Patch Analysis for October 2020

Welcome to this October Patch Tuesday Bulletin. This month there are 86 unique vulnerabilities listed which is a lot less than recent months but there was a large quantity of vulnerabilities in Windows that were publicly disclosed or have workarounds. Only 3 technologies are listed as critical and none of them are browsers for once. It is safe to say that the focus should be updating and verifying Windows updates as soon as possible. If you cannot update in a timely manner, then take some time to review potential workarounds. For example, CVE-2020-16898 is an RCE vulnerability with a CVSS score of 9.8 and has workaround. A CVSS score that high indicates that it is a likely candidate to become weaponized. The remaining vulnerabilities that were publicly disclosed/workarounds have a lower CVSS score but workarounds are often best practice and could be valuable even when the patches are deployed. For example, the vulnerability exploited by one of the most notorious ransomware attacks in history, Wannacry, had a workaround available which would have prevented exploitation in most cases that included disabling SMB V1.

Over the years we've had millions of visitors to UltimateWindowsSecurity.com. Every month we have thousands and thousands of visitors to our Security Log Encyclopedia which documents all of the Security Log event ID’s for Windows Server OS’s. Back in 2007 when SharePoint added auditing capability, I realized that my audience not only needed the event information from SharePoint but I also found a similar need in SQL Server and Exchange. So not only did I document the data but I also started to develop the means to extract that event data from these applications so that it’s accessible and useable to the end user. Some 8 years later and LOGbinder is continuing to grow as companies realize LOGbinder bridges the gap between these applications and their infosec team. Visit LOGbinder.com to download a free 30-day fully functional trial and see the security event data that you have literally been missing.

So, without further ado, here’s the chart of MS patches this month.

Patch data provided by:

Technology

Products Affected

Severity

Reference

Workaround/ Exploited

Vulnerability Info

Windows

Windows RT 8.1, 8.1, 10

Server 2012, 2016, 2019

Critical

CVE-2020-0764

CVE-2020-1047

CVE-2020-1080

CVE-2020-1167

CVE-2020-1243

CVE-2020-16876

CVE-2020-16877

CVE-2020-16885**

CVE-2020-16887

CVE-2020-16889

CVE-2020-16890

CVE-2020-16891

CVE-2020-16892

CVE-2020-16894

CVE-2020-16895

CVE-2020-16896*

CVE-2020-16897

CVE-2020-16898*

CVE-2020-16899*

CVE-2020-16900

CVE-2020-16901**

CVE-2020-16902

CVE-2020-16905

CVE-2020-16907

CVE-2020-16908**

CVE-2020-16909**

CVE-2020-16910

CVE-2020-16911

CVE-2020-16912

CVE-2020-16913

CVE-2020-16914

CVE-2020-16915

CVE-2020-16916

CVE-2020-16919

CVE-2020-16920

CVE-2020-16921

CVE-2020-16922

CVE-2020-16923

CVE-2020-16924

CVE-2020-16927

CVE-2020-16935

CVE-2020-16936

CVE-2020-16938**

CVE-2020-16939

CVE-2020-16940

CVE-2020-16967

CVE-2020-16968

CVE-2020-16972

CVE-2020-16973

CVE-2020-16974

CVE-2020-16975

CVE-2020-16976

CVE-2020-16980

*Workaround: Yes

**Public: Yes

Exploited: No

Denial of Service

Elevation of Privilege

Information Disclosure

Remote Code Execution

Security Feature Bypass

Spoofing

 

Office, Office Services and Web Apps

365 Apps for Enterprise

Excel 2010, 2013, 2016

Office 2010, 2013, 2016, 2016 for Mac, 2019, 2019 for Mac

Office Online Server

Office Web Apps 2010, 2013

Outlook 2010, 2013, 2016

SharePoint Enterprise Server 2013, 2016

SharePoint Foundation 2010, 2013

SharePoint Server 2010, 2019

Word 2010, 2013, 2016

 

Critical

CVE-2020-16918

CVE-2020-16928

CVE-2020-16929

CVE-2020-16930

CVE-2020-16931

CVE-2020-16932

CVE-2020-16933

CVE-2020-16934

CVE-2020-16941

CVE-2020-16942

CVE-2020-16944

CVE-2020-16945

CVE-2020-16946

CVE-2020-16947

CVE-2020-16948

CVE-2020-16949

CVE-2020-16950

CVE-2020-16951

CVE-2020-16952

CVE-2020-16953

CVE-2020-16954

CVE-2020-16955

CVE-2020-16957

*Workaround: No

**Public: No

Exploited: No

Denial of Service

Elevation of Privilege

Information Disclosure

Remote Code Execution

Security Feature Bypass

Spoofing

 

Azure Functions

Azure Functions

Network Watcher Agent for Linux

Important

CVE-2020-16904

CVE-2020-16995

*Workaround: No

**Public: No

Exploited: No

Elevation of Privilege

Exchange Server

Exchange Server 2013, 2016, 2019

Important

CVE-2020-16969

*Workaround: No

**Public: No

Exploited: No

Information Disclosure

Visual Studio

Visual Studio Code

Important

CVE-2020-16977

*Workaround: No

**Public: No

Exploited: No

Remote Code Execution

PowerShellGet

PowerShellGet 2.2.5

Important

CVE-2020-16886

*Workaround: No

**Public: No

Exploited: No

Security Feature Bypass

.NET Framework

.Net 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8

Important

CVE-2020-16937

*Workaround: No

**Public: No

Exploited: No

Information Disclosure

Dynamics

Dynamics 365 Commerce

Dynamics 365 (on-premises) 8.2, 9.0

Important

CVE-2020-16978

CVE-2020-16943

CVE-2020-16956

CVE-2020-16956

*Workaround: No

**Public: No

Exploited: No

Elevation of Privilege

Spoofing

 

Adobe Flash Player

Flash Player for Edge and IE 32.0.0.387

Critical

CVE-2020-9746

*Workaround: No

**Public: No

Exploited: No

Arbitrary Code Execution

Receive Randy's same-day, independent analysis each Patch Tuesday

"Thank you. I am very glad I subscribed to this newsletter.  Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

-  Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The "Randy’s Recommendation" comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.

 

Additional Resources