Quote:Today is Microsoft's December 2020 Patch Tuesday, and Windows administrators will be scrambling to put out fires, so be kind to them.
With the December 2020 Patch Tuesday security updates release, Microsoft has released fixes for 58 vulnerabilities and one advisory for Microsoft products. Of the 58 vulnerabilities fixed today, nine are classified as Critical, 48 as Important, and two as Moderate. There are no zero-day or previously disclosed vulnerabilities fixed in the December 2020 updates.
For information about the non-security Windows updates, you can read about today's Windows 10 KB4592449 & KB4592438 cumulative updates.
Included in today's Patch Tuesday updates is an advisory for a DNS cache poisoning vulnerability discovered by security researchers from Tsinghua University and the University of California.
"Microsoft is aware of a vulnerability involving DNS cache poisoning caused by IP fragmentation that affects Windows DNS Resolver. An attacker who successfully exploited this vulnerability could spoof the DNS packet which can be cached by the DNS Forwarder or the DNS Resolver," Microsoft ADV 200013 explains.
To resolve this vulnerability, administrators can modify the Registry to change the maximum UDP packet size to 1,221 bytes. For DNS requests greater than 1,221 bytes, the DNS resolver will switch to TCP connections.
You can read more about these mitigations in our dedicated 'Microsoft issues guidance for DNS cache poisoning vulnerability' article.
Read more: https://www.bleepingcomputer.com/news/se...abilities/
![[-]](https://www.geeks.fyi/images/collapse.png)
