The November patch set from Microsoft looks serious, as it mainly fixes vulnerabilities leading to remote code execution. At the same time, some of these gaps received the status of critical ones.
In total, in November, the developers eliminated 112 vulnerabilities, 17 critical. 12 at the same time allow you to execute the code remotely.
One of the most dangerous holes this month received the identifier CVE-2020-17087 , it is present in the Windows kernel and allows you to elevate privileges in the system. It is especially alarming due to the presence of an exploit that cybercriminals use in real attacks.
According to the Google Zero Project researchers who discovered the security issue, the bug exists because of the way the system driver cng.sys handles I / O.
Also, system administrators are strongly advised to pay attention to the vulnerabilities CVE-2020-17052 and CVE-2020-17053, affecting the scripting engine and Internet Explorer. They also lead to remote code execution.