Wednesday, June 19, 2024

Multiple vulnerabilities in Microsoft products

November 12, 2020


Reference CERTFR-2020-AVI-739
Title Multiple vulnerabilities in Microsoft products
First version date November 12, 2020
Latest version date November 12, 2020
Source (s) Microsoft Security Bulletin November 11, 2020
Attachment (s) None
Table 1: Document management
A detailed version control can be found at the end of this document.


  1. Bypass the security feature
  2. Breach of data confidentiality
  3. Denied service
  4. Remote code execution
  5. Identity theft
  6. Privilege escalation
  8. AV1 Video Extension
  9. Azure DevOps Server 2019 Update 1.1
  10. Azure Sphere
  11. ChakraCore
  12. HEIF Image Extension
  13. HEVC Video Extensions
  14. Microsoft 365 Apps for Enterprise for 64-bit Systems
  15. Microsoft 365 Apps for Enterprise for 32-bit systems
  16. Microsoft Dynamics 365 (on-premises) version 8.2
  17. Microsoft Dynamics 365 (on-premises) version 9.0
  18. Microsoft Dynamics CRM 2015 (on-premises) version 7.0
  19. Microsoft Exchange Server 2013 Cumulative Update 23
  20. Microsoft Exchange Server 2016 Cumulative Update 17
  21. Microsoft Exchange Server 2016 Cumulative Update 18
  22. Microsoft Exchange Server 2019 Cumulative Update 6
  23. Microsoft Exchange Server 2019 Cumulative Update 7
  24. Microsoft Teams
  25. Microsoft Visual Studio 2017 version 15.9 (includes 15.0 – 15.8)
  26. Microsoft Visual Studio 2019 version 16.0
  27. Microsoft Visual Studio 2019 version 16.4 (includes 16.0 – 16.3)
  28. Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)
  29. Microsoft Visual Studio 2019 version 16.8
  30. Raw Image Extension
  31. Visual Studio Code
  32. WebP Image Extension


Multiple vulnerabilities have been corrected in Microsoft products. They allow an attacker to cause an elevation of privilege, a remote code execution, a breach of data confidentiality, a bypass of the security functionality, a denial of service and an impersonation.


Refer to the publisher’s security bulletin to obtain patches (see Documentation section).

Recommended:  Android Security Tool APKLeaks releases patch for RCE critical vulnerability


Reference CVE CVE-2020-16970
Reference CVE CVE-2020-16991
Reference CVE CVE-2020-16993
Reference CVE CVE-2020-16989
Reference CVE CVE-2020-16986
Reference CVE CVE-2020-16988
Reference CVE CVE-2020-16982
Reference CVE CVE-2020-17018
Reference CVE CVE-2020-17065
Reference CVE CVE-2020-17054
Reference CVE CVE-2020-17063
Reference CVE CVE-2020-16994
Reference CVE CVE-2020-17085
Reference CVE CVE-2020-1325
Reference CVE CVE-2020-17081
Reference CVE CVE-2020-16981
Reference CVE CVE-2020-16984
Reference CVE CVE-2020-17005
Reference CVE CVE-2020-17078
Reference CVE CVE-2020-16987
Reference CVE CVE-2020-17091
Reference CVE CVE-2020-17062
Reference CVE CVE-2020-17100
Reference CVE CVE-2020-17048
Reference CVE CVE-2020-17086
Reference CVE CVE-2020-17101
Reference CVE CVE-2020-17067
Reference CVE CVE-2020-17106
Reference CVE CVE-2020-17104
Reference CVE CVE-2020-17084
Reference CVE CVE-2020-16985
Reference CVE CVE-2020-17108
Reference CVE CVE-2020-16983
Reference CVE CVE-2020-17064
Reference CVE CVE-2020-16992
Reference CVE CVE-2020-17107
Reference CVE CVE-2020-16990
Reference CVE CVE-2020-17083
Reference CVE CVE-2020-17105
Reference CVE CVE-2020-17079
Reference CVE CVE-2020-17020
Reference CVE CVE-2020-17006
Reference CVE CVE-2020-17109
Reference CVE CVE-2020-17110
Reference CVE CVE-2020-17021

ClosePlease login
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

User Avatar
Steven Black (n0tst3)
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

more infosec reads

Subscribe for weekly updates