On the last patchday of this year, microsoft closed a total of 58 security. Who uses windows and other software from microsoft should ensure that windows update has installed security patches for azure devops, azure sdk, azure sphere, chakracore, edge, exchange server, visual studio and windows. In the default setting, the automatically happens.
Nine lights are with the degree of threat "critical" classy. These vulnerabilities relate to chakra scripting engine by edge, dynamics for finance operations, exchange, hyper-v and sharepoint.
If the attackers use the leach, for example, they could break out of a vm (cve-2020-17095) and shadcode in the host system exports. For a successful attack, an attacker must be able to start a generated application in the guest system. Microsoft is followed by microsoft for errors in the processing of vsmb packet data and in the host system could land schadcode.
Microsoft exchange is vulnerable to three critical vulnerabilities. On a lucke (cve-202017132), three independent security researchers are gestable. Many info betrayed microsoft in the warning message. There is only that an attacker must be authenticated. Due to the classification, however, you can ame that exchange server are fully compromised after successful attacks.
Also the luck in sharepoint could let malicious code on systems. But the victim has to play along. So that attacks on dynamics 365 flaps, an attacker must be authenticated.
The coarse part of the remaining light is as "important" classy. Here, for example, attackers could access actually silenced files in windows error reports or gain the backup engine high user rights.
Further information about all security-looking and updates can be found in the security update guide. In addition, microsoft has published a safety note on a dns spoofing weakness in windows server 2008 to 2019.