December 2020 - Microsoft Releases Security Patches

Publish date: December 25, 2020

Advisory Date: DEC 10, 2020

DESCRIPTION

In the December 2020 Microsoft security patch release, Microsoft updated its vulnerability information page. Following the new patch information format, below are the CVEs that Trend Micro Deep Security covers:

CVE-2020-17140 - Windows SMB Information Disclosure Vulnerability
CVSS:3.0 8.1/7.1
CVE-2020-17096 - Scripting Engine Memory Corruption Vulnerability
CVSS:3.0 7.5/6.5
CVE-2020-17121 - Microsoft SharePoint Remote Code Execution Vulnerability
CVSS:3.0 8.8/7.7
CVE-2020-17144 - Microsoft Exchange Remote Code Execution Vulnerability
CVSS:3.0 8.4/7.6
CVE-2020-17152 - Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
CVSS:3.0 8.8/7.7
CVE-2020-17158 - Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
CVSS:3.0 8.8/7.7

TREND MICRO PROTECTION INFORMATION

Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection are also protected from attacks using these vulnerabilities.

Vulnerability ID	DPI Rule Number	DPI Rule Name	Release Date	Vulnerability Protection Compatibility
CVE-2020-17140	1010652	Microsoft Windows SMB2 Server Information Disclosure Vulnerability (CVE-2020-17140)	9-Dec-20	YES
CVE-2020-17096	1010653	Microsoft Windows SMB2 Server Remote Code Execution Vulnerability (CVE-2020-17096)	9-Dec-20	YES
CVE-2020-17152, CVE-2020-17158	1010656	Microsoft Dynamics 365 Commerce Remote Code Execution Vulnerabilities (CVE-2020-17152 and CVE-2020-17158)	9-Dec-20	YES
CVE-2020-17144	1010649	Microsoft Windows Exchange Memory Corruption Vulnerability (CVE-2020-17144)	9-Dec-20	YES
CVE-2020-17121	1010655	Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2020-17121)	10-Nov-20	YES

Featured Stories

Beware of MCP Hardcoded Credentials: A Perfect Target for Threat Actors
Poor secret management in MCP servers can lead to serious consequences, including data breaches and supply chain attacks. This article examines the reality of these unsecure configurations and offers practical recommendations that minimize the chances of exposure.
Read more
$Lessons in Resilience from the Race to Patch SharePoint Vulnerabilities$
Lessons in Resilience from the Race to Patch SharePoint Vulnerabilities
In this article, Trend Micro discusses how the fast-moving attacks using CVE-2025-53770 and CVE-2025-53771 have underscored the essential role of virtual patching and reliable intelligence in protecting organizations against evolving threats.
Read more
$Unveiling AI Agent Vulnerabilities Part V: Securing LLM Services$
Unveiling AI Agent Vulnerabilities Part V: Securing LLM Services
To conclude our series on agentic AI, this article examines emerging vulnerabilities that threaten AI agents, focusing on providing proactive security recommendations on areas such as code execution, data exfiltration, and database access.
Read more
$Unveiling AI Agent Vulnerabilities Part IV: Database Access Vulnerabilities$
Unveiling AI Agent Vulnerabilities Part IV: Database Access Vulnerabilities
How can attackers exploit weaknesses in database-enabled AI agents? This research explores how SQL generation vulnerabilities, stored prompt injection, and vector store poisoning can be weaponized by attackers for fraudulent activities.
Read more

December 2020 - Microsoft Releases Security Patches

DESCRIPTION

TREND MICRO PROTECTION INFORMATION

Featured Stories

Trend Vision One™ - Proactive Security Starts Here.

Resources

Support

About Trend

Country Headquarters