Microsoft Patch Tuesday – September 2020

Microsoft-Patch-Tuesday-september-2020

⚡ TL;DR | Go Straight to the September 2020 Patch Tuesday Audit Report.

Microsoft released their September 2020 Patch Tuesday updates to fix almost 130 CVE-numbered security vulnerabilities, 23 of which could be exploited to seize control of your Windows computer. The September 2020 security updates also include fixes for 2 critical vulnerabilities outside Windows products.

Critical Vulnerabilities in Google Chrome browser

The Patch Tuesday isn't just about Windows updates, Google released Chrome 85, a critical update for the Google Chrome browser that fixes 20 security vulnerabilities, 5 of which have a high severity. There are different types of vulnerabilities: insufficient policy enforcement problems, incorrect security UI, side-channel information leakage, or inappropriate implementation.

It's also the third time that Adobe didn't release security updates for it's Flash Player. Apparently, Adobe will retire the plugin by December.

Dangerous bugs for companies

CVE-2020-16875 is a critical flaw in the e-mail software Microsoft Exchange Server 2016 and 2019: the attacker could use the flaw to run code just by sending a suspicious e-mail.

There is also CVE-2020-1210, this is a remote code execution flaw in Microsoft Sharepoint. Hackers can attack this by uploading a file to a vulnerable Sharepoint website.

Adobe fixes 18 security flaws for vulnerabilities within InDesign and Framemaker. These are high severity bugs that could allow arbitrary JavaScript execution or execution with unnecessary privilege.

Intel patches 4 security vulnerabilities within it's Intel Driver & Support Assistant. This may allow escalation of privilege so it's important to run the software updates.

Critical CVE Codes

We compiled a list of the most critical vulnerabilities in the September 2020 Microsoft updates.

Product nameCVE CodeVulnerability CVE Code Description
Windows CVE-2020-1252Remote Code Execution Vulnerability
Microsoft Dynamics 365 CVE-2020-16857Remote Code Execution Vulnerability
Microsoft Dynamics 365 CVE-2020-16862Remote Code Execution Vulnerability
Windows Graphic Device Interface GDI+ CVE-2020-1285Remote Code Execution Vulnerability
Microsoft Sharepoint CVE-2020-1200Remote Code Execution Vulnerability
Microsoft Sharepoint CVE-2020-1210Remote Code Execution Vulnerability
Microsoft Sharepoint CVE-2020-1452 Remote Code Execution Vulnerability
Microsoft Sharepoint CVE-2020-1453 Remote Code Execution Vulnerability
Microsoft Sharepoint CVE-2020-1576Remote Code Execution Vulnerability
Microsoft Sharepoint CVE-2020-1576Remote Code Execution Vulnerability
Microsoft Sharepoint CVE-2020-1460Remote Code Execution Vulnerability
Microsoft Sharepoint Server CVE-2020-1595Remote Code Execution Vulnerability
Windows Media Audio Decoder CVE-2020-1593Remote Code Execution Vulnerability
Windows Media Audio Decoder CVE-2020-1508Remote Code Execution Vulnerability
Microsoft COM for Windows CVE-2020-0922Remote Code Execution Vulnerability
Windows Text Service Module CVE-2020-0908Remote Code Execution Vulnerability
Microsoft Windows Codecs Library CVE-2020-1319Remote Code Execution Vulnerability
Microsoft Windows Codecs Library CVE-2020-1129Remote Code Execution Vulnerability
Windows Camera Codec Pack CVE-2020-0997Remote Code Execution Vulnerability
Visual Studio CVE-2020-16874Remote Code Execution Vulnerability

Run the September 2020 Patch Tuesday Audit Report

Similar to previous months, we've created an Audit Report that checks if the assets in your network are on the latest Microsoft patch update. It's color-coded to give you an easy and quick overview of which assets are already on the latest Windows update, and which ones still need to be patched. As always, all admins are advised to install these security updates as soon as possible to protect Windows from security risks.

Patch Tuesday September 2020
Sample Report

If you haven't already, start your free trial of Lansweeper to run the Microsoft Patch Tuesday Report. Make sure to subscribe via the form below if you want to receive the latest Microsoft Patch reports and bonus network reports.

Receive the Latest Patch Tuesday Report for FREE Every Month

Share

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

Try Lansweeper for Free

Learn why Lansweeper is used by thousands of enterprises worldwide.​
FREE WHITE PAPER
Why centralized IT Asset Discovery is more crucial than ever.