⚡ TL;DR | Go Straight to the October 2020 Patch Tuesday Audit Report.
It's October! This means that it's cybersecurity awareness month. It's also the second Tuesday of the month, which means that Microsoft is coming with a bunch of new software updates for their operating systems. In their latest patch, they included 87 fixes for various vulnerabilities and security problems in Microsoft Windows and other programs. Time to start patching!
They filled the October 2020 patch tuesday with fixes for 21 remote code execution vulnerabilities in products like Outlook, Excel and other Windows programs. Furthermore, there are 11 bugs that are marked 'critical', which makes them vulnerable for malicious software in order to take complete control of your system.
The most critical vulnerabilities
We start with CVE-2020-16898, which is a remote code execution vulnerability within Windows TCP/IP stack. If attackers leverage this by sending a malicious packet of data to that unpatched Windows system, they can take full control of your system. This flaw was named "Bad Neighbor" by McAfee.
Another critical vulnerability is CVE-2020-16947. This is a bug in Microsoft Outlook that can help an attacker gain access to your Windows system by just previewing a malicious email. Dustin Child stated that the preview pane is where the attack happens, you don't even have to open the e-mail to become infected.
There are also two critical RCE vulnerabilities in the Microsoft SharePoint server. CVE-2020-16952 and CVE-2020-16951 are being exploited by a flaw in checking the source markup of the application. This allows the attacker to run arbitrary code in SharePoint.
Below, we made a table with the critical CVE codes for the Patch Tuesday October 2020 most critical CVE codes and their CVE description.
Additional security updates
Adobe released a few security updates for their Flash Player, InDesign, Lightroom, Media Encoder and Framemaker. SAP released their Security Patch for October 2020 with 15 security notes. Intel has also released a few security updates, with the most important one being the BlueZ Advisory.
|Product name||CVE Code||CVE Code Description|
|Windows System||CVE-2020-16898||Windows TCP/IP Remote Code Execution Vulnerability|
|Microsoft Outlook||CVE-2020-16947||Microsoft Outlook Remote Code Execution Vulnerability|
|Microsoft SharePoint||CVE-2020-16952||Microsoft SharePoint Remote Code Execution Vulnerability|
|Microsoft SharePoint||CVE-2020-16951||Microsoft SharePoint Remote Code Execution Vulnerability|
|Windows Hyper-V||CVE-2020-16891||Windows Hyper-V Remote Code Execution Vulnerability|
|Windows Camera Codec Pack||CVE-2020-16967||Windows Camera Codec Pack Remote Code Execution Vulnerability|
|Windows Camera Codec Pack||CVE-2020-16968||Windows Camera Codec Pack Remote Code Execution Vulnerability|
|Windows Media Foundation||CVE-2020-16915||Media Foundation Memory Corruption Vulnerability|
|Base3D||CVE-2020-17003||Base3D Remote Code Execution Vulnerability|
|Microsoft Graphics Components||CVE-2020-16923||Microsoft Graphics Components Remote Code Execution Vulnerability|
|Windows Graphics Device Interface (GDI)|| ||GDI+ Remote Code Execution Vulnerability|
Run the October 2020 Patch Tuesday Audit Report and start scanning
Just like the previous months, our experts created an audit Report that checks if the assets in your network are on the latest October 2020 patch updates. It's color-coded to give you an easy and quick overview of which assets are already on the latest Windows update, and which ones still need to be patched. As always, all admins are advised to install these security updates as soon as possible to protect Windows from security risks.
If you haven't already, start your free trial of Lansweeper to run the Microsoft Patch Tuesday Report. Make sure to subscribe via the form below if you want to receive the latest Microsoft Patch reports and bonus network reports.