It's that time of the month again when Microsoft's Patch Tuesday cumulative updates roll out to the masses. For December 2020 Patch Tuesday, Microsoft has sent out one of the smallest rollups in recent memory.
There are just 58 security fixes across 10 Microsoft services for December 2020 Patch Tuesday. For perspective, the company usually has around 100 or more fixes to send out each month.
The simple explanation why there is less is just because there are less bugs to squash this month. However, that does not mean the security holes Microsoft is plugging are any less dangerous.
In fact, Microsoft says 22 patches issued this month are dangerous remote code execution (RCE) flaws. If you are unfamiliar with RCE's, they are security bugs that need immediate attention because it is easier for threat actors to exploit them. Importantly, exploits happen wirelessly online without user interaction.
For December's patches, Microsoft says there are RCEs getting fixes across Exchange Server, Windows NTFS, Microsoft Dynamic, PowerPoint, Excel, SharePoint, Hyper-V, and Visual Studio.
Microsoft points to the Exchange Server bugs as the most problematic. The company says these vulnerabilities are likely already getting exploits. The flaws are listed as CVE-2020-17143, CVE-2020-17144, CVE-2020-17141, CVE-2020-17117, CVE-2020-17132, and CVE-2020-17142.
Because of the danger surrounding RCEs, Microsoft advises users to install patches for these vulnerabilities first. Although, it you want to see the list of all 58 security fixes this month, check out Microsoft's Security Update Guide portal.
Patch Tuesday Problems
One of the issues with Microsoft's Patch Tuesday's is they leave users in a conundrum. On the one hand they fix major security flaws, but on the other they often create their own problems on Window 10.
The cumulative updates have a nasty habit of fixing one issue but causing others. Recently, Microsoft sent out a fix for Windows Search that has left users unable to boot their PCs.
In April, that month's release also triggered BSODs in Windows 10. In March, the cumulative update left Microsoft Defender not showing some files. Also this year, a batch was reportedly causing BSOD errors for some Windows 10 users.