December 2020 - Microsoft Releases Security Patches
Advisory Date: DEC 10, 2020
DESCRIPTION
In the December 2020 Microsoft security patch release, Microsoft updated its vulnerability information page. Following the new patch information format, below are the CVEs that Trend Micro Deep Security covers:
- CVE-2020-17140 - Windows SMB Information Disclosure Vulnerability
CVSS:3.0 8.1/7.1
- CVE-2020-17096 - Scripting Engine Memory Corruption Vulnerability
CVSS:3.0 7.5/6.5
- CVE-2020-17121 - Microsoft SharePoint Remote Code Execution Vulnerability
CVSS:3.0 8.8/7.7
- CVE-2020-17144 - Microsoft Exchange Remote Code Execution Vulnerability
CVSS:3.0 8.4/7.6
- CVE-2020-17152 - Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
CVSS:3.0 8.8/7.7
- CVE-2020-17158 - Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
CVSS:3.0 8.8/7.7
TREND MICRO PROTECTION INFORMATION
Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection are also protected from attacks using these vulnerabilities.
| Vulnerability ID | DPI Rule Number | DPI Rule Name | Release Date | Vulnerability Protection Compatibility |
| CVE-2020-17140 | 1010652 | Microsoft Windows SMB2 Server Information Disclosure Vulnerability (CVE-2020-17140) | 9-Dec-20 | YES |
| CVE-2020-17096 | 1010653 | Microsoft Windows SMB2 Server Remote Code Execution Vulnerability (CVE-2020-17096) | 9-Dec-20 | YES |
| CVE-2020-17152, CVE-2020-17158 | 1010656 | Microsoft Dynamics 365 Commerce Remote Code Execution Vulnerabilities (CVE-2020-17152 and CVE-2020-17158) | 9-Dec-20 | YES |
| CVE-2020-17144 | 1010649 | Microsoft Windows Exchange Memory Corruption Vulnerability (CVE-2020-17144) | 9-Dec-20 | YES |
| CVE-2020-17121 | 1010655 | Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2020-17121) | 10-Nov-20 | YES |