News/Info Microsoft Releases September 2020 Security Patches For 129 Flaws

emailx45 · 10 Сен 2020

Microsoft Releases September 2020 Security Patches For 129 Flaws
Swati Khandelwal - September 08, 2020

[SHOWTOGROUPS=4,20,22]
Для просмотра ссылки Войди или Зарегистрируйся
As part of this month's Patch Tuesday, Microsoft today released a fresh batch of security updates to fix a total of 129 newly discovered security vulnerabilities affecting various versions of its Windows operating systems and related software.

Of the 129 bugs spanning its various products — Microsoft Windows, Edge browser, Internet Explorer, ChakraCore, SQL Server, Exchange Server, Office, ASP.NET, OneDrive, Azure DevOps, Visual Studio, and Microsoft Dynamics — that received new patches, 23 are listed as critical, 105 are important, and one is moderate in severity.

Unlike the past few months, none of the security vulnerabilities the tech giant patched in September are listed as being publicly known or under active attack at the time of release or at least not in knowledge of Microsoft.

A memory corruption vulnerability (Для просмотра ссылки Войди или Зарегистрируйся) in Microsoft Exchange software is worth highlighting all the critical flaws. The exploitation of this flaw could allow an attacker to run arbitrary code at the SYSTEM level by sending a specially crafted email to a vulnerable Exchange Server.

"A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory," Microsoft explains. "An attacker could then install programs; view, change, or delete data; or create new accounts."

Microsoft also patched two critical remote code execution flaws in Windows Codecs Library; both exist in the way that Microsoft Windows Codecs Library handles objects in memory, but while one (Для просмотра ссылки Войди или Зарегистрируйся) could be exploited to obtain information to compromise the user's system further, the other (Для просмотра ссылки Войди или Зарегистрируйся) could be used to take control of the affected system.

Besides these, two remote code execution flaws affect the on-premises implementation of Microsoft Dynamics 365, but both require the attacker to be authenticated.

Microsoft also patched six critical remote code execution vulnerabilities in SharePoint and one in SharePoint Server. While exploiting the vulnerability in SharePoint Server requires authentication, other flaws in SharePoint do not.

Other critical flaws the tech giant patched this month reside in Windows, Windows Media Audio Decoder, Windows Text Service Module, Windows Camera Codec Pack, Visual Studio, Scripting Engine, Microsoft COM for Windows, Microsoft Browser, and Graphics Device Interface.

Vulnerabilities marked as important reside in Windows, Active Directory, Active Directory Federation Services (ADFS), Internet Explorer Browser Helper, Jet Database Engine, ASP.NET Core, Dynamics 365, Excel, Graphics Component, Office, Office SharePoint, SharePoint Server, SharePoint, Word, OneDrive for Windows, Scripting Engine, Visual Studio, Win32k, Windows Defender Application Control, Windows DNS, and more.

Most of these vulnerabilities allow information disclosure, the elevation of privilege, and cross-Site Scripting. Some also lead to remote code execution attacks. In contrast, others allow security feature bypass, spoofing, tampering, and denial of service attacks.

Windows users and system administrators are highly advised to apply the latest security patches as soon as possible to keep cybercriminals and hackers away from taking control of their computers.

For installing security updates, head on to Settings → Update & security → Windows Update → Check for updates or install the updates manually.
[/SHOWTOGROUPS]

emailx45 · 10 Сен 2020

[SHOWTOGROUPS=4,20,22]

CVE	Title	Severity	Type
	CVE-2020-1285	GDI+ Remote Code Execution Vulnerability	Critical	RCE
	CVE-2020-0878	Microsoft Browser Memory Corruption Vulnerability	Critical	RCE
	CVE-2020-0922	Microsoft COM for Windows Remote Code Execution Vulnerability	Critical	RCE
	CVE-2020-16862	Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability	Critical	RCE
	CVE-2020-16857	Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability	Critical	RCE
	CVE-2020-16875	Microsoft Exchange Memory Corruption Vulnerability	Critical	RCE
	CVE-2020-1200	Microsoft SharePoint Remote Code Execution Vulnerability	Critical	RCE
	CVE-2020-1210	Microsoft SharePoint Remote Code Execution Vulnerability	Critical	RCE
	CVE-2020-1452	Microsoft SharePoint Remote Code Execution Vulnerability	Critical	RCE
	CVE-2020-1453	Microsoft SharePoint Remote Code Execution Vulnerability	Critical	RCE
	CVE-2020-1576	Microsoft SharePoint Remote Code Execution Vulnerability	Critical	RCE
	CVE-2020-1595	Microsoft SharePoint Remote Code Execution Vulnerability	Critical	RCE
	CVE-2020-1460	Microsoft SharePoint Server Remote Code Execution Vulnerability	Critical	RCE
	CVE-2020-1129	Microsoft Windows Codecs Library Remote Code Execution Vulnerability	Critical	RCE
	CVE-2020-1319	Microsoft Windows Codecs Library Remote Code Execution Vulnerability	Critical	RCE
	CVE-2020-1057	Scripting Engine Memory Corruption Vulnerability	Critical	RCE
	CVE-2020-1172	Scripting Engine Memory Corruption Vulnerability	Critical	RCE
	CVE-2020-16874	Visual Studio Remote Code Execution Vulnerability	Critical	RCE
	CVE-2020-0997	Windows Camera Codec Pack Remote Code Execution Vulnerability	Critical	RCE
	CVE-2020-1508	Windows Media Audio Decoder Remote Code Execution Vulnerability	Critical	RCE
	CVE-2020-1593	Windows Media Audio Decoder Remote Code Execution Vulnerability	Critical	RCE
	CVE-2020-1252	Windows Remote Code Execution Vulnerability	Critical	RCE
	CVE-2020-0908	Windows Text Service Module Remote Code Execution Vulnerability	Critical	RCE
	CVE-2020-0664	Active Directory Information Disclosure Vulnerability	Important	Info
	CVE-2020-0856	Active Directory Information Disclosure Vulnerability	Important	Info
	CVE-2020-0718	Active Directory Remote Code Execution Vulnerability	Important	RCE
	CVE-2020-0761	Active Directory Remote Code Execution Vulnerability	Important	RCE
	CVE-2020-0837	ADFS Spoofing Vulnerability	Important	Spoofing
	CVE-2020-1590	Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability	Important	EoP
	CVE-2020-1130	Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability	Important	EoP
	CVE-2020-1133	Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability	Important	EoP
	CVE-2020-1053	DirectX Elevation of Privilege Vulnerability	Important	EoP
	CVE-2020-1308	DirectX Elevation of Privilege Vulnerability	Important	EoP
	CVE-2020-1013	Group Policy Elevation of Privilege Vulnerability	Important	EoP
	CVE-2020-16884	Internet Explorer Browser Helper Object (BHO) Memory Corruption Vulnerability	Important	RCE
	CVE-2020-1039	Jet Database Engine Remote Code Execution Vulnerability	Important	RCE
	CVE-2020-1074	Jet Database Engine Remote Code Execution Vulnerability	Important	RCE
	CVE-2020-1045	Microsoft ASP.NET Core Security Feature Bypass Vulnerability	Important	SFB
	CVE-2020-1507	Microsoft COM for Windows Elevation of Privilege Vulnerability	Important	EoP
	CVE-2020-16858	Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability	Important	XSS
	CVE-2020-16859	Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability	Important	XSS
	CVE-2020-16861	Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability	Important	XSS
	CVE-2020-16864	Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability	Important	XSS
	CVE-2020-16871	Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability	Important	XSS
	CVE-2020-16872	Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability	Important	XSS
	CVE-2020-16878	Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability	Important	XSS
	CVE-2020-16860	Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability	Important	RCE
	CVE-2020-1224	Microsoft Excel Information Disclosure Vulnerability	Important	Info
	CVE-2020-1193	Microsoft Excel Remote Code Execution Vulnerability	Important	RCE
	CVE-2020-1332	Microsoft Excel Remote Code Execution Vulnerability	Important	RCE
	CVE-2020-1335	Microsoft Excel Remote Code Execution Vulnerability	Important	RCE
	CVE-2020-1594	Microsoft Excel Remote Code Execution Vulnerability	Important	RCE
	CVE-2020-0921	Microsoft Graphics Component Information Disclosure Vulnerability	Important	Info
	CVE-2020-1083	Microsoft Graphics Component Information Disclosure Vulnerability	Important	Info
	CVE-2020-16855	Microsoft Office Information Disclosure Vulnerability	Important	Info
	CVE-2020-1198	Microsoft Office SharePoint XSS Vulnerability	Important	XSS
	CVE-2020-1227	Microsoft Office SharePoint XSS Vulnerability	Important	XSS
	CVE-2020-1345	Microsoft Office SharePoint XSS Vulnerability	Important	XSS
	CVE-2020-1482	Microsoft Office SharePoint XSS Vulnerability	Important	XSS
	CVE-2020-1514	Microsoft Office SharePoint XSS Vulnerability	Important	XSS
	CVE-2020-1575	Microsoft Office SharePoint XSS Vulnerability	Important	XSS

[/SHOWTOGROUPS]

emailx45 · 10 Сен 2020

[SHOWTOGROUPS=4,20,22]


CVE-2020-1440	Microsoft SharePoint Server Tampering Vulnerability	Important	Tampering
CVE-2020-1523	Microsoft SharePoint Server Tampering Vulnerability	Important	Tampering
CVE-2020-1205	Microsoft SharePoint Spoofing Vulnerability	Important	Spoofing
CVE-2020-0790	Microsoft splwow64 Elevation of Privilege Vulnerability	Important	EoP
CVE-2020-0875	Microsoft splwow64 Information Disclosure Vulnerability	Important	Info
CVE-2020-0766	Microsoft Store Runtime Elevation of Privilege Vulnerability	Important	EoP
CVE-2020-1146	Microsoft Store Runtime Elevation of Privilege Vulnerability	Important	EoP
CVE-2020-1218	Microsoft Word Remote Code Execution Vulnerability	Important	RCE
CVE-2020-1338	Microsoft Word Remote Code Execution Vulnerability	Important	RCE
CVE-2020-0838	NTFS Elevation of Privilege Vulnerability	Important	EoP
CVE-2020-16851	OneDrive for Windows Elevation of Privilege Vulnerability	Important	EoP
CVE-2020-16852	OneDrive for Windows Elevation of Privilege Vulnerability	Important	EoP
CVE-2020-16853	OneDrive for Windows Elevation of Privilege Vulnerability	Important	EoP
CVE-2020-16879	Projected Filesystem Information Disclosure Vulnerability	Important	Info
CVE-2020-0805	Projected Filesystem Security Feature Bypass Vulnerability	Important	SFB
CVE-2020-1180	Scripting Engine Memory Corruption Vulnerability	Important	RCE
CVE-2020-0870	Shell infrastructure component Elevation of Privilege Vulnerability	Important	EoP
CVE-2020-1596	TLS Information Disclosure Vulnerability	Important	Info
CVE-2020-16881	Visual Studio JSON Remote Code Execution	Important	RCE
CVE-2020-16856	Visual Studio Remote Code Execution Vulnerability	Important	RCE
CVE-2020-1245	Win32k Elevation of Privilege Vulnerability	Important	EoP
CVE-2020-0941	Win32k Information Disclosure Vulnerability	Important	Info
CVE-2020-1250	Win32k Information Disclosure Vulnerability	Important	Info
CVE-2020-1471	Windows CloudExperienceHost Elevation of Privilege Vulnerability	Important	EoP
CVE-2020-1115	Windows Common Log File System Driver Elevation of Privilege Vulnerability	Important	EoP
CVE-2020-0782	Windows Cryptographic Catalog Services Elevation of Privilege Vulnerability	Important	EoP
CVE-2020-0951	Windows Defender Application Control Security Feature Bypass Vulnerability	Important	SFB
CVE-2020-1031	Windows DHCP Server Information Disclosure Vulnerability	Important	Info
CVE-2020-0836	Windows DNS Denial of Service Vulnerability	Important	DoS
CVE-2020-1228	Windows DNS Denial of Service Vulnerability	Important	DoS
CVE-2020-0839	Windows dnsrslvr.dll Elevation of Privilege Vulnerability	Important	EoP
CVE-2020-1052	Windows Elevation of Privilege Vulnerability	Important	EoP
CVE-2020-1159	Windows Elevation of Privilege Vulnerability	Important	EoP
CVE-2020-1376	Windows Elevation of Privilege Vulnerability	Important	EoP
CVE-2020-1491	Windows Function Discovery Service Elevation of Privilege Vulnerability	Important	EoP
CVE-2020-0912	Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability	Important	EoP
CVE-2020-1256	Windows GDI Information Disclosure Vulnerability	Important	Info
CVE-2020-0998	Windows Graphics Component Elevation of Privilege Vulnerability	Important	EoP
CVE-2020-1091	Windows Graphics Component Information Disclosure Vulnerability	Important	Info
CVE-2020-1097	Windows Graphics Component Information Disclosure Vulnerability	Important	Info
CVE-2020-0890	Windows Hyper-V Denial of Service Vulnerability	Important	DoS
CVE-2020-0904	Windows Hyper-V Denial of Service Vulnerability	Important	DoS
CVE-2020-1119	Windows Information Disclosure Vulnerability	Important	Info
CVE-2020-1532	Windows InstallService Elevation of Privilege Vulnerability	Important	EoP
CVE-2020-1034	Windows Kernel Elevation of Privilege Vulnerability	Important	EoP
CVE-2020-0928	Windows Kernel Information Disclosure Vulnerability	Important	Info
CVE-2020-1033	Windows Kernel Information Disclosure Vulnerability	Important	Info
CVE-2020-1589	Windows Kernel Information Disclosure Vulnerability	Important	Info
CVE-2020-1592	Windows Kernel Information Disclosure Vulnerability	Important	Info
CVE-2020-16854	Windows Kernel Information Disclosure Vulnerability	Important	Info
CVE-2020-1122	Windows Language Pack Installer Elevation of Privilege Vulnerability	Important	EoP
CVE-2020-0989	Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability	Important	Info
CVE-2020-0911	Windows Modules Installer Elevation of Privilege Vulnerability	Important	EoP
CVE-2020-1030	Windows Print Spooler Elevation of Privilege Vulnerability	Important	EoP
CVE-2020-1038	Windows Routing Utilities Denial of Service	Important	DoS
CVE-2020-0648	Windows RSoP Service Application Elevation of Privilege Vulnerability	Important	EoP
CVE-2020-1169	Windows Runtime Elevation of Privilege Vulnerability	Important	EoP
CVE-2020-1303	Windows Runtime Elevation of Privilege Vulnerability	Important	EoP
CVE-2020-1098	Windows Shell Infrastructure Component Elevation of Privilege Vulnerability	Important	EoP
CVE-2020-1012	Windows Start-Up Application Elevation of Privilege Vulnerability	Important	EoP
CVE-2020-1506	Windows Start-Up Application Elevation of Privilege Vulnerability	Important	EoP
CVE-2020-0914	Windows State Repository Service Information Disclosure Vulnerability	Important	Info
CVE-2020-0886	Windows Storage Services Elevation of Privilege Vulnerability	Important	EoP
CVE-2020-1559	Windows Storage Services Elevation of Privilege Vulnerability	Important	EoP
CVE-2020-1598	Windows UPnP Service Elevation of Privilege Vulnerability	Important	EoP
CVE-2020-1152	Windows Win32k Elevation of Privilege Vulnerability	Important	EoP
CVE-2020-16873	Xamarin.Forms Spoofing Vulnerability	Important	Spoofing
CVE-2020-1044	SQL Server Reporting Services Security Feature Bypass Vulnerability

[/SHOWTOGROUPS]

News/Info Microsoft Releases September 2020 Security Patches For 129 Flaws

emailx45

emailx45

emailx45

Похожие темы