127 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17128 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17129 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17130 Microsoft Excel Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-17131 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-17132 Microsoft Exchange Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17133 Microsoft Dynamics Business Central/NAV Information Disclosure
There are no known exploits in the wild.
CVE-2020-17134 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-17135 Azure DevOps Server Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-17136 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-17137 DirectX Graphics Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-17138 Windows Error Reporting Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-17139 Windows Overlay Filter Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-17141 Microsoft Exchange Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17142 Microsoft Exchange Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17143 Microsoft Exchange Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-17145 Azure DevOps Server and Team Foundation Services Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-17147 Dynamics CRM Webclient Cross-site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2020-17148 Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17150 Visual Studio Code Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17153 Microsoft Edge for Android Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-17156 Visual Studio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17159 Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-17160 Azure Sphere Security Feature Bypass Vulnerability
There are no known exploits in the wild.

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.