Microsoft has rolled out its Patch Tuesday update for November 2020, which fixes 112 security bugs across several of its products.
Included in this patch is a fix for a zero-day vulnerability that was being used by malicious parties.
This flaw, known as CVE-2020-17087, affects the Windows Kernel and was flagged by Microsoft as “important”.
However, this security flaw only works if the malicious party has already compromised the account of a less powerful user.
This has been witnessed by Google, which released an update on 20 October to fix a different bug that was being used alongside this one.
CVE-2020-17087 affects all of the versions of Windows that are currently supported by Microsoft, including all Windows Server distributions.
There are also 24 bugs that allow remote code execution (RCE) attacks in the likes of Microsoft Excel, Microsoft Sharepoint, Microsoft Exchange Server, and Microsoft Teams.
This update is available through Windows Update, and you can view the full list of security updates here.
Microsoft patch problems
While these security patches are important, Microsoft updates have developed a bad reputation in recent months due to its patches causing other issues for its users.
In November, a Windows 10 bug caused user certificates to be lost when updating from certain versions of Windows 10.
“Devices will only be impacted if they have already installed any Latest cumulative update (LCU) released 16 September 2020 or later and then proceed to update to a later version of Windows 10 from media or an installation source which does not have an LCU released 13 October 2020 or later integrated,” explained Microsoft.
A September security update also caused users to suffer the Blue Screen of Death. This happened when Windows discovered an offline folder feature or a domain profile on the user’s network.
Users also reported they were being logged out of their websites whenever they restart their computer.
This had been happening since May 2020, but it was accelerated by the September 2020 update.