Microsoft Patch Tuesday, September 2020 Edition

Microsoft today released updates to remedy nearly 130 security vulnerabilities in its Windows operating system and supported software. None of the flaws are known to be currently under active exploitation, but 23 of them could be exploited by malware or malcontents to seize complete control of Windows computers with little or no help from users. Yes, good people of the Windows world, it’s time once again to use XEOX!

For information about the non-security Windows updates, you can read about today’s Windows 10 security updates on https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Sep

Get back full control on windows update by using XEOX Job Editor.

automated updates

The September 2020 Patch Tuesday Security Updates

Below is the full list of resolved vulnerabilities and released advisories in the September 2020 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.

TagCVE IDCVE TitleSeverity
Active DirectoryCVE-2020-0761Active Directory Remote Code Execution VulnerabilityImportant
Active DirectoryCVE-2020-0856Active Directory Information Disclosure VulnerabilityImportant
Active DirectoryCVE-2020-0718Active Directory Remote Code Execution VulnerabilityImportant
Active DirectoryCVE-2020-0664Active Directory Information Disclosure VulnerabilityImportant
Active Directory Federation ServicesCVE-2020-0837ADFS Spoofing VulnerabilityImportant
ASP.NETCVE-2020-1045Microsoft ASP.NET Core Security Feature Bypass VulnerabilityImportant
Common Log File System DriverCVE-2020-1115Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Internet ExplorerCVE-2020-1012WinINet API Elevation of Privilege VulnerabilityImportant
Internet ExplorerCVE-2020-16884Internet Explorer Browser Helper Object (BHO) Memory Corruption VulnerabilityImportant
Internet ExplorerCVE-2020-1506Windows Start-Up Application Elevation of Privilege VulnerabilityImportant
Microsoft BrowsersCVE-2020-0878Microsoft Browser Memory Corruption VulnerabilityCritical
Microsoft DynamicsCVE-2020-16857Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution VulnerabilityCritical
Microsoft DynamicsCVE-2020-16858Microsoft Dynamics 365 (On-Premise) Cross Site Scripting VulnerabilityImportant
Microsoft DynamicsCVE-2020-16860Microsoft Dynamics 365 (on-premises) Remote Code Execution VulnerabilityImportant
Microsoft DynamicsCVE-2020-16859Microsoft Dynamics 365 (On-Premise) Cross Site Scripting VulnerabilityImportant
Microsoft DynamicsCVE-2020-16861Microsoft Dynamics 365 (On-Premise) Cross Site Scripting VulnerabilityImportant
Microsoft DynamicsCVE-2020-16872Microsoft Dynamics 365 (On-Premise) Cross Site Scripting VulnerabilityImportant
Microsoft DynamicsCVE-2020-16864Microsoft Dynamics 365 (On-Premise) Cross Site Scripting VulnerabilityImportant
Microsoft DynamicsCVE-2020-16878Microsoft Dynamics 365 (On-Premise) Cross Site Scripting VulnerabilityImportant
Microsoft DynamicsCVE-2020-16862Microsoft Dynamics 365 (on-premises) Remote Code Execution VulnerabilityCritical
Microsoft DynamicsCVE-2020-16871Microsoft Dynamics 365 (On-Premise) Cross Site Scripting VulnerabilityImportant
Microsoft Exchange ServerCVE-2020-16875Microsoft Exchange Memory Corruption VulnerabilityCritical
Microsoft Graphics ComponentCVE-2020-0921Microsoft Graphics Component Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-0998Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-1091Windows Graphics Component Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-1152Windows Win32k Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-1097Windows Graphics Component Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-1083Microsoft Graphics Component Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-1053DirectX Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-1308DirectX Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-1245Win32k Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-1285GDI+ Remote Code Execution VulnerabilityCritical
Microsoft Graphics ComponentCVE-2020-1256Windows GDI Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-1250Win32k Information Disclosure VulnerabilityImportant
Microsoft JET Database EngineCVE-2020-1039Jet Database Engine Remote Code Execution VulnerabilityImportant
Microsoft JET Database EngineCVE-2020-1074Jet Database Engine Remote Code Execution VulnerabilityImportant
Microsoft NTFSCVE-2020-0838NTFS Elevation of Privilege VulnerabilityImportant
Microsoft OfficeCVE-2020-1594Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-1335Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-16855Microsoft Office Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2020-1338Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-1332Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-1224Microsoft Excel Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2020-1218Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-1193Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2020-1345Microsoft Office SharePoint XSS VulnerabilityImportant
Microsoft Office SharePointCVE-2020-1205Microsoft SharePoint Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2020-1210Microsoft SharePoint Remote Code Execution VulnerabilityCritical
Microsoft Office SharePointCVE-2020-1514Microsoft Office SharePoint XSS VulnerabilityImportant
Microsoft Office SharePointCVE-2020-1595Microsoft SharePoint Remote Code Execution VulnerabilityCritical
Microsoft Office SharePointCVE-2020-1523Microsoft SharePoint Server Tampering VulnerabilityImportant
Microsoft Office SharePointCVE-2020-1440Microsoft SharePoint Server Tampering VulnerabilityImportant
Microsoft Office SharePointCVE-2020-1200Microsoft SharePoint Remote Code Execution VulnerabilityCritical
Microsoft Office SharePointCVE-2020-1482Microsoft Office SharePoint XSS VulnerabilityImportant
Microsoft Office SharePointCVE-2020-1198Microsoft Office SharePoint XSS VulnerabilityImportant
Microsoft Office SharePointCVE-2020-1227Microsoft Office SharePoint XSS VulnerabilityImportant
Microsoft Office SharePointCVE-2020-1576Microsoft SharePoint Remote Code Execution VulnerabilityCritical
Microsoft Office SharePointCVE-2020-1452Microsoft SharePoint Remote Code Execution VulnerabilityCritical
Microsoft Office SharePointCVE-2020-1575Microsoft Office SharePoint XSS VulnerabilityImportant
Microsoft Office SharePointCVE-2020-1453Microsoft SharePoint Remote Code Execution VulnerabilityCritical
Microsoft Office SharePointCVE-2020-1460Microsoft SharePoint Server Remote Code Execution VulnerabilityCritical
Microsoft OneDriveCVE-2020-16853OneDrive for Windows Elevation of Privilege VulnerabilityImportant
Microsoft OneDriveCVE-2020-16851OneDrive for Windows Elevation of Privilege VulnerabilityImportant
Microsoft OneDriveCVE-2020-16852OneDrive for Windows Elevation of Privilege VulnerabilityImportant
Microsoft Scripting EngineCVE-2020-1057Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2020-1180Scripting Engine Memory Corruption VulnerabilityImportant
Microsoft Scripting EngineCVE-2020-1172Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft WindowsCVE-2020-1596TLS Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-1169Windows Runtime Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1593Windows Media Audio Decoder Remote Code Execution VulnerabilityCritical
Microsoft WindowsCVE-2020-1159Windows Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1598Windows UPnP Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0790Microsoft splwow64 Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0922Microsoft COM for Windows Remote Code Execution VulnerabilityCritical
Microsoft WindowsCVE-2020-0782Windows Cryptographic Catalog Services Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0648Windows RSoP Service Application Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0766Microsoft Store Runtime Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1590Connected User Experiences and Telemetry Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1376Windows Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1471Windows CloudExperienceHost Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-16879Projected Filesystem Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-1013Group Policy Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1532Windows InstallService Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1491Windows Function Discovery Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1303Windows Runtime Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1252Windows Remote Code Execution VulnerabilityCritical
Microsoft WindowsCVE-2020-1559Windows Storage Services Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1507Microsoft COM for Windows Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1508Windows Media Audio Decoder Remote Code Execution VulnerabilityCritical
Microsoft WindowsCVE-2020-0914Windows State Repository Service Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-0886Windows Storage Services Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0989Windows Mobile Device Management Diagnostics Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-0875Microsoft splwow64 Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-0912Windows Function Discovery SSDP Provider Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1038Windows Routing Utilities Denial of ServiceImportant
Microsoft WindowsCVE-2020-0908Windows Text Service Module Remote Code Execution VulnerabilityCritical
Microsoft WindowsCVE-2020-1052Windows Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0911Windows Modules Installer Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0805Projected Filesystem Security Feature Bypass VulnerabilityImportant
Microsoft WindowsCVE-2020-1119Windows Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-1146Microsoft Store Runtime Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0951Windows Defender Application Control Security Feature Bypass VulnerabilityImportant
Microsoft WindowsCVE-2020-1122Windows Language Pack Installer Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1098Windows Shell Infrastructure Component Elevation of Privilege VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2020-1319Microsoft Windows Codecs Library Remote Code Execution VulnerabilityCritical
Microsoft Windows Codecs LibraryCVE-2020-0997Windows Camera Codec Pack Remote Code Execution VulnerabilityCritical
Microsoft Windows Codecs LibraryCVE-2020-1129Microsoft Windows Codecs Library Remote Code Execution VulnerabilityCritical
Microsoft Windows DNSCVE-2020-0839Windows dnsrslvr.dll Elevation of Privilege VulnerabilityImportant
Microsoft Windows DNSCVE-2020-1228Windows DNS Denial of Service VulnerabilityImportant
Microsoft Windows DNSCVE-2020-0836Windows DNS Denial of Service VulnerabilityImportant
Open Source SoftwareCVE-2020-16873Xamarin.Forms Spoofing VulnerabilityImportant
SQL ServerCVE-2020-1044SQL Server Reporting Services Security Feature Bypass VulnerabilityModerate
Visual StudioCVE-2020-16874Visual Studio Remote Code Execution VulnerabilityCritical
Visual StudioCVE-2020-16856Visual Studio Remote Code Execution VulnerabilityImportant
Visual StudioCVE-2020-16881Visual Studio JSON Remote Code Execution VulnerabilityImportant
Windows DHCP ServerCVE-2020-1031Windows DHCP Server Information Disclosure VulnerabilityImportant
Windows Diagnostic HubCVE-2020-1130Diagnostics Hub Standard Collector Elevation of Privilege VulnerabilityImportant
Windows Diagnostic HubCVE-2020-1133Diagnostics Hub Standard Collector Elevation of Privilege VulnerabilityImportant
Windows Hyper-VCVE-2020-0904Windows Hyper-V Denial of Service VulnerabilityImportant
Windows Hyper-VCVE-2020-0890Windows Hyper-V Denial of Service VulnerabilityImportant
Windows KernelCVE-2020-0941Win32k Information Disclosure VulnerabilityImportant
Windows KernelCVE-2020-0928Windows Kernel Information Disclosure VulnerabilityImportant
Windows KernelCVE-2020-16854Windows Kernel Information Disclosure VulnerabilityImportant
Windows KernelCVE-2020-1034Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2020-1033Windows Kernel Information Disclosure VulnerabilityImportant
Windows KernelCVE-2020-1589Windows Kernel Information Disclosure VulnerabilityImportant
Windows KernelCVE-2020-1592Windows Kernel Information Disclosure VulnerabilityImportant
Windows Print Spooler ComponentsCVE-2020-1030Windows Print Spooler Elevation of Privilege VulnerabilityImportant
Windows ShellCVE-2020-0870Shell infrastructure component Elevation of Privilege VulnerabilityImportant

More Information:

https://krebsonsecurity.com/2020/09/microsoft-patch-tuesday-sept-2020-edition/
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Sep
https://wuinstall.com/index.php/blog-list/item/24-how-to-force-windows-2004-feature-upgrade-os-build-19041-to-install-using-the-command-line.html
https://windowsreport.com/windows-10-patch-tuesday-update-history/

KB4484488
KB4484515
KB4486667
KB4570333
KB4571756
KB4577015
KB4577038
KB4577048
KB4577051
KB4577053
KB4577064
KB4577066
KB4577070
KB4577071
KB4577352