Microsoft Patch Tuesday, September 2020 Edition

Microsoft today released updates to remedy nearly 130 security vulnerabilities in its Windows operating system and supported software. None of the flaws are known to be currently under active exploitation, but 23 of them could be exploited by malware or malcontents to seize complete control of Windows computers with little or no help from users. Yes, good people of the Windows world, it’s time once again to use XEOX!

For information about the non-security Windows updates, you can read about today’s Windows 10 security updates on https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Sep

Get back full control on windows update by using XEOX Job Editor.

The September 2020 Patch Tuesday Security Updates

Below is the full list of resolved vulnerabilities and released advisories in the September 2020 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.

Tag	CVE ID	CVE Title	Severity
Active Directory	CVE-2020-0761	Active Directory Remote Code Execution Vulnerability	Important
Active Directory	CVE-2020-0856	Active Directory Information Disclosure Vulnerability	Important
Active Directory	CVE-2020-0718	Active Directory Remote Code Execution Vulnerability	Important
Active Directory	CVE-2020-0664	Active Directory Information Disclosure Vulnerability	Important
Active Directory Federation Services	CVE-2020-0837	ADFS Spoofing Vulnerability	Important
ASP.NET	CVE-2020-1045	Microsoft ASP.NET Core Security Feature Bypass Vulnerability	Important
Common Log File System Driver	CVE-2020-1115	Windows Common Log File System Driver Elevation of Privilege Vulnerability	Important
Internet Explorer	CVE-2020-1012	WinINet API Elevation of Privilege Vulnerability	Important
Internet Explorer	CVE-2020-16884	Internet Explorer Browser Helper Object (BHO) Memory Corruption Vulnerability	Important
Internet Explorer	CVE-2020-1506	Windows Start-Up Application Elevation of Privilege Vulnerability	Important
Microsoft Browsers	CVE-2020-0878	Microsoft Browser Memory Corruption Vulnerability	Critical
Microsoft Dynamics	CVE-2020-16857	Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability	Critical
Microsoft Dynamics	CVE-2020-16858	Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability	Important
Microsoft Dynamics	CVE-2020-16860	Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability	Important
Microsoft Dynamics	CVE-2020-16859	Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability	Important
Microsoft Dynamics	CVE-2020-16861	Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability	Important
Microsoft Dynamics	CVE-2020-16872	Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability	Important
Microsoft Dynamics	CVE-2020-16864	Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability	Important
Microsoft Dynamics	CVE-2020-16878	Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability	Important
Microsoft Dynamics	CVE-2020-16862	Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability	Critical
Microsoft Dynamics	CVE-2020-16871	Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability	Important
Microsoft Exchange Server	CVE-2020-16875	Microsoft Exchange Memory Corruption Vulnerability	Critical
Microsoft Graphics Component	CVE-2020-0921	Microsoft Graphics Component Information Disclosure Vulnerability	Important
Microsoft Graphics Component	CVE-2020-0998	Windows Graphics Component Elevation of Privilege Vulnerability	Important
Microsoft Graphics Component	CVE-2020-1091	Windows Graphics Component Information Disclosure Vulnerability	Important
Microsoft Graphics Component	CVE-2020-1152	Windows Win32k Elevation of Privilege Vulnerability	Important
Microsoft Graphics Component	CVE-2020-1097	Windows Graphics Component Information Disclosure Vulnerability	Important
Microsoft Graphics Component	CVE-2020-1083	Microsoft Graphics Component Information Disclosure Vulnerability	Important
Microsoft Graphics Component	CVE-2020-1053	DirectX Elevation of Privilege Vulnerability	Important
Microsoft Graphics Component	CVE-2020-1308	DirectX Elevation of Privilege Vulnerability	Important
Microsoft Graphics Component	CVE-2020-1245	Win32k Elevation of Privilege Vulnerability	Important
Microsoft Graphics Component	CVE-2020-1285	GDI+ Remote Code Execution Vulnerability	Critical
Microsoft Graphics Component	CVE-2020-1256	Windows GDI Information Disclosure Vulnerability	Important
Microsoft Graphics Component	CVE-2020-1250	Win32k Information Disclosure Vulnerability	Important
Microsoft JET Database Engine	CVE-2020-1039	Jet Database Engine Remote Code Execution Vulnerability	Important
Microsoft JET Database Engine	CVE-2020-1074	Jet Database Engine Remote Code Execution Vulnerability	Important
Microsoft NTFS	CVE-2020-0838	NTFS Elevation of Privilege Vulnerability	Important
Microsoft Office	CVE-2020-1594	Microsoft Excel Remote Code Execution Vulnerability	Important
Microsoft Office	CVE-2020-1335	Microsoft Excel Remote Code Execution Vulnerability	Important
Microsoft Office	CVE-2020-16855	Microsoft Office Information Disclosure Vulnerability	Important
Microsoft Office	CVE-2020-1338	Microsoft Word Remote Code Execution Vulnerability	Important
Microsoft Office	CVE-2020-1332	Microsoft Excel Remote Code Execution Vulnerability	Important
Microsoft Office	CVE-2020-1224	Microsoft Excel Information Disclosure Vulnerability	Important
Microsoft Office	CVE-2020-1218	Microsoft Word Remote Code Execution Vulnerability	Important
Microsoft Office	CVE-2020-1193	Microsoft Excel Remote Code Execution Vulnerability	Important
Microsoft Office SharePoint	CVE-2020-1345	Microsoft Office SharePoint XSS Vulnerability	Important
Microsoft Office SharePoint	CVE-2020-1205	Microsoft SharePoint Spoofing Vulnerability	Important
Microsoft Office SharePoint	CVE-2020-1210	Microsoft SharePoint Remote Code Execution Vulnerability	Critical
Microsoft Office SharePoint	CVE-2020-1514	Microsoft Office SharePoint XSS Vulnerability	Important
Microsoft Office SharePoint	CVE-2020-1595	Microsoft SharePoint Remote Code Execution Vulnerability	Critical
Microsoft Office SharePoint	CVE-2020-1523	Microsoft SharePoint Server Tampering Vulnerability	Important
Microsoft Office SharePoint	CVE-2020-1440	Microsoft SharePoint Server Tampering Vulnerability	Important
Microsoft Office SharePoint	CVE-2020-1200	Microsoft SharePoint Remote Code Execution Vulnerability	Critical
Microsoft Office SharePoint	CVE-2020-1482	Microsoft Office SharePoint XSS Vulnerability	Important
Microsoft Office SharePoint	CVE-2020-1198	Microsoft Office SharePoint XSS Vulnerability	Important
Microsoft Office SharePoint	CVE-2020-1227	Microsoft Office SharePoint XSS Vulnerability	Important
Microsoft Office SharePoint	CVE-2020-1576	Microsoft SharePoint Remote Code Execution Vulnerability	Critical
Microsoft Office SharePoint	CVE-2020-1452	Microsoft SharePoint Remote Code Execution Vulnerability	Critical
Microsoft Office SharePoint	CVE-2020-1575	Microsoft Office SharePoint XSS Vulnerability	Important
Microsoft Office SharePoint	CVE-2020-1453	Microsoft SharePoint Remote Code Execution Vulnerability	Critical
Microsoft Office SharePoint	CVE-2020-1460	Microsoft SharePoint Server Remote Code Execution Vulnerability	Critical
Microsoft OneDrive	CVE-2020-16853	OneDrive for Windows Elevation of Privilege Vulnerability	Important
Microsoft OneDrive	CVE-2020-16851	OneDrive for Windows Elevation of Privilege Vulnerability	Important
Microsoft OneDrive	CVE-2020-16852	OneDrive for Windows Elevation of Privilege Vulnerability	Important
Microsoft Scripting Engine	CVE-2020-1057	Scripting Engine Memory Corruption Vulnerability	Critical
Microsoft Scripting Engine	CVE-2020-1180	Scripting Engine Memory Corruption Vulnerability	Important
Microsoft Scripting Engine	CVE-2020-1172	Scripting Engine Memory Corruption Vulnerability	Critical
Microsoft Windows	CVE-2020-1596	TLS Information Disclosure Vulnerability	Important
Microsoft Windows	CVE-2020-1169	Windows Runtime Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2020-1593	Windows Media Audio Decoder Remote Code Execution Vulnerability	Critical
Microsoft Windows	CVE-2020-1159	Windows Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2020-1598	Windows UPnP Service Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2020-0790	Microsoft splwow64 Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2020-0922	Microsoft COM for Windows Remote Code Execution Vulnerability	Critical
Microsoft Windows	CVE-2020-0782	Windows Cryptographic Catalog Services Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2020-0648	Windows RSoP Service Application Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2020-0766	Microsoft Store Runtime Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2020-1590	Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2020-1376	Windows Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2020-1471	Windows CloudExperienceHost Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2020-16879	Projected Filesystem Information Disclosure Vulnerability	Important
Microsoft Windows	CVE-2020-1013	Group Policy Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2020-1532	Windows InstallService Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2020-1491	Windows Function Discovery Service Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2020-1303	Windows Runtime Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2020-1252	Windows Remote Code Execution Vulnerability	Critical
Microsoft Windows	CVE-2020-1559	Windows Storage Services Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2020-1507	Microsoft COM for Windows Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2020-1508	Windows Media Audio Decoder Remote Code Execution Vulnerability	Critical
Microsoft Windows	CVE-2020-0914	Windows State Repository Service Information Disclosure Vulnerability	Important
Microsoft Windows	CVE-2020-0886	Windows Storage Services Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2020-0989	Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability	Important
Microsoft Windows	CVE-2020-0875	Microsoft splwow64 Information Disclosure Vulnerability	Important
Microsoft Windows	CVE-2020-0912	Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2020-1038	Windows Routing Utilities Denial of Service	Important
Microsoft Windows	CVE-2020-0908	Windows Text Service Module Remote Code Execution Vulnerability	Critical
Microsoft Windows	CVE-2020-1052	Windows Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2020-0911	Windows Modules Installer Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2020-0805	Projected Filesystem Security Feature Bypass Vulnerability	Important
Microsoft Windows	CVE-2020-1119	Windows Information Disclosure Vulnerability	Important
Microsoft Windows	CVE-2020-1146	Microsoft Store Runtime Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2020-0951	Windows Defender Application Control Security Feature Bypass Vulnerability	Important
Microsoft Windows	CVE-2020-1122	Windows Language Pack Installer Elevation of Privilege Vulnerability	Important
Microsoft Windows	CVE-2020-1098	Windows Shell Infrastructure Component Elevation of Privilege Vulnerability	Important
Microsoft Windows Codecs Library	CVE-2020-1319	Microsoft Windows Codecs Library Remote Code Execution Vulnerability	Critical
Microsoft Windows Codecs Library	CVE-2020-0997	Windows Camera Codec Pack Remote Code Execution Vulnerability	Critical
Microsoft Windows Codecs Library	CVE-2020-1129	Microsoft Windows Codecs Library Remote Code Execution Vulnerability	Critical
Microsoft Windows DNS	CVE-2020-0839	Windows dnsrslvr.dll Elevation of Privilege Vulnerability	Important
Microsoft Windows DNS	CVE-2020-1228	Windows DNS Denial of Service Vulnerability	Important
Microsoft Windows DNS	CVE-2020-0836	Windows DNS Denial of Service Vulnerability	Important
Open Source Software	CVE-2020-16873	Xamarin.Forms Spoofing Vulnerability	Important
SQL Server	CVE-2020-1044	SQL Server Reporting Services Security Feature Bypass Vulnerability	Moderate
Visual Studio	CVE-2020-16874	Visual Studio Remote Code Execution Vulnerability	Critical
Visual Studio	CVE-2020-16856	Visual Studio Remote Code Execution Vulnerability	Important
Visual Studio	CVE-2020-16881	Visual Studio JSON Remote Code Execution Vulnerability	Important
Windows DHCP Server	CVE-2020-1031	Windows DHCP Server Information Disclosure Vulnerability	Important
Windows Diagnostic Hub	CVE-2020-1130	Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability	Important
Windows Diagnostic Hub	CVE-2020-1133	Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability	Important
Windows Hyper-V	CVE-2020-0904	Windows Hyper-V Denial of Service Vulnerability	Important
Windows Hyper-V	CVE-2020-0890	Windows Hyper-V Denial of Service Vulnerability	Important
Windows Kernel	CVE-2020-0941	Win32k Information Disclosure Vulnerability	Important
Windows Kernel	CVE-2020-0928	Windows Kernel Information Disclosure Vulnerability	Important
Windows Kernel	CVE-2020-16854	Windows Kernel Information Disclosure Vulnerability	Important
Windows Kernel	CVE-2020-1034	Windows Kernel Elevation of Privilege Vulnerability	Important
Windows Kernel	CVE-2020-1033	Windows Kernel Information Disclosure Vulnerability	Important
Windows Kernel	CVE-2020-1589	Windows Kernel Information Disclosure Vulnerability	Important
Windows Kernel	CVE-2020-1592	Windows Kernel Information Disclosure Vulnerability	Important
Windows Print Spooler Components	CVE-2020-1030	Windows Print Spooler Elevation of Privilege Vulnerability	Important
Windows Shell	CVE-2020-0870	Shell infrastructure component Elevation of Privilege Vulnerability	Important

More Information:

https://krebsonsecurity.com/2020/09/microsoft-patch-tuesday-sept-2020-edition/
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Sep
https://wuinstall.com/index.php/blog-list/item/24-how-to-force-windows-2004-feature-upgrade-os-build-19041-to-install-using-the-command-line.html
https://windowsreport.com/windows-10-patch-tuesday-update-history/

KB4484488
KB4484515
KB4486667
KB4570333
KB4571756
KB4577015
KB4577038
KB4577048
KB4577051
KB4577053
KB4577064
KB4577066
KB4577070
KB4577071
KB4577352

CVE-2020-0664
CVE-2020-0856
CVE-2020-0875
CVE-2020-0914
CVE-2020-0921
CVE-2020-0928
CVE-2020-0941
CVE-2020-0989
CVE-2020-1031
CVE-2020-1033
CVE-2020-1083
CVE-2020-1091
CVE-2020-1097
CVE-2020-1119
CVE-2020-1193
CVE-2020-1210
CVE-2020-1218
CVE-2020-1224
CVE-2020-1250
CVE-2020-1256
CVE-2020-1332
CVE-2020-1335
CVE-2020-1338
CVE-2020-1589
CVE-2020-1592
CVE-2020-1594
CVE-2020-1596 *
CVE-2020-16851 *
CVE-2020-16852 *
CVE-2020-16853 *
CVE-2020-16854
CVE-2020-16855
CVE-2020-16879
CVE-2020-16884 *

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Microsoft Patch Tuesday, September 2020 Edition

The September 2020 Patch Tuesday Security Updates

Share This Post

More blog posts

What is Rootkit?

Understanding PGP Encryption

Company

Resources

ComplianCe