With its November 2020 Patch Tuesday security update release, the company has released fixes for a total of 112 different vulnerabilities in its products. Of the 112 vulnerabilities, 17 are classified as critical, 93 are classified as important and just two as moderate.
In its latest Patch Tuesday, Microsoft has also released a patch for a zero-day privilege escalation vulnerability in the Windows Kernel Cryptography Driver (cng.sys) tracked as CVE-2020-17087. This vulnerability was recently disclosed by Google's Project Zero security team after its researchers detected that it was being exploited in real-world targeted attacks.
- We've assembled a list of the best business laptops around
- Keep your network secure with the best endpoint protection software
- Also check out our roundup of the best malware removal software
Microsoft has patched vulnerabilities in a number of its products including Azure Sphere, Microsoft Dynamics, Microsoft Exchange Server, Microsoft Office, Windows 10, Visual Studio, Windows Defender and more and because of this, users should patch their systems now to avoid falling victim to any potential attacks leveraging these vulnerabilities.
Revamped Security Update Guide
Along with its recent series of security updates, Microsoft has also launched a new version of its Security Update Guide to make it easier for users and researchers alike to better understand the attributes of vulnerabilities in its software.
In a blog post, the Microsoft Security Response Center provided more details on the updated version of its Security Update Guide, saying:
“With the launch of the new version of the Security Update Guide, Microsoft is demonstrating its commitment to industry standards by describing the vulnerabilities with the Common Vulnerability Scoring System (CVSS). This is a precise method that describes the vulnerability with attributes such as the attack vector, the complexity of the attack, whether an adversary needs certain privileges, etc.”
While the Microsoft Security Response Center has been scoring Windows and browser vulnerabilities since 2016, now it will score every vulnerability and display the details that make up that score in the new version of its Security Update Guide.
At the same time, security researchers will also now be able to edit the columns displayed in the Security Update Guide to show a vulnerability's release date, CVE number, CVE title, description, articles, FAQ, mitigations and more.
- We've also highlighted the best antivirus software
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.