At the end of each month we take a look at our patch data to give an overview on the most important security patches that were released during the last 30 days. In December we tracked 197 patches in total.
Below is an overview on the affected software categories:
Microsofts Patch Tuesday in December featured “only” 58 new vulnerabilities but still had some highlights. The most critical vulnerability fixed was a remote code execution in Hyper-V which could enable a hypervisor escape. Microsoft also fixed a lock-screen bypass in Windows and another vulnerability in the NTFS filesystem, a component that already received several security patches this year.
Ubuntu meanwhile issued 26 security updates to included packages, among them fixes for vulnerabilities in curl and snapcraft. And Debian published the new release 10.7 which includes multiple security fixes.
For development and DevOps teams the most important patches were updates for Apache Tomcat and a fix for Kubernetes remediating a Man-in-the-Middle vulnerability.
Networking and border device vendors also had to patch several critical vulnerabilities in December. The three most important ones:
- Palo Alto CVE-2020-2049 Cortex XDR Agent: Improper control of loaded DLL leads to local privilege escalation
- F5 XSS vulnerability CVE-2020-27719
- Cisco Jabber Desktop and Mobile Client Software Vulnerabilities
If you want a weekly patch summary that is personalized for your software + instant patch alerts have a look at our plans: patchdeck.com/pricing