-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                              ASB-2020.0206.2
  Microsoft Patch Tuesday update for Microsoft Windows for November 2020
                             16 November 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Microsoft Windows
Operating System:     Windows
Impact/Access:        Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                      Increased Privileges            -- Existing Account      
                      Denial of Service               -- Remote/Unauthenticated
                      Provide Misleading Information  -- Existing Account      
                      Unauthorised Access             -- Remote/Unauthenticated
                      Access Confidential Data        -- Existing Account      
Resolution:           Patch/Upgrade
CVE Names:            CVE-2020-17113 CVE-2020-17110 CVE-2020-17109
                      CVE-2020-17108 CVE-2020-17107 CVE-2020-17106
                      CVE-2020-17105 CVE-2020-17102 CVE-2020-17101
                      CVE-2020-17090 CVE-2020-17088 CVE-2020-17087
                      CVE-2020-17086 CVE-2020-17082 CVE-2020-17081
                      CVE-2020-17079 CVE-2020-17078 CVE-2020-17077
                      CVE-2020-17076 CVE-2020-17075 CVE-2020-17074
                      CVE-2020-17073 CVE-2020-17071 CVE-2020-17070
                      CVE-2020-17069 CVE-2020-17068 CVE-2020-17057
                      CVE-2020-17056 CVE-2020-17055 CVE-2020-17051
                      CVE-2020-17049 CVE-2020-17047 CVE-2020-17046
                      CVE-2020-17045 CVE-2020-17044 CVE-2020-17043
                      CVE-2020-17042 CVE-2020-17041 CVE-2020-17040
                      CVE-2020-17038 CVE-2020-17037 CVE-2020-17036
                      CVE-2020-17035 CVE-2020-17034 CVE-2020-17033
                      CVE-2020-17032 CVE-2020-17031 CVE-2020-17030
                      CVE-2020-17029 CVE-2020-17028 CVE-2020-17027
                      CVE-2020-17026 CVE-2020-17025 CVE-2020-17024
                      CVE-2020-17014 CVE-2020-17013 CVE-2020-17012
                      CVE-2020-17011 CVE-2020-17010 CVE-2020-17007
                      CVE-2020-17004 CVE-2020-17001 CVE-2020-17000
                      CVE-2020-16999 CVE-2020-16998 CVE-2020-16997
                      CVE-2020-1599  
Member content until: Friday, December 11 2020
Reference:            ASB-2020.0197
                      ESB-2020.3800.2
                      ESB-2020.3685
                      ESB-2020.3676

Revision History:     November 16 2020: CVE-2020-17049 was updated to address known issue, 
                      guidance for deploying issue has been updated
                      November 11 2020: Initial Release

OVERVIEW

        Microsoft has released its monthly security patch update for the
        month of November 2020.
        
        This update resolves 67 vulnerabilities across the following
        products: [1]
        
         AV1 Video Extension
         HEIF Image Extension
         HEVC Video Extensions
         Raw Image Extension
         WebP Image Extension
         Windows 10 Version 1607 for 32-bit Systems
         Windows 10 Version 1607 for x64-based Systems
         Windows 10 Version 1803 for 32-bit Systems
         Windows 10 Version 1803 for ARM64-based Systems
         Windows 10 Version 1803 for x64-based Systems
         Windows 10 Version 1809 for 32-bit Systems
         Windows 10 Version 1809 for ARM64-based Systems
         Windows 10 Version 1809 for x64-based Systems
         Windows 10 Version 1903 for 32-bit Systems
         Windows 10 Version 1903 for ARM64-based Systems
         Windows 10 Version 1903 for x64-based Systems
         Windows 10 Version 1909 for 32-bit Systems
         Windows 10 Version 1909 for ARM64-based Systems
         Windows 10 Version 1909 for x64-based Systems
         Windows 10 Version 2004 for 32-bit Systems
         Windows 10 Version 2004 for ARM64-based Systems
         Windows 10 Version 2004 for x64-based Systems
         Windows 10 Version 20H2 for 32-bit Systems
         Windows 10 Version 20H2 for ARM64-based Systems
         Windows 10 Version 20H2 for x64-based Systems
         Windows 10 for 32-bit Systems
         Windows 10 for x64-based Systems
         Windows 8.1 for 32-bit systems
         Windows 8.1 for x64-based systems
         Windows Server 2012
         Windows Server 2012 (Server Core installation)
         Windows Server 2012 R2
         Windows Server 2012 R2 (Server Core installation)
         Windows Server 2016
         Windows Server 2016  (Server Core installation)
         Windows Server 2019
         Windows Server 2019  (Server Core installation)


IMPACT

        Microsoft has given the following details regarding these vulnerabilities.
        
         Details         Impact                   Severity
         CVE-2020-1599   Spoofing                 Important
         CVE-2020-16997  Information Disclosure   Important
         CVE-2020-16998  Elevation of Privilege   Important
         CVE-2020-16999  Information Disclosure   Important
         CVE-2020-17000  Information Disclosure   Important
         CVE-2020-17001  Elevation of Privilege   Important
         CVE-2020-17004  Information Disclosure   Important
         CVE-2020-17007  Elevation of Privilege   Important
         CVE-2020-17010  Elevation of Privilege   Important
         CVE-2020-17011  Elevation of Privilege   Important
         CVE-2020-17012  Elevation of Privilege   Important
         CVE-2020-17013  Information Disclosure   Important
         CVE-2020-17014  Elevation of Privilege   Important
         CVE-2020-17024  Elevation of Privilege   Important
         CVE-2020-17025  Elevation of Privilege   Important
         CVE-2020-17026  Elevation of Privilege   Important
         CVE-2020-17027  Elevation of Privilege   Important
         CVE-2020-17028  Elevation of Privilege   Important
         CVE-2020-17029  Information Disclosure   Important
         CVE-2020-17030  Information Disclosure   Important
         CVE-2020-17031  Elevation of Privilege   Important
         CVE-2020-17032  Elevation of Privilege   Important
         CVE-2020-17033  Elevation of Privilege   Important
         CVE-2020-17034  Elevation of Privilege   Important
         CVE-2020-17035  Elevation of Privilege   Important
         CVE-2020-17036  Information Disclosure   Important
         CVE-2020-17037  Elevation of Privilege   Important
         CVE-2020-17038  Elevation of Privilege   Important
         CVE-2020-17040  Security Feature Bypass  Important
         CVE-2020-17041  Elevation of Privilege   Important
         CVE-2020-17042  Remote Code Execution    Critical
         CVE-2020-17043  Elevation of Privilege   Important
         CVE-2020-17044  Elevation of Privilege   Important
         CVE-2020-17045  Information Disclosure   Important
         CVE-2020-17046  Denial of Service        Low
         CVE-2020-17047  Denial of Service        Important
         CVE-2020-17049  Security Feature Bypass  Important
         CVE-2020-17051  Remote Code Execution    Critical
         CVE-2020-17055  Elevation of Privilege   Important
         CVE-2020-17056  Information Disclosure   Important
         CVE-2020-17057  Elevation of Privilege   Important
         CVE-2020-17068  Remote Code Execution    Important
         CVE-2020-17069  Information Disclosure   Important
         CVE-2020-17070  Elevation of Privilege   Important
         CVE-2020-17071  Information Disclosure   Important
         CVE-2020-17073  Elevation of Privilege   Important
         CVE-2020-17074  Elevation of Privilege   Important
         CVE-2020-17075  Elevation of Privilege   Important
         CVE-2020-17076  Elevation of Privilege   Important
         CVE-2020-17077  Elevation of Privilege   Important
         CVE-2020-17078  Remote Code Execution    Critical
         CVE-2020-17079  Remote Code Execution    Critical
         CVE-2020-17081  Information Disclosure   Important
         CVE-2020-17082  Remote Code Execution    Critical
         CVE-2020-17086  Remote Code Execution    Important
         CVE-2020-17087  Elevation of Privilege   Important
         CVE-2020-17088  Elevation of Privilege   Important
         CVE-2020-17090  Security Feature Bypass  Important
         CVE-2020-17101  Remote Code Execution    Critical
         CVE-2020-17102  Information Disclosure   Important
         CVE-2020-17105  Remote Code Execution    Critical
         CVE-2020-17106  Remote Code Execution    Critical
         CVE-2020-17107  Remote Code Execution    Critical
         CVE-2020-17108  Remote Code Execution    Critical
         CVE-2020-17109  Remote Code Execution    Critical
         CVE-2020-17110  Remote Code Execution    Critical
         CVE-2020-17113  Information Disclosure   Important
        
         CVE-2020-17049 has been updated to address a known issue with Kdc registry [2]


MITIGATION

        Microsoft recommends updating the software to the latest available
        version available on the Microsoft Update Catalog. [1].
        
        
         KB4586785, KB4586793, KB4586808, KB4586845, KB4586781
         KB4586834, KB4586830, KB4586787, KB4586823, KB4586786


REFERENCES

        [1] Security Update Guide
            https://portal.msrc.microsoft.com/en-us/security-guidance

        [2] Kerberos KDC Security Feature Bypass Vulnerability
            https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX7H/reNLKJtyKPYoAQgE8A//SO+3QURx/sSuCz8kJ6/5mOruTnczh5cr
5r2YoloAP2vone36Itr5MjJKeYHqXumyyjctc0E5xJkvEqAq90nNd32PZDFQOVGA
O0sG6S/F7KNHJLiG0phxe58tpe+XS60dPzGyLOFpzv9NuSw7s01Ud+34yEWuIJ7+
GKMSJIdBFYxGbSF4vTb5+Gr5izcZR9rVxrasyyKsO+QgWqxQbKVvOV7oF5ZdCiRE
18yeWZ5pvs8RFEtW7watjnl6E9roZkpaalj59aM/XMBwv6JcOyZr2f9Kq4i4nXVe
eu4p1IoGNgdZBna/nW+VOP0npo3qE8I+7bnybYxOIhfbzdk4XXDkWryX4X2JCmpI
mcd7hZsg+VgDIyCJE8W80KYT5vH7P3Qw0lAWLd89jFprrrbRYnQzGgAW67zA4JSP
NLvH+D8v/Fyp3JQ5BVK5biSJoCcHzGwW4amJeFxOkp/sxRiwq3FVvPrJpuL9/JR2
gI76/vcgkqY7nTcF6pABV7I7t931vplLuC6Ev70njwFGPLrDLxMDuaHti+eNca46
hxp0IPU8LgyPn4nNATZYuoq7zjuUS6Evv6LA2YvOr6paDT0icxcQzDwNSBejqkoK
vuPydxXBoIo0dpV1wLpNS6n6S0EeXkxLn91DvGTDYbSCnVZsZN9BlS9SFNnLC7YW
T7vKIvHEkac=
=gIcE
-----END PGP SIGNATURE-----