Multiple vulnerabilities in Microsoft products

November 12, 2020

DOCUMENT MANAGEMENT

Reference CERTFR-2020-AVI-739
Title Multiple vulnerabilities in Microsoft products
First version date November 12, 2020
Latest version date November 12, 2020
Source (s) Microsoft Security Bulletin November 11, 2020
Attachment (s) None
Table 1: Document management
A detailed version control can be found at the end of this document.

RISK (S)

1. Bypass the security feature
2. Breach of data confidentiality
3. Denied service
4. Remote code execution
5. Identity theft
6. Privilege escalation
7. AFFECTED SYSTEMS
8. AV1 Video Extension
9. Azure DevOps Server 2019 Update 1.1
10. Azure Sphere
11. ChakraCore
12. HEIF Image Extension
13. HEVC Video Extensions
14. Microsoft 365 Apps for Enterprise for 64-bit Systems
15. Microsoft 365 Apps for Enterprise for 32-bit systems
16. Microsoft Dynamics 365 (on-premises) version 8.2
17. Microsoft Dynamics 365 (on-premises) version 9.0
18. Microsoft Dynamics CRM 2015 (on-premises) version 7.0
19. Microsoft Exchange Server 2013 Cumulative Update 23
20. Microsoft Exchange Server 2016 Cumulative Update 17
21. Microsoft Exchange Server 2016 Cumulative Update 18
22. Microsoft Exchange Server 2019 Cumulative Update 6
23. Microsoft Exchange Server 2019 Cumulative Update 7
24. Microsoft Teams
25. Microsoft Visual Studio 2017 version 15.9 (includes 15.0 – 15.8)
26. Microsoft Visual Studio 2019 version 16.0
27. Microsoft Visual Studio 2019 version 16.4 (includes 16.0 – 16.3)
28. Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)
29. Microsoft Visual Studio 2019 version 16.8
30. Raw Image Extension
31. Visual Studio Code
32. WebP Image Extension
    

ABSTRACT

Multiple vulnerabilities have been corrected in Microsoft products. They allow an attacker to cause an elevation of privilege, a remote code execution, a breach of data confidentiality, a bypass of the security functionality, a denial of service and an impersonation.

SOLUTION

Refer to the publisher’s security bulletin to obtain patches (see Documentation section).

DOCUMENTATION

Reference CVE CVE-2020-16970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16970
Reference CVE CVE-2020-16991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16991
Reference CVE CVE-2020-16993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16993
Reference CVE CVE-2020-16989
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16989
Reference CVE CVE-2020-16986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16986
Reference CVE CVE-2020-16988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16988
Reference CVE CVE-2020-16982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16982
Reference CVE CVE-2020-17018
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17018
Reference CVE CVE-2020-17065
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17065
Reference CVE CVE-2020-17054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17054
Reference CVE CVE-2020-17063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17063
Reference CVE CVE-2020-16994
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16994
Reference CVE CVE-2020-17085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17085
Reference CVE CVE-2020-1325
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1325
Reference CVE CVE-2020-17081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17081
Reference CVE CVE-2020-16981
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16981
Reference CVE CVE-2020-16984
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16984
Reference CVE CVE-2020-17005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17005
Reference CVE CVE-2020-17078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17078
Reference CVE CVE-2020-16987
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16987
Reference CVE CVE-2020-17091
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17091
Reference CVE CVE-2020-17062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17062
Reference CVE CVE-2020-17100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17100
Reference CVE CVE-2020-17048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17048
Reference CVE CVE-2020-17086
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17086
Reference CVE CVE-2020-17101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17101
Reference CVE CVE-2020-17067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17067
Reference CVE CVE-2020-17106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17106
Reference CVE CVE-2020-17104
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17104
Reference CVE CVE-2020-17084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17084
Reference CVE CVE-2020-16985
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16985
Reference CVE CVE-2020-17108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17108
Reference CVE CVE-2020-16983
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16983
Reference CVE CVE-2020-17064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17064
Reference CVE CVE-2020-16992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16992
Reference CVE CVE-2020-17107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17107
Reference CVE CVE-2020-16990
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16990
Reference CVE CVE-2020-17083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17083
Reference CVE CVE-2020-17105
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17105
Reference CVE CVE-2020-17079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17079
Reference CVE CVE-2020-17020
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17020
Reference CVE CVE-2020-17006
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17006
Reference CVE CVE-2020-17109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17109
Reference CVE CVE-2020-17110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17110
Reference CVE CVE-2020-17021
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17021