Categories
Patching Recap

Monthly Patching Recap November 2020

Several remote code executions in Microsoft products, a VMware bug that is already exploited in the wild and multiple critical Cisco patches: November was heavy on high impact vulnerabilities.

At the end of each month we take a look at our patch data to give an overview on the most important security patches that were released during the last 30 days. In November we tracked 235 patches in total.

Below is an overview on the affected software categories:

Microsofts Patch Tuesday in November was heavy on remote code execution vulnerabilities. And again SharePoint was among the main products affected as it got a critical remote code execution bug fixed. But also the core Windows operating system had two severe flaws exposed, one in the kernel leading to privilege escalation and one in the NFS file system that got a straight up 9.8 CVSS score.

Cisco and VMware meanwhile also had to fix several critical vulnerabilties. Among the Cisco patches, three affecting the Cisco Security Manager deserved special attention:

VMware needed to patch use-after-free, privilege escalation and command injection vulnerabilities. The latter one is already actively being exploited according to the National Security Agency.

Other noteworthy patches in November include:

If you want a weekly patch summary that is personalized for your software + instant patch alerts have a look at our plans: patchdeck.com/pricing