Microsoft Patch Tuesday, October 2020 Edition

Microsoft today fixed at least 87 security problems in Windows and programs that run on top of the operating system. By far, the most dangerous bug patched this month is CVE-2020-16898. Described as a remote code execution (RCE) vulnerability in the Windows TCP/IP stack, this bug can allow attackers to take over Windows systems by sending malicious ICMPv6 Router Advertisement packets to an unpatched computer via a network connection. Yes, good people of the Windows world, it’s time once again to use XEOX!

Get back full control on windows update by using XEOX Job Editor.

automated updates

The October 2020 Patch Tuesday Security Updates

Security Updates are available for the following software:

  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Microsoft JET Database Engine
  • Azure Functions
  • Open Source Software
  • Microsoft Exchange Server
  • Visual Studio
  • PowerShellGet
  • Microsoft .NET Framework
  • Microsoft Dynamics
  • Adobe Flash Player
  • Microsoft Windows Codecs Library

Information about the updates:

  • Microsoft is improving Windows Release Notes. For more information, please see What’s next for Windows release notes.
  • For information regarding enabling Windows 10, version 1909 features, please see Windows 10, version 1909 delivery options. Note that Windows 10, versions 1903 and 1909 share a common core operating system with an identical set of system files. They will also share the same security update KBs.
  • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
  • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
  • A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
  • Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
  • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
  • Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

TagCVE IDCVE Title
Adobe Flash PlayerADV200012October 2020 Adobe Flash Security Update
.NET FrameworkCVE-2020-16937.NET Framework Information Disclosure Vulnerability
AzureCVE-2020-16995Network Watcher Agent Virtual Machine Extension for Linux Elevation of Privilege Vulnerability
AzureCVE-2020-16904Azure Functions Elevation of Privilege Vulnerability
Group PolicyCVE-2020-16939Group Policy Elevation of Privilege Vulnerability
Microsoft DynamicsCVE-2020-16978Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
Microsoft DynamicsCVE-2020-16956Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
Microsoft DynamicsCVE-2020-16943Dynamics 365 Commerce Elevation of Privilege Vulnerability
Microsoft Exchange ServerCVE-2020-16969Microsoft Exchange Information Disclosure Vulnerability
Microsoft Graphics ComponentCVE-2020-16911GDI+ Remote Code Execution Vulnerability
Microsoft Graphics ComponentCVE-2020-16914Windows GDI+ Information Disclosure Vulnerability
Microsoft Graphics ComponentCVE-2020-16923Microsoft Graphics Components Remote Code Execution Vulnerability
Microsoft Graphics ComponentCVE-2020-1167Microsoft Graphics Components Remote Code Execution Vulnerability
Microsoft NTFSCVE-2020-16938Windows Kernel Information Disclosure Vulnerability
Microsoft OfficeCVE-2020-16933Microsoft Word Security Feature Bypass Vulnerability
Microsoft OfficeCVE-2020-16929Microsoft Excel Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-16934Microsoft Office Click-to-Run Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2020-16932Microsoft Excel Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-16930Microsoft Excel Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-16955Microsoft Office Click-to-Run Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2020-16928Microsoft Office Click-to-Run Elevation of Privilege Vulnerability
Microsoft OfficeCVE-2020-16957Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-16918Base3D Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-16949Microsoft Outlook Denial of Service Vulnerability
Microsoft OfficeCVE-2020-16947Microsoft Outlook Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-16931Microsoft Excel Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-16954Microsoft Office Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-17003Base3D Remote Code Execution Vulnerability
Microsoft Office SharePointCVE-2020-16948Microsoft SharePoint Information Disclosure Vulnerability
Microsoft Office SharePointCVE-2020-16953Microsoft SharePoint Information Disclosure Vulnerability
Microsoft Office SharePointCVE-2020-16942Microsoft SharePoint Information Disclosure Vulnerability
Microsoft Office SharePointCVE-2020-16951Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePointCVE-2020-16944Microsoft SharePoint Reflective XSS Vulnerability
Microsoft Office SharePointCVE-2020-16945Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePointCVE-2020-16946Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePointCVE-2020-16941Microsoft SharePoint Information Disclosure Vulnerability
Microsoft Office SharePointCVE-2020-16950Microsoft SharePoint Information Disclosure Vulnerability
Microsoft Office SharePointCVE-2020-16952Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft WindowsCVE-2020-16900Windows Event System Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-16901Windows Kernel Information Disclosure Vulnerability
Microsoft WindowsCVE-2020-16899Windows TCP/IP Denial of Service Vulnerability
Microsoft WindowsCVE-2020-16908Windows Setup Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-16909Windows Error Reporting Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-16912Windows Backup Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-16940Windows – User Profile Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-16907Win32k Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-16936Windows Backup Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-16898Windows TCP/IP Remote Code Execution Vulnerability
Microsoft WindowsCVE-2020-16897NetBT Information Disclosure Vulnerability
Microsoft WindowsCVE-2020-16895Windows Error Reporting Manager Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-16919Windows Enterprise App Management Service Information Disclosure Vulnerability
Microsoft WindowsCVE-2020-16921Windows Text Services Framework Information Disclosure Vulnerability
Microsoft WindowsCVE-2020-16920Windows Application Compatibility Client Library Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-16972Windows Backup Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-16877Windows Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-16876Windows Application Compatibility Client Library Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-16975Windows Backup Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-16973Windows Backup Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-16974Windows Backup Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-16922Windows Spoofing Vulnerability
Microsoft WindowsCVE-2020-0764Windows Storage Services Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-16980Windows iSCSI Target Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1080Windows Hyper-V Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-16887Windows Network Connections Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-16885Windows Storage VSP Driver Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-16924Jet Database Engine Remote Code Execution Vulnerability
Microsoft WindowsCVE-2020-16976Windows Backup Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-16935Windows COM Server Elevation of Privilege Vulnerability
Microsoft Windows Codecs LibraryCVE-2020-16967Windows Camera Codec Pack Remote Code Execution Vulnerability
Microsoft Windows Codecs LibraryCVE-2020-16968Windows Camera Codec Pack Remote Code Execution Vulnerability
PowerShellGetCVE-2020-16886PowerShellGet Module WDAC Security Feature Bypass Vulnerability
Visual StudioCVE-2020-16977Visual Studio Code Python Extension Remote Code Execution Vulnerability
Windows COMCVE-2020-16916Windows COM Server Elevation of Privilege Vulnerability
Windows Error ReportingCVE-2020-16905Windows Error Reporting Elevation of Privilege Vulnerability
Windows Hyper-VCVE-2020-16894Windows NAT Remote Code Execution Vulnerability
Windows Hyper-VCVE-2020-1243Windows Hyper-V Denial of Service Vulnerability
Windows Hyper-VCVE-2020-16891Windows Hyper-V Remote Code Execution Vulnerability
Windows InstallerCVE-2020-16902Windows Installer Elevation of Privilege Vulnerability
Windows KernelCVE-2020-16889Windows KernelStream Information Disclosure Vulnerability
Windows KernelCVE-2020-16892Windows Image Elevation of Privilege Vulnerability
Windows KernelCVE-2020-16913Win32k Elevation of Privilege Vulnerability
Windows KernelCVE-2020-1047Windows Hyper-V Elevation of Privilege Vulnerability
Windows KernelCVE-2020-16910Windows Security Feature Bypass Vulnerability
Windows Media PlayerCVE-2020-16915Media Foundation Memory Corruption Vulnerability
Windows RDPCVE-2020-16863Windows Remote Desktop Service Denial of Service Vulnerability
Windows RDPCVE-2020-16927Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
Windows RDPCVE-2020-16896Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
Windows Secure Kernel ModeCVE-2020-16890Windows Kernel Elevation of Privilege Vulnerability

The following KBs contain information about known issues with the security updates. For a complete list of security update KBs, please see 20201013.  For more information about Windows Known Issues, please see Windows message center.

KB ArticleApplies To
4577668Windows 10 Version 1809, Windows Server 2019
4577671Windows 10, version 1903, Windows Server version 1903, Windows 10, version 1909, Windows Server version 1909
4579311Windows 10, version 2004
4580327Windows 10
4580328Windows 10, version 1709
4580330Windows 10, version 1803
4580345Windows 7, Windows Server 2008 R2 (Monthly Rollup)
4580346Windows 10, version 1607, Windows Server 2016
4580347Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
4580353Windows Server 2012 (Security-only update)
4580358Windows 8.1, Windows Server 2012 R2 (Security-only update)
4580378Windows Server 2008 Service Pack 2 (Monthly Rollup)
4580382Windows Server 2012 (Monthly Rollup)
4580385Windows Server 2008 Service Pack 2 (Security-only update)
4580387Windows 7, Windows Server 2008 R2 (Security-only update)
4581424Exchange Server 2019, Exchange Server 2016, Exchange Server 2013

More Information:

https://krebsonsecurity.com/2020/10/microsoft-patch-tuesday-october-2020-edition/
https://www.zdnet.com/article/microsoft-october-2020-patch-tuesday-fixes-87-vulnerabilities/
https://msrc.microsoft.com/update-guide/en-us/releaseNote/2020-Oct
https://wuinstall.com/index.php/blog-list/item/24-how-to-force-windows-2004-feature-upgrade-os-build-19041-to-install-using-the-command-line.html
https://windowsreport.com/windows-10-patch-tuesday-update-history/

KB4577668
KB4577671
KB4579311
KB4580327
KB4580328
KB4580330
KB4580345
KB4580346
KB4580347
KB4580353
KB4580358
KB4580378
KB4580382
KB4580385
KB4580387
KB4581424