November 2020 - Microsoft Releases Security Patches

  Advisory Date: NOV 11, 2020

  DESCRIPTION

In the November 2020 Microsoft security patch release, Microsoft updated its vulnerability information page. Following the new patch information format, below are the CVEs that Trend Micro Deep Security covers:

  • CVE-2020-17087 - Windows Kernel Local Elevation of Privilege Vulnerability
    CVSS:3.0 7.8/7.2

  • CVE-2020-17052 - Scripting Engine Memory Corruption Vulnerability
    CVSS:3.0 7.5/6.7

  • CVE-2020-17053 - Internet Explorer Memory Corruption Vulnerability
    CVSS:3.0 7.5/6.7

  • CVE-2020-17051 - Windows Network File System Remote Code Execution Vulnerability
    CVSS:3.0 9.8/8.5

  • CVE-2020-17056 - Windows Network File System Remote Code Execution Vulnerability
    CVSS:3.0 5.5/4.8

  TREND MICRO PROTECTION INFORMATION

Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection are also protected from attacks using these vulnerabilities.

Vulnerability ID DPI Rule Number DPI Rule Name Release Date Vulnerability Protection Compatibility
CVE-2020-17053 1010602 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2020-17053) 10-Nov-20 YES
CVE-2020-17052 1010601 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2020-17052) 10-Nov-20 YES
CVE-2020-17087 1010599 Microsoft Windows Kernel Local Elevation Of Privilege Vulnerability (CVE-2020-17087) 10-Nov-20 YES
CVE-2020-17051 1010604 Microsoft Windows Network File System Remote Code Execution Vulnerability (CVE-2020-17051) 10-Nov-20 YES
CVE-2020-17056 1010605 Microsoft Windows Network File System Remote Code Execution Vulnerability (CVE-2020-17056) 10-Nov-20 YES
CVE-2020-17047 1010606 Identified Out-Of-Sync RPCSEC_GSS_CONTINUE_INIT RPC Message 10-Nov-20 YES