Microsoft releases over 100 security updates - so patch now

Woman using a Surface
(Image credit: Microsoft)
Audio player loading…

Microsoft's November 2020 Patch Tuesday has arrived which means Windows 10 (opens in new tab) administrators have their work cut out for them due to the sheer number of updates released by the software giant.

With its November 2020 Patch Tuesday security update release (opens in new tab), the company has released fixes for a total of 112 different vulnerabilities in its products. Of the 112 vulnerabilities, 17 are classified as critical, 93 are classified as important and just two as moderate.

In its latest Patch Tuesday, Microsoft has also released a patch for a zero-day privilege escalation vulnerability (opens in new tab) in the Windows Kernel Cryptography Driver (cng.sys) tracked as CVE-2020-17087. This vulnerability was recently disclosed by Google's Project Zero (opens in new tab) security team after its researchers detected that it was being exploited in real-world targeted attacks.

Microsoft has patched vulnerabilities in a number of its products including Azure Sphere (opens in new tab), Microsoft Dynamics, Microsoft Exchange Server, Microsoft Office, Windows 10, Visual Studio, Windows Defender and more and because of this, users should patch their systems now to avoid falling victim to any potential attacks leveraging these vulnerabilities.

Revamped Security Update Guide

Along with its recent series of security updates, Microsoft has also launched a new version of its Security Update Guide (opens in new tab) to make it easier for users and researchers alike to better understand the attributes of vulnerabilities in its software.

In a blog post (opens in new tab), the Microsoft Security Response Center provided more details on the updated version of its Security Update Guide, saying:

“With the launch of the new version of the Security Update Guide, Microsoft is demonstrating its commitment to industry standards by describing the vulnerabilities with the Common Vulnerability Scoring System (CVSS).  This is a precise method that describes the vulnerability with attributes such as the attack vector, the complexity of the attack, whether an adversary needs certain privileges, etc.”

While the Microsoft Security Response Center (opens in new tab) has been scoring Windows and browser vulnerabilities since 2016, now it will score every vulnerability and display the details that make up that score in the new version of its Security Update Guide.

At the same time, security researchers will also now be able to edit the columns displayed in the Security Update Guide to show a vulnerability's release date, CVE number, CVE title, description, articles, FAQ, mitigations and more.

Via BleepingComputer (opens in new tab)

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.