LEFT SIDEBAR AD

Hidden in mobile, Best for skyscrapers.

Microsoft October 2020 Patch Tuesday fixes 87 vulnerabilities

4 years ago 152
BOOK THIS SPACE FOR AD
ARTICLE AD

Microsoft has released today its monthly batch of security updates known as Patch Tuesday, and this month the OS maker has patched 87 vulnerabilities across a wide range of Microsoft products.

By far, the most dangerous bug patched this month is CVE-2020-16898. Described as a remote code execution (RCE) vulnerability in the Windows TCP/IP stack, this bug can allow attackers to take over Windows systems by sending malicious ICMPv6 Router Advertisement packets to an unpatched computer via a network connection.

The bug was discovered internally by Microsoft engineers, and OS versions vulnerable to CVE-2020-16898 include Windows 10 and Windows Server 2019.

With a severity score of 9.8 out of a maximum of 10, Microsoft considers the bug dangerous and likely to be weaponized, and rightfully so.

Patching the bug is recommended, but workarounds such as disabling disable ICMPv6 RDNSS support also exist, which would allow system administrators to deploy temporary mitigations until they quality-test this month's security updates for any OS-crashing bugs.

Below are additional details about today's Microsoft Patch Tuesday and security updates released by other tech companies:

TagCVE IDCVE Title Adobe Flash Player ADV200012 October 2020 Adobe Flash Security Update .NET Framework CVE-2020-16937 .NET Framework Information Disclosure Vulnerability Azure CVE-2020-16995 Network Watcher Agent Virtual Machine Extension for Linux Elevation of Privilege Vulnerability Azure CVE-2020-16904 Azure Functions Elevation of Privilege Vulnerability Group Policy CVE-2020-16939 Group Policy Elevation of Privilege Vulnerability Microsoft Dynamics CVE-2020-16978 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Microsoft Dynamics CVE-2020-16956 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Microsoft Dynamics CVE-2020-16943 Dynamics 365 Commerce Elevation of Privilege Vulnerability Microsoft Exchange Server CVE-2020-16969 Microsoft Exchange Information Disclosure Vulnerability Microsoft Graphics Component CVE-2020-16911 GDI+ Remote Code Execution Vulnerability Microsoft Graphics Component CVE-2020-16914 Windows GDI+ Information Disclosure Vulnerability Microsoft Graphics Component CVE-2020-16923 Microsoft Graphics Components Remote Code Execution Vulnerability Microsoft Graphics Component CVE-2020-1167 Microsoft Graphics Components Remote Code Execution Vulnerability Microsoft NTFS CVE-2020-16938 Windows Kernel Information Disclosure Vulnerability Microsoft Office CVE-2020-16933 Microsoft Word Security Feature Bypass Vulnerability Microsoft Office CVE-2020-16929 Microsoft Excel Remote Code Execution Vulnerability Microsoft Office CVE-2020-16934 Microsoft Office Click-to-Run Elevation of Privilege Vulnerability Microsoft Office CVE-2020-16932 Microsoft Excel Remote Code Execution Vulnerability Microsoft Office CVE-2020-16930 Microsoft Excel Remote Code Execution Vulnerability Microsoft Office CVE-2020-16955 Microsoft Office Click-to-Run Elevation of Privilege Vulnerability Microsoft Office CVE-2020-16928 Microsoft Office Click-to-Run Elevation of Privilege Vulnerability Microsoft Office CVE-2020-16957 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Microsoft Office CVE-2020-16918 Base3D Remote Code Execution Vulnerability Microsoft Office CVE-2020-16949 Microsoft Outlook Denial of Service Vulnerability Microsoft Office CVE-2020-16947 Microsoft Outlook Remote Code Execution Vulnerability Microsoft Office CVE-2020-16931 Microsoft Excel Remote Code Execution Vulnerability Microsoft Office CVE-2020-16954 Microsoft Office Remote Code Execution Vulnerability Microsoft Office CVE-2020-17003 Base3D Remote Code Execution Vulnerability Microsoft Office SharePoint CVE-2020-16948 Microsoft SharePoint Information Disclosure Vulnerability Microsoft Office SharePoint CVE-2020-16953 Microsoft SharePoint Information Disclosure Vulnerability Microsoft Office SharePoint CVE-2020-16942 Microsoft SharePoint Information Disclosure Vulnerability Microsoft Office SharePoint CVE-2020-16951 Microsoft SharePoint Remote Code Execution Vulnerability Microsoft Office SharePoint CVE-2020-16944 Microsoft SharePoint Reflective XSS Vulnerability Microsoft Office SharePoint CVE-2020-16945 Microsoft Office SharePoint XSS Vulnerability Microsoft Office SharePoint CVE-2020-16946 Microsoft Office SharePoint XSS Vulnerability Microsoft Office SharePoint CVE-2020-16941 Microsoft SharePoint Information Disclosure Vulnerability Microsoft Office SharePoint CVE-2020-16950 Microsoft SharePoint Information Disclosure Vulnerability Microsoft Office SharePoint CVE-2020-16952 Microsoft SharePoint Remote Code Execution Vulnerability Microsoft Windows CVE-2020-16900 Windows Event System Elevation of Privilege Vulnerability Microsoft Windows CVE-2020-16901 Windows Kernel Information Disclosure Vulnerability Microsoft Windows CVE-2020-16899 Windows TCP/IP Denial of Service Vulnerability Microsoft Windows CVE-2020-16908 Windows Setup Elevation of Privilege Vulnerability Microsoft Windows CVE-2020-16909 Windows Error Reporting Elevation of Privilege Vulnerability Microsoft Windows CVE-2020-16912 Windows Backup Service Elevation of Privilege Vulnerability Microsoft Windows CVE-2020-16940 Windows - User Profile Service Elevation of Privilege Vulnerability Microsoft Windows CVE-2020-16907 Win32k Elevation of Privilege Vulnerability Microsoft Windows CVE-2020-16936 Windows Backup Service Elevation of Privilege Vulnerability Microsoft Windows CVE-2020-16898 Windows TCP/IP Remote Code Execution Vulnerability Microsoft Windows CVE-2020-16897 NetBT Information Disclosure Vulnerability Microsoft Windows CVE-2020-16895 Windows Error Reporting Manager Elevation of Privilege Vulnerability Microsoft Windows CVE-2020-16919 Windows Enterprise App Management Service Information Disclosure Vulnerability Microsoft Windows CVE-2020-16921 Windows Text Services Framework Information Disclosure Vulnerability Microsoft Windows CVE-2020-16920 Windows Application Compatibility Client Library Elevation of Privilege Vulnerability Microsoft Windows CVE-2020-16972 Windows Backup Service Elevation of Privilege Vulnerability Microsoft Windows CVE-2020-16877 Windows Elevation of Privilege Vulnerability Microsoft Windows CVE-2020-16876 Windows Application Compatibility Client Library Elevation of Privilege Vulnerability Microsoft Windows CVE-2020-16975 Windows Backup Service Elevation of Privilege Vulnerability Microsoft Windows CVE-2020-16973 Windows Backup Service Elevation of Privilege Vulnerability Microsoft Windows CVE-2020-16974 Windows Backup Service Elevation of Privilege Vulnerability Microsoft Windows CVE-2020-16922 Windows Spoofing Vulnerability Microsoft Windows CVE-2020-0764 Windows Storage Services Elevation of Privilege Vulnerability Microsoft Windows CVE-2020-16980 Windows iSCSI Target Service Elevation of Privilege Vulnerability Microsoft Windows CVE-2020-1080 Windows Hyper-V Elevation of Privilege Vulnerability Microsoft Windows CVE-2020-16887 Windows Network Connections Service Elevation of Privilege Vulnerability Microsoft Windows CVE-2020-16885 Windows Storage VSP Driver Elevation of Privilege Vulnerability Microsoft Windows CVE-2020-16924 Jet Database Engine Remote Code Execution Vulnerability Microsoft Windows CVE-2020-16976 Windows Backup Service Elevation of Privilege Vulnerability Microsoft Windows CVE-2020-16935 Windows COM Server Elevation of Privilege Vulnerability Microsoft Windows Codecs Library CVE-2020-16967 Windows Camera Codec Pack Remote Code Execution Vulnerability Microsoft Windows Codecs Library CVE-2020-16968 Windows Camera Codec Pack Remote Code Execution Vulnerability PowerShellGet CVE-2020-16886 PowerShellGet Module WDAC Security Feature Bypass Vulnerability Visual Studio CVE-2020-16977 Visual Studio Code Python Extension Remote Code Execution Vulnerability Windows COM CVE-2020-16916 Windows COM Server Elevation of Privilege Vulnerability Windows Error Reporting CVE-2020-16905 Windows Error Reporting Elevation of Privilege Vulnerability Windows Hyper-V CVE-2020-16894 Windows NAT Remote Code Execution Vulnerability Windows Hyper-V CVE-2020-1243 Windows Hyper-V Denial of Service Vulnerability Windows Hyper-V CVE-2020-16891 Windows Hyper-V Remote Code Execution Vulnerability Windows Installer CVE-2020-16902 Windows Installer Elevation of Privilege Vulnerability Windows Kernel CVE-2020-16889 Windows KernelStream Information Disclosure Vulnerability Windows Kernel CVE-2020-16892 Windows Image Elevation of Privilege Vulnerability Windows Kernel CVE-2020-16913 Win32k Elevation of Privilege Vulnerability Windows Kernel CVE-2020-1047 Windows Hyper-V Elevation of Privilege Vulnerability Windows Kernel CVE-2020-16910 Windows Security Feature Bypass Vulnerability Windows Media Player CVE-2020-16915 Media Foundation Memory Corruption Vulnerability Windows RDP CVE-2020-16863 Windows Remote Desktop Service Denial of Service Vulnerability Windows RDP CVE-2020-16927 Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability Windows RDP CVE-2020-16896 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Windows Secure Kernel Mode CVE-2020-16890 Windows Kernel Elevation of Privilege Vulnerability
Read Entire Article
  3. Microsoft October 2020 Patch Tuesday fixes 87 vulnerabilities

Related

M3 MacBook Air for $899 is the best Cyber Monday Mac deal I've seen in over a decade of covering Apple

M3 MacBook Air for $899 is the best Cyber Monday Mac deal I've seen in over a decade of covering Apple

Gift a Babbel subscription for 78% off to learn a new language with this Cyber Monday deal

Gift a Babbel subscription for 78% off to learn a new language with this Cyber Monday deal

Best Cyber Monday gaming PC deals 2024 on prebuilt PCs, GPUs, monitors, and more

Best Cyber Monday gaming PC deals 2024 on prebuilt PCs, GPUs, monitors, and more

Upgrade to Windows 11 Pro for $20 right now with this Cyber Monday deal

Upgrade to Windows 11 Pro for $20 right now with this Cyber Monday deal

These 10 tiny tools and gadgets are my keychain essentials - and most of them are on sale for Black Friday

These 10 tiny tools and gadgets are my keychain essentials - and most of them are on sale for Black Friday

This clever Bluetooth device lets you use your own headphones for in-flight movies (and it's 20% off)

This clever Bluetooth device lets you use your own headphones for in-flight movies (and it's 20% off)

Trending

1. Sabarmati Report
2. Amitabh Bachchan
3. Hunter Biden
4. Yeontan
5. Odisha Police Constable Admit Card
6. Sundar Pichai
7. Avadh Ojha
8. Skoda Kylaq
9. Shalini Passi
10. Suraksha Diagnostic IPO GMP

Popular

1-click RCE in Electron Applications

1-click RCE in Electron Applications

Install waybackurls on Kali Linux

Install waybackurls on Kali Linux

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Install DalFox on Kali Linux

Install DalFox on Kali Linux

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Autodesk Revit 2023 R1 Build 23.0.11.19 (x64) Multilingual + Crack

Autodesk Revit 2023 R1 Build 23.0.11.19 (x64) Multilingual + Crack

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

BOOK THIS SPACE FOR AD
RIGHT SIDEBAR BOTTOM AD
Bengali (Bangladesh) Bengali (Bangladesh) · English (United States) English (United States) ·
About Us · Terms & Condition · Contact Us
© Security Alert 2024. All rights are reserved