Microsoft Patch Tuesday – October 2020

Microsoft-Patch-Tuesday-september-2020

⚡ TL;DR | Go Straight to the October 2020 Patch Tuesday Audit Report.

It's October! This means that it's cybersecurity awareness month. It's also the second Tuesday of the month, which means that Microsoft is coming with a bunch of new software updates for their operating systems. In their latest patch, they included 87 fixes for various vulnerabilities and security problems in Microsoft Windows and other programs. Time to start patching!

They filled the October 2020 patch tuesday with fixes for 21 remote code execution vulnerabilities in products like Outlook, Excel and other Windows programs. Furthermore, there are 11 bugs that are marked 'critical', which makes them vulnerable for malicious software in order to take complete control of your system.

The most critical vulnerabilities

We start with CVE-2020-16898, which is a remote code execution vulnerability within Windows TCP/IP stack. If attackers leverage this by sending a malicious packet of data to that unpatched Windows system, they can take full control of your system. This flaw was named "Bad Neighbor" by McAfee.

Another critical vulnerability is CVE-2020-16947. This is a bug in Microsoft Outlook that can help an attacker gain access to your Windows system by just previewing a malicious email. Dustin Child stated that the preview pane is where the attack happens, you don't even have to open the e-mail to become infected.

There are also two critical RCE vulnerabilities in the Microsoft SharePoint server. CVE-2020-16952 and CVE-2020-16951 are being exploited by a flaw in checking the source markup of the application. This allows the attacker to run arbitrary code in SharePoint.

Below, we made a table with the critical CVE codes for the Patch Tuesday October 2020 most critical CVE codes and their CVE description.

Additional security updates

Adobe released a few security updates for their Flash Player, InDesign, Lightroom, Media Encoder and Framemaker. SAP released their Security Patch for October 2020 with 15 security notes. Intel has also released a few security updates, with the most important one being the BlueZ Advisory.

VMWare fixed some security vulnerabilities in their products. With Chrome being a heavy-used browser, we remind you to install their latest Chrome 86 update.

Product nameCVE CodeCVE Code Description
Windows System CVE-2020-16898 Windows TCP/IP Remote Code Execution Vulnerability
Microsoft Outlook CVE-2020-16947 Microsoft Outlook Remote Code Execution Vulnerability
Microsoft SharePoint CVE-2020-16952 Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft SharePoint CVE-2020-16951 Microsoft SharePoint Remote Code Execution Vulnerability
Windows Hyper-V CVE-2020-16891 Windows Hyper-V Remote Code Execution Vulnerability
Windows Camera Codec Pack CVE-2020-16967Windows Camera Codec Pack Remote Code Execution Vulnerability
Windows Camera Codec Pack CVE-2020-16968Windows Camera Codec Pack Remote Code Execution Vulnerability
Windows Media Foundation CVE-2020-16915Media Foundation Memory Corruption Vulnerability
Base3D CVE-2020-17003Base3D Remote Code Execution Vulnerability
Microsoft Graphics Components CVE-2020-16923Microsoft Graphics Components Remote Code Execution Vulnerability
Windows Graphics Device Interface (GDI) CVE-2020-16911GDI+ Remote Code Execution Vulnerability

Run the October 2020 Patch Tuesday Audit Report and start scanning

Just like the previous months, our experts created an audit Report that checks if the assets in your network are on the latest October 2020 patch updates. It's color-coded to give you an easy and quick overview of which assets are already on the latest Windows update, and which ones still need to be patched. As always, all admins are advised to install these security updates as soon as possible to protect Windows from security risks.

Patch Tuesday October 2020
Patch Tuesday Report October 2020

If you haven't already, start your free trial of Lansweeper to run the Microsoft Patch Tuesday Report. Make sure to subscribe via the form below if you want to receive the latest Microsoft Patch reports and bonus network reports.

Receive the Latest Patch Tuesday Report for FREE Every Month

  • This field is for validation purposes and should be left unchanged.

Like this article? Share it!

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

You may also like...

Try Lansweeper for Free

Learn why Lansweeper is used by thousands of enterprises worldwide.​