Privacy Ninja

Microsoft September 2020 Patch Tuesday Fixes 129 Vulnerabilities

Today is Microsoft’s September 2020 Patch Tuesday, and your Windows administrators will be scrambling as they install updates and try to resolve bugs caused by them. Be nice!

With the September 2020 Patch Tuesday security updates release, Microsoft has released fixes for 129 vulnerabilities in Microsoft products.

Of these vulnerabilities, 23 are classified as Critical, and 105 are classified as Important, and 1 as moderate.

This release is tied with June 2020 as the largest amount of security fixes released on a Microsoft Patch Tuesday, with the second-largest being 123 fixes in July 2020, and the third having 120 fixes in August 2020.

For information about the non-security Windows updates, you can read about today’s Windows 10 Cumulative Updates KB4571756 & KB4574727 Released.

Vulnerabilities of interest

While there were no zero-days this month, there were quite a few vulnerabilities that are interesting and can be exploited remotely.

Below are three of the more interesting security vulnerabilities fixed today:

CVE-2020-16875 – Microsoft Exchange Memory Corruption Vulnerability can allow a remote attacker to perform remote code execution by simply sending an specially crafted email to an Exchange server.
CVE-2020-0922 – Microsoft COM for Windows Remote Code Execution Vulnerability can be exploited by luring a user to a site with malicious JavaScript.
CVE-2020-0908 – Windows Text Service Module Remote Code Execution Vulnerability can be exploit by tricking a user to visiting a site that contains malicious “user-provided content or advertisements.”

Recent security updates from other companies

Other vendors who released security updates in September include:

Adobe released security updates today for Adobe Acrobat, Reader, and Lightstream.
Apple released security updates in iOS 13.7 on September 1st.
Google Chrome 85.0.4183.83 was released on August 25th, with twenty security fixes.
Intel patched 4 vulnerabilities today with their September 2020 Platform Update.
SAP released their September 2020 security updates today.

Also read: 5 Self Assessment Tools To Find The Right Professional Fit

The September 2020 Patch Tuesday Security Updates

Below is the full list of resolved vulnerabilities and released advisories in the September 2020 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.

Tag	CVE ID	CVE Title	Severity
Active Directory	CVE-2020-0761	Active Directory Remote Code Execution Vulnerability	Important
Active Directory	CVE-2020-0856	Active Directory Information Disclosure Vulnerability	Important
Active Directory	CVE-2020-0718	Active Directory Remote Code Execution Vulnerability	Important
Active Directory	CVE-2020-0664	Active Directory Information Disclosure Vulnerability	Important
Active Directory Federation Services	CVE-2020-0837	ADFS Spoofing Vulnerability	Important
ASP.NET	CVE-2020-1045	Microsoft ASP.NET Core Security Feature Bypass Vulnerability	Important
Common Log File System Driver	CVE-2020-1115	Windows Common Log File System Driver Elevation of Privilege Vulnerability	Important
Internet Explorer	CVE-2020-1012	WinINet API Elevation of Privilege Vulnerability	Important
Internet Explorer	CVE-2020-16884	Internet Explorer Browser Helper Object (BHO) Memory Corruption Vulnerability	Important
Internet Explorer	CVE-2020-1506	Windows Start-Up Application Elevation of Privilege Vulnerability	Important
Microsoft Browsers	CVE-2020-0878	Microsoft Browser Memory Corruption Vulnerability	Critical
Microsoft Dynamics	CVE-2020-16857	Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability	Critical
Microsoft Dynamics	CVE-2020-16858	Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability	Important
Microsoft Dynamics	CVE-2020-16860	Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability	Important
Microsoft Dynamics	CVE-2020-16859	Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability	Important
Microsoft Dynamics	CVE-2020-16861	Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability	Important
Microsoft Dynamics	CVE-2020-16872	Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability	Important
Microsoft Dynamics	CVE-2020-16864	Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability	Important
Microsoft Dynamics	CVE-2020-16878	Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability	Important
Microsoft Dynamics	CVE-2020-16862	Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability	Critical
Microsoft Dynamics	CVE-2020-16871	Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability	Important
Microsoft Exchange Server	CVE-2020-16875	Microsoft Exchange Memory Corruption Vulnerability	Critical
Microsoft Graphics Component	CVE-2020-0921	Microsoft Graphics Component Information Disclosure Vulnerability	Important
Microsoft Graphics Component	CVE-2020-0998	Windows Graphics Component Elevation of Privilege Vulnerability	Important
Microsoft Graphics Component	CVE-2020-1091	Windows Graphics Component Information Disclosure Vulnerability	Important
Microsoft Graphics Component	CVE-2020-1152	Windows Win32k Elevation of Privilege Vulnerability	Important
Microsoft Graphics Component	CVE-2020-1097	Windows Graphics Component Information Disclosure Vulnerability	Important
Microsoft Graphics Component	CVE-2020-1083	Microsoft Graphics Component Information Disclosure Vulnerability	Important
Microsoft Graphics Component	CVE-2020-1053	DirectX Elevation of Privilege Vulnerability	Important
Microsoft Graphics Component	CVE-2020-1308	DirectX Elevation of Privilege Vulnerability	Important
Microsoft Graphics Component	CVE-2020-1245	Win32k Elevation of Privilege Vulnerability	Important
Microsoft Graphics Component	CVE-2020-1285	GDI+ Remote Code Execution Vulnerability	Critical
Microsoft Graphics Component	CVE-2020-1256	Windows GDI Information Disclosure Vulnerability	Important
Microsoft Graphics Component	CVE-2020-1250	Win32k Information Disclosure Vulnerability	Important
Microsoft JET Database Engine	CVE-2020-1039	Jet Database Engine Remote Code Execution Vulnerability	Important
Microsoft JET Database Engine	CVE-2020-1074	Jet Database Engine Remote Code Execution Vulnerability	Important
Microsoft NTFS	CVE-2020-0838	NTFS Elevation of Privilege Vulnerability	Important
Microsoft Office	CVE-2020-1594	Microsoft Excel Remote Code Execution Vulnerability	Important
Microsoft Office	CVE-2020-1335	Microsoft Excel Remote Code Execution Vulnerability	Important
Microsoft Office	CVE-2020-16855	Microsoft Office Information Disclosure Vulnerability	Important
Microsoft Office	CVE-2020-1338	Microsoft Word Remote Code Execution Vulnerability	Important
Microsoft Office	CVE-2020-1332	Microsoft Excel Remote Code Execution Vulnerability	Important
Microsoft Office	CVE-2020-1224	Microsoft Excel Information Disclosure Vulnerability	Important
Microsoft Office	CVE-2020-1218	Microsoft Word Remote Code Execution Vulnerability	Important
Microsoft Office	CVE-2020-1193	Microsoft Excel Remote Code Execution Vulnerability	Important
Microsoft Office SharePoint	CVE-2020-1345	Microsoft Office SharePoint XSS Vulnerability	Important
Microsoft Office SharePoint	CVE-2020-1205	Microsoft SharePoint Spoofing Vulnerability	Important
Microsoft Office SharePoint	CVE-2020-1210	Microsoft SharePoint Remote Code Execution Vulnerability	Critical
Microsoft Office SharePoint	CVE-2020-1514	Microsoft Office SharePoint XSS Vulnerability	Important
Microsoft Office SharePoint	CVE-2020-1595	Microsoft SharePoint Remote Code Execution Vulnerability	Critical
Microsoft Office SharePoint	CVE-2020-1523	Microsoft SharePoint Server Tampering Vulnerability	Important
Microsoft Office SharePoint	CVE-2020-1440	Microsoft SharePoint Server Tampering Vulnerability	Important
Microsoft Office SharePoint	CVE-2020-1200	Microsoft SharePoint Remote Code Execution Vulnerability	Critical
Microsoft Office SharePoint	CVE-2020-1482	Microsoft Office SharePoint XSS Vulnerability	Important
Microsoft Office SharePoint	CVE-2020-1198	Microsoft Office SharePoint XSS Vulnerability	Important
Microsoft Office SharePoint	CVE-2020-1227	Microsoft Office SharePoint XSS Vulnerability	Important
Microsoft Office SharePoint	CVE-2020-1576	Microsoft SharePoint Remote Code Execution Vulnerability	Critical
Microsoft Office SharePoint	CVE-2020-1452	Microsoft SharePoint Remote Code Execution Vulnerability	Critical
Microsoft Office SharePoint	CVE-2020-1575	Microsoft Office SharePoint XSS Vulnerability	Important
Microsoft Office SharePoint	CVE-2020-1453	Microsoft SharePoint Remote Code Execution Vulnerability	Critical
Microsoft Office SharePoint	CVE-2020-1460	Microsoft SharePoint Server Remote Code Execution Vulnerability	Critical
Microsoft OneDrive	CVE-2020-16853	OneDrive for Windows Elevation of Privilege Vulnerability	Important
Microsoft OneDrive	CVE-2020-16851	OneDrive for Windows Elevation of Privilege Vulnerability	Important
Microsoft OneDrive	CVE-2020-16852	OneDrive for Windows Elevation of Privilege Vulnerability	Important
Microsoft Scripting Engine	CVE-2020-1057	Scripting Engine Memory Corruption Vulnerability	Critical
Microsoft Scripting Engine	CVE-2020-1180	Scripting Engine Memory Corruption Vulnerability	Important
Microsoft Scripting Engine	CVE-2020-1172	Scripting Engine Memory Corruption Vulnerability	Critical
Microsoft Windows	CVE-2020-1596	TLS Information Disclosure Vulnerability	Important
Microsoft Windows	CVE-2020-1169	Windows Runtime Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2020-1593	Windows Media Audio Decoder Remote Code Execution Vulnerability	Critical
Microsoft Windows	CVE-2020-1159	Windows Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2020-1598	Windows UPnP Service Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2020-0790	Microsoft splwow64 Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2020-0922	Microsoft COM for Windows Remote Code Execution Vulnerability	Critical
Microsoft Windows	CVE-2020-0782	Windows Cryptographic Catalog Services Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2020-0648	Windows RSoP Service Application Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2020-0766	Microsoft Store Runtime Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2020-1590	Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2020-1376	Windows Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2020-1471	Windows CloudExperienceHost Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2020-16879	Projected Filesystem Information Disclosure Vulnerability	Important
Microsoft Windows	CVE-2020-1013	Group Policy Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2020-1532	Windows InstallService Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2020-1491	Windows Function Discovery Service Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2020-1303	Windows Runtime Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2020-1252	Windows Remote Code Execution Vulnerability	Critical
Microsoft Windows	CVE-2020-1559	Windows Storage Services Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2020-1507	Microsoft COM for Windows Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2020-1508	Windows Media Audio Decoder Remote Code Execution Vulnerability	Critical
Microsoft Windows	CVE-2020-0914	Windows State Repository Service Information Disclosure Vulnerability	Important
Microsoft Windows	CVE-2020-0886	Windows Storage Services Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2020-0989	Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability	Important
Microsoft Windows	CVE-2020-0875	Microsoft splwow64 Information Disclosure Vulnerability	Important
Microsoft Windows	CVE-2020-0912	Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2020-1038	Windows Routing Utilities Denial of Service	Important
Microsoft Windows	CVE-2020-0908	Windows Text Service Module Remote Code Execution Vulnerability	Critical
Microsoft Windows	CVE-2020-1052	Windows Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2020-0911	Windows Modules Installer Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2020-0805	Projected Filesystem Security Feature Bypass Vulnerability	Important
Microsoft Windows	CVE-2020-1119	Windows Information Disclosure Vulnerability	Important
Microsoft Windows	CVE-2020-1146	Microsoft Store Runtime Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2020-0951	Windows Defender Application Control Security Feature Bypass Vulnerability	Important
Microsoft Windows	CVE-2020-1122	Windows Language Pack Installer Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2020-1098	Windows Shell Infrastructure Component Elevation of Privilege Vulnerability	Important
Microsoft Windows Codecs Library	CVE-2020-1319	Microsoft Windows Codecs Library Remote Code Execution Vulnerability	Critical
Microsoft Windows Codecs Library	CVE-2020-0997	Windows Camera Codec Pack Remote Code Execution Vulnerability	Critical
Microsoft Windows Codecs Library	CVE-2020-1129	Microsoft Windows Codecs Library Remote Code Execution Vulnerability	Critical
Microsoft Windows DNS	CVE-2020-0839	Windows dnsrslvr.dll Elevation of Privilege Vulnerability	Important
Microsoft Windows DNS	CVE-2020-1228	Windows DNS Denial of Service Vulnerability	Important
Microsoft Windows DNS	CVE-2020-0836	Windows DNS Denial of Service Vulnerability	Important
Open Source Software	CVE-2020-16873	Xamarin.Forms Spoofing Vulnerability	Important
SQL Server	CVE-2020-1044	SQL Server Reporting Services Security Feature Bypass Vulnerability	Moderate
Visual Studio	CVE-2020-16874	Visual Studio Remote Code Execution Vulnerability	Critical
Visual Studio	CVE-2020-16856	Visual Studio Remote Code Execution Vulnerability	Important
Visual Studio	CVE-2020-16881	Visual Studio JSON Remote Code Execution Vulnerability	Important
Windows DHCP Server	CVE-2020-1031	Windows DHCP Server Information Disclosure Vulnerability	Important
Windows Diagnostic Hub	CVE-2020-1130	Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability	Important
Windows Diagnostic Hub	CVE-2020-1133	Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability	Important
Windows Hyper-V	CVE-2020-0904	Windows Hyper-V Denial of Service Vulnerability	Important
Windows Hyper-V	CVE-2020-0890	Windows Hyper-V Denial of Service Vulnerability	Important
Windows Kernel	CVE-2020-0941	Win32k Information Disclosure Vulnerability	Important
Windows Kernel	CVE-2020-0928	Windows Kernel Information Disclosure Vulnerability	Important
Windows Kernel	CVE-2020-16854	Windows Kernel Information Disclosure Vulnerability	Important
Windows Kernel	CVE-2020-1034	Windows Kernel Elevation of Privilege Vulnerability	Important
Windows Kernel	CVE-2020-1033	Windows Kernel Information Disclosure Vulnerability	Important
Windows Kernel	CVE-2020-1589	Windows Kernel Information Disclosure Vulnerability	Important
Windows Kernel	CVE-2020-1592	Windows Kernel Information Disclosure Vulnerability	Important
Windows Print Spooler Components	CVE-2020-1030	Windows Print Spooler Elevation of Privilege Vulnerability	Important
Windows Shell	CVE-2020-0870	Shell infrastructure component Elevation of Privilege Vulnerability	Important

Also read: Website Ownership Laws: Your Rights And What It Protects

0 Comments

Hello!

Click one of our contacts below to chat on WhatsApp

Support Privacy Ninja

× Chat with us

Privacy Ninja

DATA PROTECTION

CYBERSECURITY

Microsoft September 2020 Patch Tuesday Fixes 129 Vulnerabilities