News/Info Microsoft Releases September 2020 Security Patches For 129 Flaws

emailx45

Местный
Регистрация
5 Май 2008
Сообщения
3,571
Реакции
2,439
Credits
574
Microsoft Releases September 2020 Security Patches For 129 Flaws
Swati Khandelwal - September 08, 2020
[SHOWTOGROUPS=4,20,22]
Для просмотра ссылки Войди или Зарегистрируйся
As part of this month's Patch Tuesday, Microsoft today released a fresh batch of security updates to fix a total of 129 newly discovered security vulnerabilities affecting various versions of its Windows operating systems and related software.

Of the 129 bugs spanning its various products — Microsoft Windows, Edge browser, Internet Explorer, ChakraCore, SQL Server, Exchange Server, Office, ASP.NET, OneDrive, Azure DevOps, Visual Studio, and Microsoft Dynamics — that received new patches, 23 are listed as critical, 105 are important, and one is moderate in severity.

Unlike the past few months, none of the security vulnerabilities the tech giant patched in September are listed as being publicly known or under active attack at the time of release or at least not in knowledge of Microsoft.

A memory corruption vulnerability (Для просмотра ссылки Войди или Зарегистрируйся) in Microsoft Exchange software is worth highlighting all the critical flaws. The exploitation of this flaw could allow an attacker to run arbitrary code at the SYSTEM level by sending a specially crafted email to a vulnerable Exchange Server.

"A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory," Microsoft explains. "An attacker could then install programs; view, change, or delete data; or create new accounts."

Microsoft also patched two critical remote code execution flaws in Windows Codecs Library; both exist in the way that Microsoft Windows Codecs Library handles objects in memory, but while one (Для просмотра ссылки Войди или Зарегистрируйся) could be exploited to obtain information to compromise the user's system further, the other (Для просмотра ссылки Войди или Зарегистрируйся) could be used to take control of the affected system.


Besides these, two remote code execution flaws affect the on-premises implementation of Microsoft Dynamics 365, but both require the attacker to be authenticated.

Microsoft also patched six critical remote code execution vulnerabilities in SharePoint and one in SharePoint Server. While exploiting the vulnerability in SharePoint Server requires authentication, other flaws in SharePoint do not.

Other critical flaws the tech giant patched this month reside in Windows, Windows Media Audio Decoder, Windows Text Service Module, Windows Camera Codec Pack, Visual Studio, Scripting Engine, Microsoft COM for Windows, Microsoft Browser, and Graphics Device Interface.

Vulnerabilities marked as important reside in Windows, Active Directory, Active Directory Federation Services (ADFS), Internet Explorer Browser Helper, Jet Database Engine, ASP.NET Core, Dynamics 365, Excel, Graphics Component, Office, Office SharePoint, SharePoint Server, SharePoint, Word, OneDrive for Windows, Scripting Engine, Visual Studio, Win32k, Windows Defender Application Control, Windows DNS, and more.

Most of these vulnerabilities allow information disclosure, the elevation of privilege, and cross-Site Scripting. Some also lead to remote code execution attacks. In contrast, others allow security feature bypass, spoofing, tampering, and denial of service attacks.

Windows users and system administrators are highly advised to apply the latest security patches as soon as possible to keep cybercriminals and hackers away from taking control of their computers.

For installing security updates, head on to Settings → Update & security → Windows Update → Check for updates or install the updates manually.
[/SHOWTOGROUPS]
 
Последнее редактирование:

emailx45

Местный
Регистрация
5 Май 2008
Сообщения
3,571
Реакции
2,439
Credits
574
[SHOWTOGROUPS=4,20,22]

CVETitleSeverityType
CVE-2020-1285GDI+ Remote Code Execution VulnerabilityCriticalRCE
CVE-2020-0878Microsoft Browser Memory Corruption VulnerabilityCriticalRCE
CVE-2020-0922Microsoft COM for Windows Remote Code Execution VulnerabilityCriticalRCE
CVE-2020-16862Microsoft Dynamics 365 (on-premises) Remote Code Execution VulnerabilityCriticalRCE
CVE-2020-16857Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution VulnerabilityCriticalRCE
CVE-2020-16875Microsoft Exchange Memory Corruption VulnerabilityCriticalRCE
CVE-2020-1200Microsoft SharePoint Remote Code Execution VulnerabilityCriticalRCE
CVE-2020-1210Microsoft SharePoint Remote Code Execution VulnerabilityCriticalRCE
CVE-2020-1452Microsoft SharePoint Remote Code Execution VulnerabilityCriticalRCE
CVE-2020-1453Microsoft SharePoint Remote Code Execution VulnerabilityCriticalRCE
CVE-2020-1576Microsoft SharePoint Remote Code Execution VulnerabilityCriticalRCE
CVE-2020-1595Microsoft SharePoint Remote Code Execution VulnerabilityCriticalRCE
CVE-2020-1460Microsoft SharePoint Server Remote Code Execution VulnerabilityCriticalRCE
CVE-2020-1129Microsoft Windows Codecs Library Remote Code Execution VulnerabilityCriticalRCE
CVE-2020-1319Microsoft Windows Codecs Library Remote Code Execution VulnerabilityCriticalRCE
CVE-2020-1057Scripting Engine Memory Corruption VulnerabilityCriticalRCE
CVE-2020-1172Scripting Engine Memory Corruption VulnerabilityCriticalRCE
CVE-2020-16874Visual Studio Remote Code Execution VulnerabilityCriticalRCE
CVE-2020-0997Windows Camera Codec Pack Remote Code Execution VulnerabilityCriticalRCE
CVE-2020-1508Windows Media Audio Decoder Remote Code Execution VulnerabilityCriticalRCE
CVE-2020-1593Windows Media Audio Decoder Remote Code Execution VulnerabilityCriticalRCE
CVE-2020-1252Windows Remote Code Execution VulnerabilityCriticalRCE
CVE-2020-0908Windows Text Service Module Remote Code Execution VulnerabilityCriticalRCE
CVE-2020-0664Active Directory Information Disclosure VulnerabilityImportantInfo
CVE-2020-0856Active Directory Information Disclosure VulnerabilityImportantInfo
CVE-2020-0718Active Directory Remote Code Execution VulnerabilityImportantRCE
CVE-2020-0761Active Directory Remote Code Execution VulnerabilityImportantRCE
CVE-2020-0837ADFS Spoofing VulnerabilityImportantSpoofing
CVE-2020-1590Connected User Experiences and Telemetry Service Elevation of Privilege VulnerabilityImportantEoP
CVE-2020-1130Diagnostics Hub Standard Collector Elevation of Privilege VulnerabilityImportantEoP
CVE-2020-1133Diagnostics Hub Standard Collector Elevation of Privilege VulnerabilityImportantEoP
CVE-2020-1053DirectX Elevation of Privilege VulnerabilityImportantEoP
CVE-2020-1308DirectX Elevation of Privilege VulnerabilityImportantEoP
CVE-2020-1013Group Policy Elevation of Privilege VulnerabilityImportantEoP
CVE-2020-16884Internet Explorer Browser Helper Object (BHO) Memory Corruption VulnerabilityImportantRCE
CVE-2020-1039Jet Database Engine Remote Code Execution VulnerabilityImportantRCE
CVE-2020-1074Jet Database Engine Remote Code Execution VulnerabilityImportantRCE
CVE-2020-1045Microsoft ASP.NET Core Security Feature Bypass VulnerabilityImportantSFB
CVE-2020-1507Microsoft COM for Windows Elevation of Privilege VulnerabilityImportantEoP
CVE-2020-16858Microsoft Dynamics 365 (On-Premise) Cross Site Scripting VulnerabilityImportantXSS
CVE-2020-16859Microsoft Dynamics 365 (On-Premise) Cross Site Scripting VulnerabilityImportantXSS
CVE-2020-16861Microsoft Dynamics 365 (On-Premise) Cross Site Scripting VulnerabilityImportantXSS
CVE-2020-16864Microsoft Dynamics 365 (On-Premise) Cross Site Scripting VulnerabilityImportantXSS
CVE-2020-16871Microsoft Dynamics 365 (On-Premise) Cross Site Scripting VulnerabilityImportantXSS
CVE-2020-16872Microsoft Dynamics 365 (On-Premise) Cross Site Scripting VulnerabilityImportantXSS
CVE-2020-16878Microsoft Dynamics 365 (On-Premise) Cross Site Scripting VulnerabilityImportantXSS
CVE-2020-16860Microsoft Dynamics 365 (on-premises) Remote Code Execution VulnerabilityImportantRCE
CVE-2020-1224Microsoft Excel Information Disclosure VulnerabilityImportantInfo
CVE-2020-1193Microsoft Excel Remote Code Execution VulnerabilityImportantRCE
CVE-2020-1332Microsoft Excel Remote Code Execution VulnerabilityImportantRCE
CVE-2020-1335Microsoft Excel Remote Code Execution VulnerabilityImportantRCE
CVE-2020-1594Microsoft Excel Remote Code Execution VulnerabilityImportantRCE
CVE-2020-0921Microsoft Graphics Component Information Disclosure VulnerabilityImportantInfo
CVE-2020-1083Microsoft Graphics Component Information Disclosure VulnerabilityImportantInfo
CVE-2020-16855Microsoft Office Information Disclosure VulnerabilityImportantInfo
CVE-2020-1198Microsoft Office SharePoint XSS VulnerabilityImportantXSS
CVE-2020-1227Microsoft Office SharePoint XSS VulnerabilityImportantXSS
CVE-2020-1345Microsoft Office SharePoint XSS VulnerabilityImportantXSS
CVE-2020-1482Microsoft Office SharePoint XSS VulnerabilityImportantXSS
CVE-2020-1514Microsoft Office SharePoint XSS VulnerabilityImportantXSS
CVE-2020-1575Microsoft Office SharePoint XSS VulnerabilityImportantXSS
[/SHOWTOGROUPS]
 

emailx45

Местный
Регистрация
5 Май 2008
Сообщения
3,571
Реакции
2,439
Credits
574
[SHOWTOGROUPS=4,20,22]

CVE-2020-1440Microsoft SharePoint Server Tampering VulnerabilityImportantTampering
CVE-2020-1523Microsoft SharePoint Server Tampering VulnerabilityImportantTampering
CVE-2020-1205Microsoft SharePoint Spoofing VulnerabilityImportantSpoofing
CVE-2020-0790Microsoft splwow64 Elevation of Privilege VulnerabilityImportantEoP
CVE-2020-0875Microsoft splwow64 Information Disclosure VulnerabilityImportantInfo
CVE-2020-0766Microsoft Store Runtime Elevation of Privilege VulnerabilityImportantEoP
CVE-2020-1146Microsoft Store Runtime Elevation of Privilege VulnerabilityImportantEoP
CVE-2020-1218Microsoft Word Remote Code Execution VulnerabilityImportantRCE
CVE-2020-1338Microsoft Word Remote Code Execution VulnerabilityImportantRCE
CVE-2020-0838NTFS Elevation of Privilege VulnerabilityImportantEoP
CVE-2020-16851OneDrive for Windows Elevation of Privilege VulnerabilityImportantEoP
CVE-2020-16852OneDrive for Windows Elevation of Privilege VulnerabilityImportantEoP
CVE-2020-16853OneDrive for Windows Elevation of Privilege VulnerabilityImportantEoP
CVE-2020-16879Projected Filesystem Information Disclosure VulnerabilityImportantInfo
CVE-2020-0805Projected Filesystem Security Feature Bypass VulnerabilityImportantSFB
CVE-2020-1180Scripting Engine Memory Corruption VulnerabilityImportantRCE
CVE-2020-0870Shell infrastructure component Elevation of Privilege VulnerabilityImportantEoP
CVE-2020-1596TLS Information Disclosure VulnerabilityImportantInfo
CVE-2020-16881Visual Studio JSON Remote Code ExecutionImportantRCE
CVE-2020-16856Visual Studio Remote Code Execution VulnerabilityImportantRCE
CVE-2020-1245Win32k Elevation of Privilege VulnerabilityImportantEoP
CVE-2020-0941Win32k Information Disclosure VulnerabilityImportantInfo
CVE-2020-1250Win32k Information Disclosure VulnerabilityImportantInfo
CVE-2020-1471Windows CloudExperienceHost Elevation of Privilege VulnerabilityImportantEoP
CVE-2020-1115Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportantEoP
CVE-2020-0782Windows Cryptographic Catalog Services Elevation of Privilege VulnerabilityImportantEoP
CVE-2020-0951Windows Defender Application Control Security Feature Bypass VulnerabilityImportantSFB
CVE-2020-1031Windows DHCP Server Information Disclosure VulnerabilityImportantInfo
CVE-2020-0836Windows DNS Denial of Service VulnerabilityImportantDoS
CVE-2020-1228Windows DNS Denial of Service VulnerabilityImportantDoS
CVE-2020-0839Windows dnsrslvr.dll Elevation of Privilege VulnerabilityImportantEoP
CVE-2020-1052Windows Elevation of Privilege VulnerabilityImportantEoP
CVE-2020-1159Windows Elevation of Privilege VulnerabilityImportantEoP
CVE-2020-1376Windows Elevation of Privilege VulnerabilityImportantEoP
CVE-2020-1491Windows Function Discovery Service Elevation of Privilege VulnerabilityImportantEoP
CVE-2020-0912Windows Function Discovery SSDP Provider Elevation of Privilege VulnerabilityImportantEoP
CVE-2020-1256Windows GDI Information Disclosure VulnerabilityImportantInfo
CVE-2020-0998Windows Graphics Component Elevation of Privilege VulnerabilityImportantEoP
CVE-2020-1091Windows Graphics Component Information Disclosure VulnerabilityImportantInfo
CVE-2020-1097Windows Graphics Component Information Disclosure VulnerabilityImportantInfo
CVE-2020-0890Windows Hyper-V Denial of Service VulnerabilityImportantDoS
CVE-2020-0904Windows Hyper-V Denial of Service VulnerabilityImportantDoS
CVE-2020-1119Windows Information Disclosure VulnerabilityImportantInfo
CVE-2020-1532Windows InstallService Elevation of Privilege VulnerabilityImportantEoP
CVE-2020-1034Windows Kernel Elevation of Privilege VulnerabilityImportantEoP
CVE-2020-0928Windows Kernel Information Disclosure VulnerabilityImportantInfo
CVE-2020-1033Windows Kernel Information Disclosure VulnerabilityImportantInfo
CVE-2020-1589Windows Kernel Information Disclosure VulnerabilityImportantInfo
CVE-2020-1592Windows Kernel Information Disclosure VulnerabilityImportantInfo
CVE-2020-16854Windows Kernel Information Disclosure VulnerabilityImportantInfo
CVE-2020-1122Windows Language Pack Installer Elevation of Privilege VulnerabilityImportantEoP
CVE-2020-0989Windows Mobile Device Management Diagnostics Information Disclosure VulnerabilityImportantInfo
CVE-2020-0911Windows Modules Installer Elevation of Privilege VulnerabilityImportantEoP
CVE-2020-1030Windows Print Spooler Elevation of Privilege VulnerabilityImportantEoP
CVE-2020-1038Windows Routing Utilities Denial of ServiceImportantDoS
CVE-2020-0648Windows RSoP Service Application Elevation of Privilege VulnerabilityImportantEoP
CVE-2020-1169Windows Runtime Elevation of Privilege VulnerabilityImportantEoP
CVE-2020-1303Windows Runtime Elevation of Privilege VulnerabilityImportantEoP
CVE-2020-1098Windows Shell Infrastructure Component Elevation of Privilege VulnerabilityImportantEoP
CVE-2020-1012Windows Start-Up Application Elevation of Privilege VulnerabilityImportantEoP
CVE-2020-1506Windows Start-Up Application Elevation of Privilege VulnerabilityImportantEoP
CVE-2020-0914Windows State Repository Service Information Disclosure VulnerabilityImportantInfo
CVE-2020-0886Windows Storage Services Elevation of Privilege VulnerabilityImportantEoP
CVE-2020-1559Windows Storage Services Elevation of Privilege VulnerabilityImportantEoP
CVE-2020-1598Windows UPnP Service Elevation of Privilege VulnerabilityImportantEoP
CVE-2020-1152Windows Win32k Elevation of Privilege VulnerabilityImportantEoP
CVE-2020-16873Xamarin.Forms Spoofing VulnerabilityImportantSpoofing
CVE-2020-1044SQL Server Reporting Services Security Feature Bypass Vulnerability

[/SHOWTOGROUPS]