Microsoft Released Security Patch for 87 newly discovered Vulnerabilities

Home/Security Update/Microsoft Released Security Patch for 87 newly discovered Vulnerabilities

Microsoft Released Security Patch for 87 newly discovered Vulnerabilities

Microsoft released patches for 87 newly discovered vulnerabilities on its October 2020 Patch Tuesday.

Of the 87 vulnerabilities fixed today, 12 are classified as Critical, and 74 are classified as Important, and one as moderate.

The October security release consists of security updates for the following software:

  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Microsoft JET Database Engine
  • Azure Functions
  • Open Source Software
  • Microsoft Exchange Server
  • Visual Studio
  • PowerShellGet
  • Microsoft .NET Framework
  • Microsoft Dynamics
  • Adobe Flash Player
  • Microsoft Windows Codecs Library

CVE-2020-16898 – Bad Neighbor TCP/IP Stack

A remote code execution vulnerability with CVSS score 9.8, exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could gain the ability to execute code on the target server or client.

To exploit this vulnerability, an attacker would have to send specially crafted ICMPv6 Router Advertisement packets to a remote Windows computer.

On the latest post from McAfee security researchers “exploit that would grant remote code execution would be widespread and highly impactful, as this type of bug could be made wormable.”

Bharat Jogi, senior manager of vulnerability and threat research at Qualys, said that an exploit for the bug could be self-propagating, worming through infrastructure without user interaction.

CVE-2020-16947 – Microsoft Outlook Vulnerability

A second vulnerability to keep track of CVE-2020-16947, which concerns an RCE flaw on affected versions of Outlook that could allow code execution just by viewing a specially crafted email.

Microsoft also noted in its advisory that, “If the current user is logged on with administrative user rights, an attacker could take control of the affected system,” and “An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

CVE-2020-16909 – Windows Error Reporting Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.

An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality. To exploit the vulnerability, an attacker could run a specially crafted application.

Below is the full list of resolved vulnerabilities and released advisories in the October 2020 Patch Tuesday updates.

Tag CVE ID CVE TitleSeverity
.NET FrameworkCVE-2020-16937.NET Framework Information Disclosure VulnerabilityImportant
Adobe Flash PlayerADV200012October 2020 Adobe Flash Security UpdateCritical
AzureCVE-2020-16995Network Watcher Agent Virtual Machine Extension for Linux Elevation of Privilege VulnerabilityImportant
AzureCVE-2020-16904Azure Functions Elevation of Privilege VulnerabilityImportant
Group PolicyCVE-2020-16939Group Policy Elevation of Privilege VulnerabilityImportant
Microsoft DynamicsCVE-2020-16978Microsoft Dynamics 365 (On-Premise) Cross Site Scripting VulnerabilityImportant
Microsoft DynamicsCVE-2020-16956Microsoft Dynamics 365 (On-Premise) Cross Site Scripting VulnerabilityImportant
Microsoft DynamicsCVE-2020-16943Dynamics 365 Commerce Elevation of Privilege VulnerabilityImportant
Microsoft Exchange ServerCVE-2020-16969Microsoft Exchange Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-16911GDI+ Remote Code Execution VulnerabilityCritical
Microsoft Graphics ComponentCVE-2020-16914Windows GDI+ Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-16923Microsoft Graphics Components Remote Code Execution VulnerabilityCritical
Microsoft Graphics ComponentCVE-2020-1167Microsoft Graphics Components Remote Code Execution VulnerabilityImportant
Microsoft NTFSCVE-2020-16938Windows Kernel Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2020-16933Microsoft Word Security Feature Bypass VulnerabilityImportant
Microsoft OfficeCVE-2020-16929Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-16934Microsoft Office Click-to-Run Elevation of Privilege VulnerabilityImportant
Microsoft OfficeCVE-2020-16932Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-16930Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-16955Microsoft Office Click-to-Run Elevation of Privilege VulnerabilityImportant
Microsoft OfficeCVE-2020-16928Microsoft Office Click-to-Run Elevation of Privilege VulnerabilityImportant
Microsoft OfficeCVE-2020-16957Microsoft Office Access Connectivity Engine Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-16918Base3D Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-16949Microsoft Outlook Denial of Service VulnerabilityModerate
Microsoft OfficeCVE-2020-16947Microsoft Outlook Remote Code Execution VulnerabilityCritical
Microsoft OfficeCVE-2020-16931Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-16954Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-17003Base3D Remote Code Execution VulnerabilityCritical
Microsoft Office SharePointCVE-2020-16948Microsoft SharePoint Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2020-16953Microsoft SharePoint Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2020-16942Microsoft SharePoint Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2020-16951Microsoft SharePoint Remote Code Execution VulnerabilityCritical
Microsoft Office SharePointCVE-2020-16944Microsoft SharePoint Reflective XSS VulnerabilityImportant
Microsoft Office SharePointCVE-2020-16945Microsoft Office SharePoint XSS VulnerabilityImportant
Microsoft Office SharePointCVE-2020-16946Microsoft Office SharePoint XSS VulnerabilityImportant
Microsoft Office SharePointCVE-2020-16941Microsoft SharePoint Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2020-16950Microsoft SharePoint Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2020-16952Microsoft SharePoint Remote Code Execution VulnerabilityCritical
Microsoft WindowsCVE-2020-16900Windows Event System Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-16901Windows Kernel Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-16899Windows TCP/IP Denial of Service VulnerabilityImportant
Microsoft WindowsCVE-2020-16908Windows Setup Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-16909Windows Error Reporting Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-16912Windows Backup Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-16940Windows – User Profile Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-16907Win32k Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-16936Windows Backup Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-16898Windows TCP/IP Remote Code Execution VulnerabilityCritical
Microsoft WindowsCVE-2020-16897NetBT Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-16895Windows Error Reporting Manager Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-16919Windows Enterprise App Management Service Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-16921Windows Text Services Framework Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-16920Windows Application Compatibility Client Library Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-16972Windows Backup Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-16877Windows Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-16876Windows Application Compatibility Client Library Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-16975Windows Backup Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-16973Windows Backup Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-16974Windows Backup Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-16922Windows Spoofing VulnerabilityImportant
Microsoft WindowsCVE-2020-0764Windows Storage Services Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-16980Windows iSCSI Target Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1080Windows Hyper-V Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-16887Windows Network Connections Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-16885Windows Storage VSP Driver Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-16924Jet Database Engine Remote Code Execution VulnerabilityImportant
Microsoft WindowsCVE-2020-16976Windows Backup Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-16935Windows COM Server Elevation of Privilege VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2020-16967Windows Camera Codec Pack Remote Code Execution VulnerabilityCritical
Microsoft Windows Codecs LibraryCVE-2020-16968Windows Camera Codec Pack Remote Code Execution VulnerabilityCritical
PowerShellGetCVE-2020-16886PowerShellGet Module WDAC Security Feature Bypass VulnerabilityImportant
Visual StudioCVE-2020-16977Visual Studio Code Python Extension Remote Code Execution VulnerabilityImportant
Windows COMCVE-2020-16916Windows COM Server Elevation of Privilege VulnerabilityImportant
Windows Error ReportingCVE-2020-16905Windows Error Reporting Elevation of Privilege VulnerabilityImportant
Windows Hyper-VCVE-2020-16894Windows NAT Remote Code Execution VulnerabilityImportant
Windows Hyper-VCVE-2020-1243Windows Hyper-V Denial of Service VulnerabilityImportant
Windows Hyper-VCVE-2020-16891Windows Hyper-V Remote Code Execution VulnerabilityCritical
Windows InstallerCVE-2020-16902Windows Installer Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2020-16889Windows KernelStream Information Disclosure VulnerabilityImportant
Windows KernelCVE-2020-16892Windows Image Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2020-16913Win32k Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2020-1047Windows Hyper-V Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2020-16910Windows Security Feature Bypass VulnerabilityImportant
Windows Media PlayerCVE-2020-16915Media Foundation Memory Corruption VulnerabilityCritical
Windows RDPCVE-2020-16863Windows Remote Desktop Service Denial of Service VulnerabilityImportant
Windows RDPCVE-2020-16927Windows Remote Desktop Protocol (RDP) Denial of Service VulnerabilityImportant
Windows RDPCVE-2020-16896Windows Remote Desktop Protocol (RDP) Information Disclosure VulnerabilityImportant
Windows Secure Kernel ModeCVE-2020-16890Windows Kernel Elevation of Privilege VulnerabilityImportant

It’s highly recommended that Windows users and System Administrators apply the latest security patches to mitigate the threats associated with these issues.

Post Views: 446
By | 2020-10-14T16:18:59+05:30 October 14th, 2020|Security Update|

About the Author:

FirstHackersNews- Identifies Security

Related Posts

Leave A Comment

Subscribe to our newsletter to receive security tips everday!