Webinar Library
Welcome to this September Tuesday Bulletin. This was another huge month of updates for Microsoft with 129 unique CVE’s, 8 technologies with critical updates, but no actively attacked or disclosed vulnerabilities. Even though there were no vulnerabilities attacked in the wild it is important to pay attention to the critical browser and Exchange vulnerabilities. Test, deploy, and verify updates for IE, Edge, Exchange. The Exchange vulnerability could be particularly nasty given that MS states “Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Exchange server”. The impact would be very high if an adversary were to develop an exploit to execute this attack. Make sure that updates for Windows and Office vulnerabilities are a high priority since these platforms are always enticing targets for adversaries.
Over the years we've had millions of visitors to UltimateWindowsSecurity.com. Every month we have thousands and thousands of visitors to our Security Log Encyclopedia which documents all of the Security Log event ID’s for Windows Server OS’s. Back in 2007 when SharePoint added auditing capability, I realized that my audience not only needed the event information from SharePoint but I also found a similar need in SQL Server and Exchange. So not only did I document the data but I also started to develop the means to extract that event data from these applications so that it’s accessible and useable to the end user. Some 8 years later and LOGbinder is continuing to grow as companies realize LOGbinder bridges the gap between these applications and their infosec team. Visit LOGbinder.com to download a free 30-day fully functional trial and see the security event data that you have literally been missing.
So, without further ado, here’s the chart of MS patches this month.
Patch data provided by:
Technology
Products Affected
Severity
Reference
Workaround/ Exploited
Vulnerability Info
Windows
Windows 8.1, RT 8.1, 10
Server 2012, 2016, 2019
Critical
CVE-2020-1471
CVE-2020-1507
CVE-2020-1532
CVE-2020-1590
CVE-2020-1592
CVE-2020-0648
CVE-2020-0664
CVE-2020-0718
CVE-2020-0790
CVE-2020-0805
CVE-2020-0837
CVE-2020-0839
CVE-2020-0914
CVE-2020-0922
CVE-2020-0928
CVE-2020-0941
CVE-2020-0951
CVE-2020-1013
CVE-2020-1034
CVE-2020-1038
CVE-2020-1039
CVE-2020-1122
CVE-2020-1130
CVE-2020-1146
CVE-2020-1169
CVE-2020-1285
CVE-2020-0997
CVE-2020-1376
CVE-2020-1491
CVE-2020-1508
CVE-2020-1559
CVE-2020-1589
CVE-2020-1593
CVE-2020-1596
CVE-2020-1598
CVE-2020-0761
CVE-2020-0766
CVE-2020-0782
CVE-2020-0836
CVE-2020-0838
CVE-2020-0856
CVE-2020-0870
CVE-2020-0875
CVE-2020-0886
CVE-2020-0890
CVE-2020-0904
CVE-2020-0908
CVE-2020-0911
CVE-2020-0912
CVE-2020-0921
CVE-2020-0989
CVE-2020-0998
CVE-2020-1030
CVE-2020-1031
CVE-2020-1033
CVE-2020-1052
CVE-2020-1053
CVE-2020-1074
CVE-2020-1083
CVE-2020-1091
CVE-2020-1097
CVE-2020-1098
CVE-2020-1115
CVE-2020-1119
CVE-2020-1129
CVE-2020-1133
CVE-2020-1152
CVE-2020-1159
CVE-2020-1228
CVE-2020-1245
CVE-2020-1250
CVE-2020-1252
CVE-2020-1256
CVE-2020-1303
CVE-2020-1308
CVE-2020-1319
CVE-2020-16854
CVE-2020-16879
*Workaround: No
**Public: No
Exploited: No
Elevation of Privilege
Information Disclosure
Remote Code Execution
Security Feature Bypass
Spoofing
Denial of Service
Edge
HTML-based (Legacy)
CVE-2020-0878
CVE-2020-1057
CVE-2020-1172
CVE-2020-1180
Chromium-Based
Important
CVE-2020-16884
ChakraCore
ALL
Internet Explorer
IE 11
CVE-2020-1506
CVE-2020-1012
SQL Server
SQL Server Reporting Services 2017, 2019
Moderate
CVE-2020-1044
Office, Office Services and Web Apps
Excel 2010, 2013, 2016
Office 2010, 2013, 2016, 2016 for Mac, 2019, 2019 for Mac
Online Server
Web Apps 2010, 2013
SharePoint Enterprise server 2013, 2016
SharePoint Foundation 2010, 2013
SharePoint 2010, 2019
Word 2010, 2013, 2016
OneDrive for Windows
365 Apps for Enterprise
CVE-2020-1193
CVE-2020-1198
CVE-2020-1200
CVE-2020-1205
CVE-2020-1210
CVE-2020-1218
CVE-2020-1224
CVE-2020-1227
CVE-2020-1332
CVE-2020-1335
CVE-2020-1338
CVE-2020-1345
CVE-2020-1440
CVE-2020-1452
CVE-2020-1453
CVE-2020-1460
CVE-2020-1482
CVE-2020-1514
CVE-2020-1523
CVE-2020-1575
CVE-2020-1576
CVE-2020-1594
CVE-2020-1595
CVE-2020-16851
CVE-2020-16852
CVE-2020-16853
CVE-2020-16855
Tampering
Dynamics
Dynamics 365
Dynamics 365 for Finance and Operations
CVE-2020-1182
CVE-2020-16857
CVE-2020-16858
CVE-2020-16859
CVE-2020-16860
CVE-2020-16861
CVE-2020-16862
CVE-2020-16864
CVE-2020-16871
CVE-2020-16872
CVE-2020-16878
Visual Studio
Visual Studio 2012, 2013, 2015, 2017, 2019
Visual Studio Code
CVE-2020-16856
CVE-2020-16874
CVE-2020-16881
Exchange Server
Server 2016, 2019
CVE-2020-16875
ASP.NET
ASP.NET 2.1, 3.1
CVE-2020-1045
OneDrive