Microsoft October 2020 Patch Tuesday Fixes 87 Security Bugs
Today is Microsoft’s October 2020 Patch Tuesday, and your Windows administrators will be pulling their hair out as they install new updates and try to fix bugs that pop up.
With the October 2020 Patch Tuesday security updates release, Microsoft has released fixes for 87 vulnerabilities in Microsoft products and an advisory about today’s Adobe Flash Player update.
Of the 87 vulnerabilities fixed today, 12 are classified as Critical, and 74 are classified as Important, and one as moderate.
For information about the non-security Windows updates, you can read about today’s Windows 10 KB4579311 & KB4577671 Cumulative Updates.
Also Read: Website Ownership Laws: Your Rights And What These Protect
Publicly disclosed vulnerabilities:
This month’s Patch Tuesday security updates include a whopping six publicly disclosed vulnerabilities. The good news is that Microsoft states that none of them have been seen publicly exploited.
One of the vulnerabilities, CVE-2020-16938, was found by security researcher Jonas L, who recently began disclosing vulnerabilities on Twitter after being frustrated by Microsoft’s bounty program.
- CVE-2020-16938 – Windows Kernel Information Disclosure Vulnerability
- CVE-2020-16885 – Windows Storage VSP Driver Elevation of Privilege Vulnerability
- CVE-2020-16901 – Windows Kernel Information Disclosure Vulnerability
- CVE-2020-16908 – Windows Setup Elevation of Privilege Vulnerability
- CVE-2020-16909 – Windows Error Reporting Elevation of Privilege Vulnerability
- CVE-2020-16937 – .NET Framework Information Disclosure Vulnerability
Microsoft has not disclosed who found the other five vulnerabilities.
Vulnerabilities of interest
While there were no zero-days this month, there were quite a few interesting vulnerabilities that can be exploited remotely.
Below are the more interesting Critical security vulnerabilities fixed today:
- “CVE-2020-16911 – GDI+ Remote Code Execution Vulnerability” lets attackers create specialty crafted websites that can execute commands with elevated privileges on the visitor’s computer.
- “CVE-2020-16947 – Microsoft Outlook Remote Code Execution Vulnerability” allows attackers to send specially crafted emails that can execute commands when opened in the Microsoft Outlook software. This attack also works when an email is viewed in the preview pane.
- “CVE-2020-16898 – Windows TCP/IP Remote Code Execution Vulnerability” can be exploited by sending specially crafted ICMPv6 Router Advertisement packets to a remote Windows computer. If successful, it could allow a remote attacker to execute commands on the targeted computer.
- “CVE-2020-16891 – Windows Hyper-V Remote Code Execution Vulnerability” would allow an attacker, or malware, on a guest Hyper-V virtual machine to execute commands on the host operating system.
- “CVE-2020-16915 – Media Foundation Memory Corruption Vulnerability” can be exploited for remote code execution by tricking a user into visiting a malicious website.
Recent security updates from other companies
Other vendors who released security updates in October include:
- Adobe released security updates today for Adobe Flash Player.
- Apple released security updates for macOS, tvOS, and watchOS.
- Intel released its October 2020 platform update.
- SAP released its October 2020 security updates today.
The October 2020 Patch Tuesday Security Updates
Also Read: Computer Misuses Act Singapore: The Truth And Its Offenses
Below is the full list of resolved vulnerabilities and released advisories in the October 2020 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.
Tag | CVE ID | CVE Title | Severity |
---|---|---|---|
.NET Framework | CVE-2020-16937 | .NET Framework Information Disclosure Vulnerability | Important |
Adobe Flash Player | ADV200012 | October 2020 Adobe Flash Security Update | Critical |
Azure | CVE-2020-16995 | Network Watcher Agent Virtual Machine Extension for Linux Elevation of Privilege Vulnerability | Important |
Azure | CVE-2020-16904 | Azure Functions Elevation of Privilege Vulnerability | Important |
Group Policy | CVE-2020-16939 | Group Policy Elevation of Privilege Vulnerability | Important |
Microsoft Dynamics | CVE-2020-16978 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability | Important |
Microsoft Dynamics | CVE-2020-16956 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability | Important |
Microsoft Dynamics | CVE-2020-16943 | Dynamics 365 Commerce Elevation of Privilege Vulnerability | Important |
Microsoft Exchange Server | CVE-2020-16969 | Microsoft Exchange Information Disclosure Vulnerability | Important |
Microsoft Graphics Component | CVE-2020-16911 | GDI+ Remote Code Execution Vulnerability | Critical |
Microsoft Graphics Component | CVE-2020-16914 | Windows GDI+ Information Disclosure Vulnerability | Important |
Microsoft Graphics Component | CVE-2020-16923 | Microsoft Graphics Components Remote Code Execution Vulnerability | Critical |
Microsoft Graphics Component | CVE-2020-1167 | Microsoft Graphics Components Remote Code Execution Vulnerability | Important |
Microsoft NTFS | CVE-2020-16938 | Windows Kernel Information Disclosure Vulnerability | Important |
Microsoft Office | CVE-2020-16933 | Microsoft Word Security Feature Bypass Vulnerability | Important |
Microsoft Office | CVE-2020-16929 | Microsoft Excel Remote Code Execution Vulnerability | Important |
Microsoft Office | CVE-2020-16934 | Microsoft Office Click-to-Run Elevation of Privilege Vulnerability | Important |
Microsoft Office | CVE-2020-16932 | Microsoft Excel Remote Code Execution Vulnerability | Important |
Microsoft Office | CVE-2020-16930 | Microsoft Excel Remote Code Execution Vulnerability | Important |
Microsoft Office | CVE-2020-16955 | Microsoft Office Click-to-Run Elevation of Privilege Vulnerability | Important |
Microsoft Office | CVE-2020-16928 | Microsoft Office Click-to-Run Elevation of Privilege Vulnerability | Important |
Microsoft Office | CVE-2020-16957 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | Important |
Microsoft Office | CVE-2020-16918 | Base3D Remote Code Execution Vulnerability | Important |
Microsoft Office | CVE-2020-16949 | Microsoft Outlook Denial of Service Vulnerability | Moderate |
Microsoft Office | CVE-2020-16947 | Microsoft Outlook Remote Code Execution Vulnerability | Critical |
Microsoft Office | CVE-2020-16931 | Microsoft Excel Remote Code Execution Vulnerability | Important |
Microsoft Office | CVE-2020-16954 | Microsoft Office Remote Code Execution Vulnerability | Important |
Microsoft Office | CVE-2020-17003 | Base3D Remote Code Execution Vulnerability | Critical |
Microsoft Office SharePoint | CVE-2020-16948 | Microsoft SharePoint Information Disclosure Vulnerability | Important |
Microsoft Office SharePoint | CVE-2020-16953 | Microsoft SharePoint Information Disclosure Vulnerability | Important |
Microsoft Office SharePoint | CVE-2020-16942 | Microsoft SharePoint Information Disclosure Vulnerability | Important |
Microsoft Office SharePoint | CVE-2020-16951 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical |
Microsoft Office SharePoint | CVE-2020-16944 | Microsoft SharePoint Reflective XSS Vulnerability | Important |
Microsoft Office SharePoint | CVE-2020-16945 | Microsoft Office SharePoint XSS Vulnerability | Important |
Microsoft Office SharePoint | CVE-2020-16946 | Microsoft Office SharePoint XSS Vulnerability | Important |
Microsoft Office SharePoint | CVE-2020-16941 | Microsoft SharePoint Information Disclosure Vulnerability | Important |
Microsoft Office SharePoint | CVE-2020-16950 | Microsoft SharePoint Information Disclosure Vulnerability | Important |
Microsoft Office SharePoint | CVE-2020-16952 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical |
Microsoft Windows | CVE-2020-16900 | Windows Event System Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-16901 | Windows Kernel Information Disclosure Vulnerability | Important |
Microsoft Windows | CVE-2020-16899 | Windows TCP/IP Denial of Service Vulnerability | Important |
Microsoft Windows | CVE-2020-16908 | Windows Setup Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-16909 | Windows Error Reporting Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-16912 | Windows Backup Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-16940 | Windows – User Profile Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-16907 | Win32k Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-16936 | Windows Backup Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-16898 | Windows TCP/IP Remote Code Execution Vulnerability | Critical |
Microsoft Windows | CVE-2020-16897 | NetBT Information Disclosure Vulnerability | Important |
Microsoft Windows | CVE-2020-16895 | Windows Error Reporting Manager Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-16919 | Windows Enterprise App Management Service Information Disclosure Vulnerability | Important |
Microsoft Windows | CVE-2020-16921 | Windows Text Services Framework Information Disclosure Vulnerability | Important |
Microsoft Windows | CVE-2020-16920 | Windows Application Compatibility Client Library Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-16972 | Windows Backup Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-16877 | Windows Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-16876 | Windows Application Compatibility Client Library Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-16975 | Windows Backup Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-16973 | Windows Backup Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-16974 | Windows Backup Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-16922 | Windows Spoofing Vulnerability | Important |
Microsoft Windows | CVE-2020-0764 | Windows Storage Services Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-16980 | Windows iSCSI Target Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-1080 | Windows Hyper-V Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-16887 | Windows Network Connections Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-16885 | Windows Storage VSP Driver Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-16924 | Jet Database Engine Remote Code Execution Vulnerability | Important |
Microsoft Windows | CVE-2020-16976 | Windows Backup Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-16935 | Windows COM Server Elevation of Privilege Vulnerability | Important |
Microsoft Windows Codecs Library | CVE-2020-16967 | Windows Camera Codec Pack Remote Code Execution Vulnerability | Critical |
Microsoft Windows Codecs Library | CVE-2020-16968 | Windows Camera Codec Pack Remote Code Execution Vulnerability | Critical |
PowerShellGet | CVE-2020-16886 | PowerShellGet Module WDAC Security Feature Bypass Vulnerability | Important |
Visual Studio | CVE-2020-16977 | Visual Studio Code Python Extension Remote Code Execution Vulnerability | Important |
Windows COM | CVE-2020-16916 | Windows COM Server Elevation of Privilege Vulnerability | Important |
Windows Error Reporting | CVE-2020-16905 | Windows Error Reporting Elevation of Privilege Vulnerability | Important |
Windows Hyper-V | CVE-2020-16894 | Windows NAT Remote Code Execution Vulnerability | Important |
Windows Hyper-V | CVE-2020-1243 | Windows Hyper-V Denial of Service Vulnerability | Important |
Windows Hyper-V | CVE-2020-16891 | Windows Hyper-V Remote Code Execution Vulnerability | Critical |
Windows Installer | CVE-2020-16902 | Windows Installer Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2020-16889 | Windows KernelStream Information Disclosure Vulnerability | Important |
Windows Kernel | CVE-2020-16892 | Windows Image Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2020-16913 | Win32k Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2020-1047 | Windows Hyper-V Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2020-16910 | Windows Security Feature Bypass Vulnerability | Important |
Windows Media Player | CVE-2020-16915 | Media Foundation Memory Corruption Vulnerability | Critical |
Windows RDP | CVE-2020-16863 | Windows Remote Desktop Service Denial of Service Vulnerability | Important |
Windows RDP | CVE-2020-16927 | Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability | Important |
Windows RDP | CVE-2020-16896 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | Important |
Windows Secure Kernel Mode | CVE-2020-16890 | Windows Kernel Elevation of Privilege Vulnerability | Important |
0 Comments