Wednesday, October 21, 13:51
Home security Microsoft Patch Tuesday October fixes 87 vulnerabilities

Microsoft Patch Tuesday October fixes 87 vulnerabilities

Microsoft Patch Tuesday
Microsoft Patch Tuesday October fixes 87 vulnerabilities

Η Microsoft released them security updates for October, the known Patch TuesdayWhich corrects 87 vulnerabilities in various products her.

According to company, the most dangerous error corrected with this patch is CVE-2020-16898. it is about a vulnerability that allows Remote Code Execution (RCE) on Windows TCP / IP stack. CVE-2020-16898 may allow attackers to take control of Windows systems by maliciously sending ICMPv6 Router Advertisement packets to an uninformed computer, via network connection.

The dangerous vulnerability was discovered by Microsoft engineers themselves. The vulnerable versions were Windows 10 and Windows Server 2019.

In terms of severity, the vulnerability has been rated 9,8/10. For this reason, the company has described it as critical and dangerous, if used by a cyber criminal.

Patch Tuesday installation is required to fix the vulnerability.

Another important error is CVE-2020-16947, a vulnerability that also allows remote code execution in Outlook. The company says that this error can be exploited by deceiving a user “to open a specially made one file with a vulnerable version of Microsoft Outlook software ”.

The vulnerabilities that are fixed in the Patch Tuesday October are listed in the following table (from ZDNet):

TagCVE IDCVE Title
Adobe Flash PlayerADV200012October 2020 Adobe Flash Security Update
.NET FrameworkCVE-2020-16937.NET Framework Information Disclosure Vulnerability
AzureCVE-2020-16995Network Watcher Agent Virtual Machine Extension for Linux Elevation of Privilege Vulnerability
AzureCVE-2020-16904Azure Functions Elevation of Privilege Vulnerability
Group PolicyCVE-2020-16939Group Policy Elevation of Privilege Vulnerability
Microsoft DynamicsCVE-2020-16978Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
Microsoft DynamicsCVE-2020-16956Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
Microsoft DynamicsCVE-2020-16943Dynamics 365 Commerce Elevation of Privilege Vulnerability
Microsoft Exchange ServerCVE-2020-16969Microsoft Exchange Information Disclosure Vulnerability
Microsoft Graphics ComponentCVE-2020-16911GDI + Remote Code Execution Vulnerability
Micrsoft Graphics ComponentCVE-2020-16914Windows GDI + Information Disclosure Vulnerability
Micrsoft Graphics ComponentCVE-2020-16923Microsoft Graphics Components Remote Code Execution Vulnerability
Microsoft Graphics ComponentCVE-2020-1167Microsoft Graphics Components Remote Code Execution Vulnerability
Microsoft NTFSCVE-2020-16938Windows Kernel Information Disclosure Vulnerability
Microsoft OfficeCVE-2020-16933Microsoft Word Security Feature Bypass Vulnerability
Micrsoft OfficeCVE-2020-16929Microsoft Excel Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-16934Microsoft Office Click-to-Run Elevation of Privilege Vulnerability
Micrsoft OfficeCVE-2020-16932Microsoft Excel Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-16930Microsoft Excel Remote Code Execution Vulnerability
Micrsoft OfficeCVE-2020-16955Microsoft Office Click-to-Run Elevation of Privilege Vulnerability
Micrsoft OfficeCVE-2020-16928Microsoft Office Click-to-Run Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2020-16957Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Micrsoft OfficeCVE-2020-16918Base3D Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-16949Microsoft Outlook Denial of Service Vulnerability
Micrsoft OfficeCVE-2020-16947Microsoft Outlook Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-16931Microsoft Excel Remote Code Execution Vulnerability
Micrsoft OfficeCVE-2020-16954Microsoft Office Remote Code Execution Vulnerability
Micrsoft OfficeCVE-2020-17003Base3D Remote Code Execution Vulnerability
Microsoft Office SharePointCVE-2020-16948Microsoft SharePoint Information Disclosure Vulnerability
Microsoft Office SharePointCVE-2020-16953Microsoft SharePoint Information Disclosure Vulnerability
Microsoft Office SharePointCVE-2020-16942Microsoft SharePoint Information Disclosure Vulnerability
Microsoft Office SharePointCVE-2020-16951Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePointCVE-2020-16944Microsoft SharePoint Reflective XSS Vulnerability
Microsoft Office SharePointCVE-2020-16945Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePointCVE-2020-16946Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePointCVE-2020-16941Microsoft SharePoint Information Disclosure Vulnerability
Microsoft Office SharePointCVE-2020-16950Microsoft SharePoint Information Disclosure Vulnerability
Microsoft Office SharePointCVE-2020-16952Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft WindowsCVE-2020-16900Windows Event System Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-16901Windows Kernel Information Disclosure Vulnerability
Microsoft WindowsCVE-2020-16899Windows TCP / IP Denial of Service Vulnerability
Microsoft WindowsCVE-2020-16908Windows Setup Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-16909Windows Error Reporting Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-16912Windows Backup Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-16940Windows - User Profile Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-16907Win32k Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-16936Windows Backup Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-16898Windows TCP / IP Remote Code Execution Vulnerability
Microsoft WindowsCVE-2020-16897NetBT Information Disclosure Vulnerability
Microsoft WindowsCVE-2020-16895Windows Error Reporting Manager Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-16919Windows Enterprise App Management Service Information Disclosure Vulnerability
Microsoft WindowsCVE-2020-16921Windows Text Services Framework Information Disclosure Vulnerability
Microsoft WindowsCVE-2020-16920Windows Application Compatibility Client Library Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-16972Windows Backup Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-16877Windows Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-16876Windows Application Compatibility Client Library Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-16975Windows Backup Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-16973Windows Backup Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-16974Windows Backup Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-16922Windows Spoofing Vulnerability
Microsoft WindowsCVE-2020-0764Windows Storage Services Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-16980Windows iSCSI Target Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1080Windows Hyper-V Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-16887Windows Network Connections Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-16885Windows Storage VSP Driver Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-16924Jet Database Engine Remote Code Execution Vulnerability
Microsoft WindowsCVE-2020-16976Windows Backup Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-16935Windows COM Server Elevation of Privilege Vulnerability
Microsoft Windows Codecs LibraryCVE-2020-16967Windows Camera Codec Pack Remote Code Execution Vulnerability
Microsoft Windows Codecs LibraryCVE-2020-16968Windows Camera Codec Pack Remote Code Execution Vulnerability
PowerShellGetCVE-2020-16886PowerShellGet Module WDAC Security Feature Bypass Vulnerability
Visual StudioCVE-2020-16977Visual Studio Code Python Extension Remote Code Execution Vulnerability
Windows COMCVE-2020-16916Windows COM Server Elevation of Privilege Vulnerability
Windows Error ReportingCVE-2020-16905Windows Error Reporting Elevation of Privilege Vulnerability
Windows Hyper-VCVE-2020-16894Windows NAT Remote Code Execution Vulnerability
Windows Hyper-VCVE-2020-1243Windows Hyper-V Denial of Service Vulnerability
Windows Hyper-VCVE-2020-16891Windows Hyper-V Remote Code Execution Vulnerability
Windows InstallerCVE-2020-16902Windows Installer Elevation of Privilege Vulnerability
Windows kernelCVE-2020-16889Windows KernelStream Information Disclosure Vulnerability
Windows kernelCVE-2020-16892Windows Image Elevation of Privilege Vulnerability
Windows kernelCVE-2020-16913Win32k Elevation of Privilege Vulnerability
Windows kernelCVE-2020-1047Windows Hyper-V Elevation of Privilege Vulnerability
Windows kernelCVE-2020-16910Windows Security Feature Bypass Vulnerability
Windows Media PlayerCVE-2020-16915Media Foundation Memory Corruption Vulnerability
Windows RDPCVE-2020-16863Windows Remote Desktop Service Denial of Service Vulnerability
Windows RDPCVE-2020-16927Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
Windows RDPCVE-2020-16896Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
Windows Secure Kernel ModeCVE-2020-16890Windows Kernel Elevation of Privilege Vulnerability

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!

LIVE NEWS

PCI Pal: 7 out of 10 will not shop from infringing companies

As a new research by PCI Pal showed, consumers seem to be more worried about the shopping they will do in ...

The new Microsoft Edge is now mandatory on Windows 10 20H2

Today's version of Windows 10 20H2 is the first version that automatically replaces Microsoft Edge Legacy with the new Microsoft ...

Windows 10 1909 KB4580386 fixes various issues

Microsoft has released the monthly cumulative update KB4580386 of Windows 10 1909 with quality improvements and corrections to the Microsoft Xbox Game Pass, ...

The Nefilim ransomware gang leaked Luxottica files

The hackers behind Nefilim ransomware have published files on the internet, which seem to belong to the well-known company that manufactures and sells ...

Cisco: Vulnerability CVE-2020-3118 is used in some attacks

Cisco today warned of some attacks that actively target the high-severity vulnerability CVE-2020-3118, which has been found to affect many routers ...

Google: Chrome patch released for zero-day vulnerability fix

Google yesterday released the new version of Chrome 86.0.4240.111, with security updates, to fix a zero-day vulnerability that, according to ...

Microsoft: Said to Shut Down 94% of TrickBot C&C Servers!

Last week, Microsoft-led cybersecurity companies joined forces to crack down on TrickBot, one of ...

Vulnerabilities in MobileIron MDM servers used by hackers

Government hacking teams and other criminals exploit vulnerabilities in MobileIron MDM servers and gain access to corporate networks.

Albion Online: The forum of the popular online game has been violated!

A popular online role-playing game has revealed that its user forum has been breached, exposing email addresses and encrypted passwords ...

Iranian CEO guilty of conspiracy and breach of US sanctions!

The United States has sentenced the CEO of a financial services company to 23 months in prison for allegedly helping Iranian nationals carry out financial ...