One of the main issues addressed by the November security patch is the zero-day vulnerability CVE-2020-17087, which is associated with the operation of one of the functions of the Windows Kernel Cryptography Driver (CNG.sys) and belongs to the category of buffer overflow bugs. The issue is reported to affect all supported versions of the Windows 10 software platform. The vulnerability is also present in Windows 7 and supported versions of Windows Server.

A zero-day vulnerability in Windows was exposed a few days ago by Google Project Zero. It is exploited along with the Chrome browser vulnerability. Experts reported that the vulnerability in Chrome allows remote code execution in the browser, while a Windows bug makes it possible to go beyond the Chrome sandbox and makes it possible to execute code at the system level. The vulnerability in Chrome has already been fixed with a browser update, and the patch released today will fix the bug in Windows. It is worth noting that the mentioned vulnerability was actively used by hackers in practice, so you shouldn’t delay installing the update.

In addition, the November security patch fixes 111 more vulnerabilities in various Microsoft products, including 24 vulnerabilities related to remote code execution. Dangerous vulnerabilities affect various software products, including Excel, SharePoint, Exchange Server, etc.