Alert GCSA-20116 - Microsoft Security Update Dicembre 2020

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1




******************************************************************

Alert ID: GCSA-20116
Data: 9 Dicembre 2020
Titolo: Microsoft Security Update Dicembre 2020

******************************************************************

:: Descrizione del problema

Microsoft ha rilasciato il security update mensile, questa versione
risolve numerose vulnerabilita', molte delle quali sono classificate
come "critiche".

Maggiori dettagli sono disponibili nella segnalazione
ufficiale alla sezione "Riferimenti".


:: Software interessato

Microsoft Windows
Microsoft Edge (EdgeHTML-based)
Microsoft Edge for Android
ChakraCore
Microsoft Office and Microsoft Office Services and Web Apps
Microsoft Exchange Server
Azure DevOps
Microsoft Dynamics
Visual Studio
Azure SDK
Azure Sphere


:: Impatto

Denial of Service (DoS)
Acquisizione di privilegi piu' elevati (EoP)
Esecuzione remota di codice arbitrario (RCE)
Bypass delle funzionalita' di sicurezza (SFB)
Information Disclosure (ID)
Spoofing


:: Soluzioni

Per default l'installazione degli aggiornamenti
avviene in maniera automatica.

Verificare di aver installato la versione piu' recente del
Servicing Stack Updates
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001
https://docs.microsoft.com/it-it/windows/deployment/update/servicing-stack-updates

Windows Update domande frequenti
https://support.microsoft.com/en-us/help/12373/windows-update-faq

Gli aggiornamenti sono disponibili anche tramite il catalogo di
Microsoft Update
https://www.catalog.update.microsoft.com/


:: Riferimenti

Microsoft Security Updates - Release Notes
https://msrc.microsoft.com/update-guide/releaseNote/2020-Dec

Microsoft Security Update Guide
https://portal.msrc.microsoft.com/en-us/security-guidance

Microsoft Security update deployment information
https://support.microsoft.com/en-us/help/20201208/security-update-deployment-information-december-8-2020

US-CERT
https://us-cert.cisa.gov/ncas/current-activity/2020/12/08/microsoft-releases-december-2020-security-updates

MS-ISAC
https://www.cisecurity.org/advisory/critical-patches-issued-for-microsoft-products-december-8-2020_2020-163/

Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16996
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17094
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17095
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17096
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17098
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17099
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17115
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17119
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17120
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17121
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17122
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17123
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17124
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17125
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17126
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17127
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17128
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17129
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17130
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17132
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17133
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17138
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17140
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17141
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17142
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17143
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17144
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17147
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17148
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17152
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17153
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17156
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17158
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17160



GARR CERT Security Alert - subscribe/unsubscribe:
https://www.cert.garr.it/it/alert/ricevi-gli-alert-di-cert




-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCX9DDaQAKCRDBnEyTZRJg
QnanAJsE66iusZqJXsIthuiZgi4RCarj/wCgwCcgm7Llgha50n5Kayi0Qm+mu2w=
=FigB
-----END PGP SIGNATURE-----