December 2020 - Microsoft Releases Security Patches

  Advisory Date: DEC 10, 2020

  DESCRIPTION

In the December 2020 Microsoft security patch release, Microsoft updated its vulnerability information page. Following the new patch information format, below are the CVEs that Trend Micro Deep Security covers:

  • CVE-2020-17140 - Windows SMB Information Disclosure Vulnerability
    CVSS:3.0 8.1/7.1

  • CVE-2020-17096 - Scripting Engine Memory Corruption Vulnerability
    CVSS:3.0 7.5/6.5

  • CVE-2020-17121 - Microsoft SharePoint Remote Code Execution Vulnerability
    CVSS:3.0 8.8/7.7

  • CVE-2020-17144 - Microsoft Exchange Remote Code Execution Vulnerability
    CVSS:3.0 8.4/7.6

  • CVE-2020-17152 - Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
    CVSS:3.0 8.8/7.7

  • CVE-2020-17158 - Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
    CVSS:3.0 8.8/7.7

  TREND MICRO PROTECTION INFORMATION

Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection are also protected from attacks using these vulnerabilities.

Vulnerability ID DPI Rule Number DPI Rule Name Release Date Vulnerability Protection Compatibility
CVE-2020-17140 1010652 Microsoft Windows SMB2 Server Information Disclosure Vulnerability (CVE-2020-17140) 9-Dec-20 YES
CVE-2020-17096 1010653 Microsoft Windows SMB2 Server Remote Code Execution Vulnerability (CVE-2020-17096) 9-Dec-20 YES
CVE-2020-17152, CVE-2020-17158 1010656 Microsoft Dynamics 365 Commerce Remote Code Execution Vulnerabilities (CVE-2020-17152 and CVE-2020-17158) 9-Dec-20 YES
CVE-2020-17144 1010649 Microsoft Windows Exchange Memory Corruption Vulnerability (CVE-2020-17144) 9-Dec-20 YES
CVE-2020-17121 1010655 Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2020-17121) 10-Nov-20 YES