Patch Tuesday delivers critical fixes for Microsoft SharePoint, Exchange

News
By published

Last Patch Tuesday of the year contains fixes for 56 vulnerabilities

Windows 10
(Image credit: Shutterstock)

Microsoft's last Patch Tuesday of the year has arrived and this month the software giant has included fixes for some of the most serious vulnerabilities it has addressed in the past 12 months.

Compared to November's Patch Tuesday which provided patches for 112 different vulnerabilities in its products, this month's series of fixes from Microsoft addresses 56 vulnerabilities in its software including SharePoint and Exchange. 

According to a blog post from SophosLabs, the software giant has fixed 1,245 bugs this year with an average of more than 100 updates per month over the past year.

While Microsoft has patched half as many vulnerabilities this month as it did in November, nearly 40 percent of the bugs addressed in December's Patch Tuesday can lead to attackers being able to launch malicious code on targeted systems.

Remote code execution

Two of the most important vulnerabilities addressed this month exist in Microsoft SharePoint and Exchange and if exploited, they could lead to remote code execution.

The SharePoint vulnerability, tracked as CVE-2020-17121, is a directory traversal vulnerability that can be triggered when the software processes an attacker's malicious input. An attacker could exploit this vulnerability to cause an unsafe deserialization of malicious input which would lead to remote code execution. However, in order to execute this kind of attack, an attacker would need valid user credentials to target a SharePoint site in order to log into it and create a new Team Site on it.

The Exchange vulnerability, tracked as CVE-2020-17144, is quite serious but poses less risk to end users due to the fact that it only affects the Exchange 2010 mail server (which Microsoft recently stopped supporting) and requires an attacker to have valid account credentials for at least one email user on the affected server. If an attacker does manage to exploit this vulnerability, it would expose the contents of the mailboxes used by all accounts on the Exchange server.

Microsoft's latest series of patches will be rolling out to users soon but you can also check out the complete list to see all 56 vulnerabilities that were addressed as well as their severity level.

Via Sophos News

TOPICS
Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Software & Services
TinEye website
I like this reverse image search service the most
A person in a wheelchair working at a computer.
Here’s a free way to find long lost relatives and friends
A white woman with long brown hair in a ponytail looks down at her computer in a distressed manner. She is holding her forehead with one hand and a credit card with the other
This people search finder covers all the bases, but it's not perfect
That's Them home page
Is That's Them worth it? My honest review
woman listening to computer
AWS vs Azure: choosing the right platform to maximize your company's investment
A person at a desktop computer working on spreadsheet tables.
Trello vs Jira: which project management solution is best for you?
Latest in News
Netflix Ads
Netflix adds HDR10+ support – great news for Samsung TV owners, but don't expect LG and Sony to do the same any time soon
FiiO FX17 IEMs
Our favorite budget audiophile brand unveils wired earbuds with 26(!) drivers, electrostatic units, USB-C ultra-Hi-Res Audio, and a not-so-budget price
Nvidia RTX 5080 against a yellow TechRadar background
RTX 5080 24GB version teased by MSI - is it time to admit that 16GB isn't enough for 4K?
A close up of the PlayStation symbol at the top of a PS5 Slim console with a white brick background
Sony has dropped a new PS5 update, improving activities and adding more emoji support
girl using laptop hoping for good luck with her fingers crossed
Windows 11 24H2 seems to be a massive fail – so Microsoft apparently working on 25H2 fills me with hope... and fear
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
More about software services
A person in a wheelchair working at a computer.

Here’s a free way to find long lost relatives and friends
A white woman with long brown hair in a ponytail looks down at her computer in a distressed manner. She is holding her forehead with one hand and a credit card with the other

This people search finder covers all the bases, but it's not perfect
A close up of the PlayStation symbol at the top of a PS5 Slim console with a white brick background

Sony has dropped a new PS5 update, improving activities and adding more emoji support
See more latest
Most Popular
A close up of the PlayStation symbol at the top of a PS5 Slim console with a white brick background
Sony has dropped a new PS5 update, improving activities and adding more emoji support
Netflix Ads
Netflix adds HDR10+ support – great news for Samsung TV owners, but don't expect LG and Sony to do the same any time soon
Nvidia RTX 5080 against a yellow TechRadar background
RTX 5080 24GB version teased by MSI - is it time to admit that 16GB isn't enough for 4K?
Google Pixel 9a being held, from the back
The Google Pixel 9a’s mysterious delay may have just been explained
Nintendo Sound Clock: Alarmo
Nintendo Sound Clock: Alarmo gets new update with more customizable features ahead of the Switch 2 Direct
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
FiiO FX17 IEMs
Our favorite budget audiophile brand unveils wired earbuds with 26(!) drivers, electrostatic units, USB-C ultra-Hi-Res Audio, and a not-so-budget price
An abstract image of a lock against a digital background, denoting cybersecurity.
Critical security flaw in Next.js could spell big trouble for JavaScript users
girl using laptop hoping for good luck with her fingers crossed
Windows 11 24H2 seems to be a massive fail – so Microsoft apparently working on 25H2 fills me with hope... and fear
ChatGPT Advanced Voice mode on a smartphone.
Talking to ChatGPT just got better, and you don’t need to pay to access the new functionality