Patching Recap

Monthly Patching Recap December 2020

December is traditionally a more quiet month for patching due to companies preparing for the holidays and 2020 was no exception to that rule. Nevertheless, we tracked 197 newly patched vulnerabilities in the last month of the year, among them several critical ones.

At the end of each month we take a look at our patch data to give an overview on the most important security patches that were released during the last 30 days. In December we tracked 197 patches in total.

Below is an overview on the affected software categories:

Microsofts Patch Tuesday in December featured “only” 58 new vulnerabilities but still had some highlights. The most critical vulnerability fixed was a remote code execution in Hyper-V which could enable a hypervisor escape. Microsoft also fixed a lock-screen bypass in Windows and another vulnerability in the NTFS filesystem, a component that already received several security patches this year.

Ubuntu meanwhile issued 26 security updates to included packages, among them fixes for vulnerabilities in curl and snapcraft. And Debian published the new release 10.7 which includes multiple security fixes.

For development and DevOps teams the most important patches were updates for Apache Tomcat and a fix for Kubernetes remediating a Man-in-the-Middle vulnerability.

Networking and border device vendors also had to patch several critical vulnerabilities in December. The three most important ones:

If you want a weekly patch summary that is personalized for your software + instant patch alerts have a look at our plans: