⚡ TL;DR | Go Straight to the September 2020 Patch Tuesday Audit Report.
Microsoft released their September 2020 Patch Tuesday updates to fix almost 130 CVE-numbered security vulnerabilities, 23 of which could be exploited to seize control of your Windows computer. The September 2020 security updates also include fixes for 2 critical vulnerabilities outside Windows products.
Critical Vulnerabilities in Google Chrome browser
The Patch Tuesday isn’t just about Windows updates, Google released Chrome 85, a critical update for the Google Chrome browser that fixes 20 security vulnerabilities, 5 of which have a high severity. There are different types of vulnerabilities: insufficient policy enforcement problems, incorrect security UI, side-channel information leakage, or inappropriate implementation.
It’s also the third time that Adobe didn’t release security updates for it’s Flash Player. Apparently, Adobe will retire the plugin by December.
Dangerous bugs for companies
CVE-2020-16875 is a critical flaw in the e-mail software Microsoft Exchange Server 2016 and 2019: the attacker could use the flaw to run code just by sending a suspicious e-mail.
There is also CVE-2020-1210, this is a remote code execution flaw in Microsoft Sharepoint. Hackers can attack this by uploading a file to a vulnerable Sharepoint website.
Adobe fixes 18 security flaws for vulnerabilities within InDesign and Framemaker. These are high severity bugs that could allow arbitrary JavaScript execution or execution with unnecessary privilege.
Intel patches 4 security vulnerabilities within it’s Intel Driver & Support Assistant. This may allow escalation of privilege so it’s important to run the software updates.
Critical CVE Codes
We compiled a list of the most critical vulnerabilities in the September 2020 Microsoft updates.
| Product name | CVE Code | Vulnerability CVE Code Description |
|---|---|---|
| Windows | CVE-2020-1252 | Remote Code Execution Vulnerability |
| Microsoft Dynamics 365 | CVE-2020-16857 | Remote Code Execution Vulnerability |
| Microsoft Dynamics 365 | CVE-2020-16862 | Remote Code Execution Vulnerability |
| Windows Graphic Device Interface GDI+ | CVE-2020-1285 | Remote Code Execution Vulnerability |
| Microsoft Sharepoint | CVE-2020-1200 | Remote Code Execution Vulnerability |
| Microsoft Sharepoint | CVE-2020-1210 | Remote Code Execution Vulnerability |
| Microsoft Sharepoint | CVE-2020-1452 | Remote Code Execution Vulnerability |
| Microsoft Sharepoint | CVE-2020-1453 | Remote Code Execution Vulnerability |
| Microsoft Sharepoint | CVE-2020-1576 | Remote Code Execution Vulnerability |
| Microsoft Sharepoint | CVE-2020-1576 | Remote Code Execution Vulnerability |
| Microsoft Sharepoint | CVE-2020-1460 | Remote Code Execution Vulnerability |
| Microsoft Sharepoint Server | CVE-2020-1595 | Remote Code Execution Vulnerability |
| Windows Media Audio Decoder | CVE-2020-1593 | Remote Code Execution Vulnerability |
| Windows Media Audio Decoder | CVE-2020-1508 | Remote Code Execution Vulnerability |
| Microsoft COM for Windows | CVE-2020-0922 | Remote Code Execution Vulnerability |
| Windows Text Service Module | CVE-2020-0908 | Remote Code Execution Vulnerability |
| Microsoft Windows Codecs Library | CVE-2020-1319 | Remote Code Execution Vulnerability |
| Microsoft Windows Codecs Library | CVE-2020-1129 | Remote Code Execution Vulnerability |
| Windows Camera Codec Pack | CVE-2020-0997 | Remote Code Execution Vulnerability |
| Visual Studio | CVE-2020-16874 | Remote Code Execution Vulnerability |
Run the September 2020 Patch Tuesday Audit Report
Similar to previous months, we’ve created an Audit Report that checks if the assets in your network are on the latest Microsoft patch update. It’s color-coded to give you an easy and quick overview of which assets are already on the latest Windows update, and which ones still need to be patched. As always, all admins are advised to install these security updates as soon as possible to protect Windows from security risks.
If you haven’t already, start your free trial of Lansweeper to run the Microsoft Patch Tuesday Report. Make sure to subscribe via the form below if you want to receive the latest Microsoft Patch reports and bonus network reports.
