Η Microsoft released yesterday on updates security for the month of September, also known as Patch Tuesday September 2020. This month, the company fixed 129 vulnerabilities in 15 of its products (from Windows to ASP.NET).
It is worth noting that in the Patch Tuesday September September 2020, 32 out of 129 vulnerabilities corrected, classified as Remote Execution Code (RCE) issues, which are bugs that allow attackers to exploit vulnerabilities applications remotely, via a network.
Of these 32 vulnerabilities, the 20 were classified as "critical", that is, they are some of the most important errors repaired in its products Microsoft this month. The list of 20 critical RCEs includes errors in:
- Windows (CVE-2020-1252)
- On-premise Microsoft Dynamics 365 systems (CVE-2020-16857, CVE-2020-16862)
- Windows Graphics Device Interface (GDI) (CVE-2020-1285)
- Microsoft SharePoint (CVE-2020-1200, CVE-2020-1210, CVE-2020-1452, CVE-2020-1453CVE-2020-1576, CVE-2020-1595)
- Microsoft SharePoint Server (CVE-2020-1460)
- Windows Media Audio Decoder (CVE-2020-1593, CVE-2020-1508)
- Microsoft COM for Windows (CVE-2020-0922)
- Windows Text Service Module (CVE-2020-0908)
- Microsoft Windows Codecs Library (CVE-2020-1319, CVE-2020-1129)
- Windows Camera Codec Pack (CVE-2020-0997)
- Visual Studio (CVE-2020-16874)
All the vulnerabilities mentioned above are serious issues, and especially those that affect them Windows, SharePoint and Dynamics 365 (as these systems are often installed in large corporate networks).
Microsoft releases it every month updates "Patch Tuesday" and the creators malware monitor these monthly security updates to choose the most useful and dangerous vulnerabilities and change them data updates to find the exact bug fixed by Microsoft. These errors can be used for future reference attacks.
System administrators should consider threatening which poses each of these RCE vulnerabilities and then implement Patch Tuesday as soon as possible to stay safe.
In the table below, you can see all the vulnerabilities that are fixed with the Patch Tuesday September September 2020:
| Tag | CVE ID | CVE Title |
|---|---|---|
| Active Directory | CVE-2020-0761 | Active Directory Remote Code Execution Vulnerability |
| Active Directory | CVE-2020-0856 | Active Directory Information Disclosure Vulnerability |
| Active Directory | CVE-2020-0718 | Active Directory Remote Code Execution Vulnerability |
| Active Directory | CVE-2020-0664 | Active Directory Information Disclosure Vulnerability |
| Active Directory Federation Services | CVE-2020-0837 | ADFS Spoofing Vulnerability |
| ASP.NET | CVE-2020-1045 | Microsoft ASP.NET Core Security Feature Bypass Vulnerability |
| Common Log File System Driver | CVE-2020-1115 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| Internet Explorer | CVE-2020-1012 | WinINet API Elevation of Privilege Vulnerability |
| Internet Explorer | CVE-2020-16884 | Internet Explorer Browser Helper Object (BHO) Memory Corruption Vulnerability |
| Internet Explorer | CVE-2020-1506 | Windows Start-Up Application Elevation of Privilege Vulnerability |
| Microsoft Browsers | CVE-2020-0878 | Microsoft Browser Memory Corruption Vulnerability |
| Microsoft Dynamics | CVE-2020-16857 | Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability |
| Microsoft Dynamics | CVE-2020-16858 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability |
| Microsoft Dynamics | CVE-2020-16860 | Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability |
| Microsoft Dynamics | CVE-2020-16859 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability |
| Microsoft Dynamics | CVE-2020-16861 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability |
| Microsoft Dynamics | CVE-2020-16872 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability |
| Microsoft Dynamics | CVE-2020-16864 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability |
| Microsoft Dynamics | CVE-2020-16878 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability |
| Microsoft Dynamics | CVE-2020-16862 | Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability |
| Microsoft Dynamics | CVE-2020-16871 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability |
| Microsoft Exchange Server | CVE-2020-16875 | Microsoft Exchange Memory Corruption Vulnerability |
| Microsoft Graphics Component | CVE-2020-0921 | Microsoft Graphics Component Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2020-0998 | Windows Graphics Component Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2020-1091 | Windows Graphics Component Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2020-1152 | Windows Win32k Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2020-1097 | Windows Graphics Component Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2020-1083 | Microsoft Graphics Component Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2020-1053 | DirectX Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2020-1308 | DirectX Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2020-1245 | Win32k Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2020-1285 | GDI + Remote Code Execution Vulnerability |
| Microsoft Graphics Component | CVE-2020-1256 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2020-1250 | Win32k Information Disclosure Vulnerability |
| Microsoft JET Database Engine | CVE-2020-1039 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2020-1074 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft NTFS | CVE-2020-0838 | NTFS Elevation of Privilege Vulnerability |
| Microsoft Office | CVE-2020-1594 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-1335 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-16855 | Microsoft Office Information Disclosure Vulnerability |
| Microsoft Office | CVE-2020-1338 | Microsoft Word Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-1332 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-1224 | Microsoft Excel Information Disclosure Vulnerability |
| Microsoft Office | CVE-2020-1218 | Microsoft Word Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-1193 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1345 | Microsoft Office SharePoint XSS Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1205 | Microsoft SharePoint Spoofing Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1210 | Microsoft SharePoint Remote Code Execution Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1514 | Microsoft Office SharePoint XSS Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1595 | Microsoft SharePoint Remote Code Execution Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1523 | Microsoft SharePoint Server Tampering Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1440 | Microsoft SharePoint Server Tampering Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1200 | Microsoft SharePoint Remote Code Execution Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1482 | Microsoft Office SharePoint XSS Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1198 | Microsoft Office SharePoint XSS Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1227 | Microsoft Office SharePoint XSS Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1576 | Microsoft SharePoint Remote Code Execution Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1452 | Microsoft SharePoint Remote Code Execution Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1575 | Microsoft Office SharePoint XSS Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1453 | Microsoft SharePoint Remote Code Execution Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1460 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| Microsoft OneDrive | CVE-2020-16853 | OneDrive for Windows Elevation of Privilege Vulnerability |
| Microsoft OneDrive | CVE-2020-16851 | OneDrive for Windows Elevation of Privilege Vulnerability |
| Microsoft OneDrive | CVE-2020-16852 | OneDrive for Windows Elevation of Privilege Vulnerability |
| Microsoft Scripting Engine | CVE-2020-1057 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2020-1180 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2020-1172 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Windows | CVE-2020-1596 | TLS Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2020-1169 | Windows Runtime Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1593 | Windows Media Audio Decoder Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2020-1159 | Windows Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1598 | Windows UPnP Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0790 | Microsoft splwow64 Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0922 | Microsoft COM for Windows Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2020-0782 | Windows Cryptographic Catalog Services Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0648 | Windows RSoP Service Application Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0766 | Microsoft Store Runtime Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1590 | Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1376 | Windows Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1471 | Windows CloudExperienceHost Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-16879 | Projected Filesystem Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2020-1013 | Group Policy Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1532 | Windows InstallService Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1491 | Windows Function Discovery Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1303 | Windows Runtime Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1252 | Windows Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2020-1559 | Windows Storage Services Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1507 | Microsoft COM for Windows Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1508 | Windows Media Audio Decoder Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2020-0914 | Windows State Repository Service Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2020-0886 | Windows Storage Services Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0989 | Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2020-0875 | Microsoft splwow64 Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2020-0912 | Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1038 | Windows Routing Utilities Denial of Service |
| Microsoft Windows | CVE-2020-0908 | Windows Text Service Module Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2020-1052 | Windows Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0911 | Windows Modules Installer Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0805 | Projected Filesystem Security Feature Bypass Vulnerability |
| Microsoft Windows | CVE-2020-1119 | Windows Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2020-1146 | Microsoft Store Runtime Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0951 | Windows Defender Application Control Security Feature Bypass Vulnerability |
| Microsoft Windows | CVE-2020-1122 | Windows Language Pack Installer Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1098 | Windows Shell Infrastructure Component Elevation of Privilege Vulnerability |
| Microsoft Windows Codecs Library | CVE-2020-1319 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability |
| Microsoft Windows Codecs Library | CVE-2020-0997 | Windows Camera Codec Pack Remote Code Execution Vulnerability |
| Microsoft Windows Codecs Library | CVE-2020-1129 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability |
| Microsoft Windows DNS | CVE-2020-0839 | Windows dnsrslvr.dll Elevation of Privilege Vulnerability |
| Microsoft Windows DNS | CVE-2020-1228 | Windows DNS Denial of Service Vulnerability |
| Microsoft Windows DNS | CVE-2020-0836 | Windows DNS Denial of Service Vulnerability |
| Open Source Software | CVE-2020-16873 | Xamarin.Forms Spoofing Vulnerability |
| SQL Server | CVE-2020-1044 | SQL Server Reporting Services Security Feature Bypass Vulnerability |
| Visual Studio | CVE-2020-16874 | Visual Studio Remote Code Execution Vulnerability |
| Visual Studio | CVE-2020-16856 | Visual Studio Remote Code Execution Vulnerability |
| Visual Studio | CVE-2020-16881 | Visual Studio JSON Remote Code Execution Vulnerability |
| Windows DHCP Server | CVE-2020-1031 | Windows DHCP Server Information Disclosure Vulnerability |
| Windows Diagnostic Hub | CVE-2020-1130 | Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability |
| Windows Diagnostic Hub | CVE-2020-1133 | Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability |
| Windows Hyper-V | CVE-2020-0904 | Windows Hyper-V Denial of Service Vulnerability |
| Windows Hyper-V | CVE-2020-0890 | Windows Hyper-V Denial of Service Vulnerability |
| Windows kernel | CVE-2020-0941 | Win32k Information Disclosure Vulnerability |
| Windows kernel | CVE-2020-0928 | Windows Kernel Information Disclosure Vulnerability |
| Windows kernel | CVE-2020-16854 | Windows Kernel Information Disclosure Vulnerability |
| Windows kernel | CVE-2020-1034 | Windows Kernel Elevation of Privilege Vulnerability |
| Windows kernel | CVE-2020-1033 | Windows Kernel Information Disclosure Vulnerability |
| Windows kernel | CVE-2020-1589 | Windows Kernel Information Disclosure Vulnerability |
| Windows kernel | CVE-2020-1592 | Windows Kernel Information Disclosure Vulnerability |
| Windows Print Spooler Components | CVE-2020-1030 | Windows Print Spooler Elevation of Privilege Vulnerability |
| Windows Shell | CVE-2020-0870 | Shell infrastructure component Elevation of Privilege Vulnerability |
Greek
Chinese (Simplified)
English
Greek
Russian