Microsoft's November 2020 Tuesday patch has arrived, meaning Windows 10 administrators have their work cut out for them due to the large number of updates released by the software giant. With its November 2020 security update patch on Tuesday, the company released fixes for a total of 112 different vulnerabilities in its products. Of the 112 vulnerabilities, 17 are rated as critical, 93 as important, and only two as moderate. In its latest patch on Tuesday, Microsoft also released a fix for a zero-day privilege escalation vulnerability in the Windows kernel cryptography driver (cng.sys) tracked as CVE-2020-17087. This vulnerability was recently disclosed by Google's Project Zero security team after its researchers detected that it was being exploited as part of real-world targeted attacks. Microsoft has patched vulnerabilities in several of its products including Azure Sphere, Microsoft Dynamics, Microsoft Exchange Server, Microsoft Office, Windows 10, Visual Studio, Windows Defender and more and for this reason users now need to patch their systems to avoid being victims of any potential attacks that exploit these vulnerabilities.
Renewed Security Update Guide
Along with its recent round of security updates, Microsoft has also released a new version of its Security Updates Guide to help users and researchers better understand the attributes of its software vulnerabilities. In a blog post, the Microsoft Security Response Center provided more details about the updated version of its security update guide, saying: "With the release of the new version of the Security Update Guide, Microsoft is demonstrating its commitment to industry standards by describing vulnerabilities with the Common Vulnerability Scoring System (CVSS). This is a precise method that describes the vulnerability with attributes like the attack vector, the complexity of the attack, whether an adversary needs certain privileges, etc. "While the Microsoft Security Response Center has been evaluating Windows and browser vulnerabilities since 2016, it will now rate each vulnerability and display the details that make up that score in the new version of its security update guide. At the same time, the researchers Security Updates will now be able to change the columns displayed in the Security Update Guide to display a vulnerability's release date, CVE number, CVE title, description, articles, and release date. , etc. Via BleepingComputer