Skip to main content

Microsoft Releases Windows Update (Dec 2020) to Fix 58 Security Flaws.



Kindly click here to subscribe for more News and Updates on Technology, Politics, Sports, Social Life and much more.

        Microsoft Windows Security Update.
Microsoft on Tuesday released fixes for 58 newly discovered security flaws spanning as many as 11 products and services as part of its final Patch Tuesday of 2020, effectively bringing their CVE total to 1,250 for the year.

Of these 58 patches, nine are rated as Critical, 46 are rated as Important, and three are rated Moderate in severity.

The December security release addresses issues in Microsoft Windows, Edge browser, ChakraCore, Microsoft Office, Exchange Server, Azure DevOps, Microsoft Dynamics, Visual Studio, Azure SDK, and Azure Sphere.

Fortunately, none of these flaws this month have been reported as publicly known or being actively exploited in the wild.

The fixes for December concern a number of remote code execution (RCE) flaws in Microsoft Exchange (CVE-2020-17132), SharePoint (CVE-2020-17118 and CVE-2020-17121), Excel (CVE-2020-17123), and Hyper-V virtualization software (CVE-2020-17095), as well as a patch for a security feature bypass in Kerberos (CVE-2020-16996), and a number of privilege escalation flaws in Windows Backup Engine and Windows Cloud Files Mini Filter Driver.

CVE-2020-17095 also carries the highest CVSS score of 8.5 among all vulnerabilities addressed in this month's release.

"To exploit this vulnerability, an attacker could run a specially crafted application on a Hyper-V guest that could cause the Hyper-V host operating system to execute arbitrary code when it fails to properly validate vSMB packet data," Microsoft noted.

Additionally included as part of this month's release is an advisory for a DNS cache poisoning vulnerability (CVE-2020-25705) discovered by security researchers from Tsinghua University and the University of California last month.

Dubbed a Side-channel AttackeD DNS attack (or SAD DNS attack), the flaw could enable an attacker to spoof the DNS packet, which can be cached by the DNS Forwarder or the DNS Resolver, thereby re-enabling DNS cache poisoning attacks.

To mitigate the risk, Microsoft recommends a Registry workaround that involves changing the maximum UDP packet size to 1,221 bytes (4C5 Hexadecimal).

"For responses larger than 4C5 or 1221, the DNS resolver would now switch to TCP," the Windows maker stated in its advisory.

Since the attack relies on sending spoofed UDP (User Datagram Protocol) messages to defeat source port randomization for DNS requests, implementing the tweak will cause larger DNS queries to switch to TCP, thus mitigating the flaw.

It's highly advised that Windows users and system administrators apply the latest security patches to resolve the threats associated with these issues.

To install the latest security updates, Windows users can head to Start > Settings > Update & Security > Windows Update, or by selecting Check for Windows updates.


THN


#osutayusuf

Comments

Popular posts from this blog

Lab Student Drowned, Body Missing in Rokoze Lake in Nyadri Sub-county, Maracha District.

Maracha District.  5-December-2025. 📸: Residents gathered around the lake as they searched the missing body of the student. Photo by #Information_is_Power's news reporter.  This afternoon Friday 5-December-2025, a student from St Joseph Laboratory Training School in Maracha hospital, a one  Araku Denis drowned in Rokoze water body in Nyadri Sub-county and the  body has not been retrieved upto this night as the police and residents searched for it and in vain but they are expected to resume retrieving it tomorrow Saturday 6-December-2025. 📸: Photo of the deceased which we captured on his phone screen this night. Araku and his fellow students had  reportedly gone to pass time at water point after completing exams papers of today. Him and callagues got attracted to swimming at water body where he perished.  By press time, efforts to retrieve his body proved futile as the body remains invisible on water surface.  Rokoze water body...

Hon Oguzu Lee Denis Drags to Court, Maracha Constituency MP-Elect Uhuru Nelson and Electoral Commission.

Story by Osuta Yusuf.  Maracha District 6-April-2026. Following the 15-1-2026 general election, the two term MP for Maracha Constituency, Hon Oguzu Lee Denis has dragged to court the Winner for Maracha Constituency MP election, Uhuru Nelson as the first respondent and Election Commission as the second respondent.  📸: Copy of the court document shared in NEWS PLATFORM, one of the WhatsApp groups in WestNile region. In a document dated 1-April-2026 filed at Arua High Court, it's not yet clear which grounds the petitioner, Hon Oguzu Lee Denis has used to challenge the victory of the NRM Party candidate Uhuru Nelson.  It should be noted that, the NRM Party candidate Uhuru Nelson was declared the winner of the 15-1-2026 general election after he garnered 13,696 votes, followed by Independent candidate Obeta Moses Drakua who garnered 9,247 votes, the incumbent MP Hon Oguzu Lee Denis (FDC) fell in the third position after he got 3,290 votes, Eng. Aguta Sam (Independent) got 686...

Famous Arua City TikToker Arrested on Allegations of Lesbianism Act.

Arua City. 20-2-2026. A famous TikToker from Arua City, WestNile region, in the names of Torrero Bae was arrested on Wednesday 18-2-2026 and taken to Onduparaka Police Station on Allegations of engaging in Lesbianism acts with another girl. Story excerpts from the Facebook account of Kawawa Michael.  📸: Part of the screenshot  📸: Screenshot from Facebook.  I have spoken to a reliable source from Onduparaka Div police HQS  As concerns the case of these girls  It's true they have confessed to being lesbians and the whole of their dancing group is involved  She comes from a good family and the mother is a teacher by profession I will hide her names  It's alleged that she started her lesbiansim from school that is why she ran away from the mother that is according to her mother who was present at Onduparaka today  Police is trying to apprehend the whole group then make a decision on the file at the moment other...