Microsoft today fixed at least 87 security problems in Windows and programs that run on top of the operating system. By far, the most dangerous bug patched this month is CVE-2020-16898. Described as a remote code execution (RCE) vulnerability in the Windows TCP/IP stack, this bug can allow attackers to take over Windows systems by sending malicious ICMPv6 Router Advertisement packets to an unpatched computer via a network connection. Yes, good people of the Windows world, it’s time once again to use XEOX!
Get back full control on windows update by using XEOX Job Editor.
The October 2020 Patch Tuesday Security Updates
Security Updates are available for the following software:
- Microsoft Windows
- Microsoft Office and Microsoft Office Services and Web Apps
- Microsoft JET Database Engine
- Azure Functions
- Open Source Software
- Microsoft Exchange Server
- Visual Studio
- PowerShellGet
- Microsoft .NET Framework
- Microsoft Dynamics
- Adobe Flash Player
- Microsoft Windows Codecs Library
Information about the updates:
- Microsoft is improving Windows Release Notes. For more information, please see What’s next for Windows release notes.
- For information regarding enabling Windows 10, version 1909 features, please see Windows 10, version 1909 delivery options. Note that Windows 10, versions 1903 and 1909 share a common core operating system with an identical set of system files. They will also share the same security update KBs.
- Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
- For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
- A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
- Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
- In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
- Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.
| Tag | CVE ID | CVE Title |
| Adobe Flash Player | ADV200012 | October 2020 Adobe Flash Security Update |
| .NET Framework | CVE-2020-16937 | .NET Framework Information Disclosure Vulnerability |
| Azure | CVE-2020-16995 | Network Watcher Agent Virtual Machine Extension for Linux Elevation of Privilege Vulnerability |
| Azure | CVE-2020-16904 | Azure Functions Elevation of Privilege Vulnerability |
| Group Policy | CVE-2020-16939 | Group Policy Elevation of Privilege Vulnerability |
| Microsoft Dynamics | CVE-2020-16978 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability |
| Microsoft Dynamics | CVE-2020-16956 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability |
| Microsoft Dynamics | CVE-2020-16943 | Dynamics 365 Commerce Elevation of Privilege Vulnerability |
| Microsoft Exchange Server | CVE-2020-16969 | Microsoft Exchange Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2020-16911 | GDI+ Remote Code Execution Vulnerability |
| Microsoft Graphics Component | CVE-2020-16914 | Windows GDI+ Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2020-16923 | Microsoft Graphics Components Remote Code Execution Vulnerability |
| Microsoft Graphics Component | CVE-2020-1167 | Microsoft Graphics Components Remote Code Execution Vulnerability |
| Microsoft NTFS | CVE-2020-16938 | Windows Kernel Information Disclosure Vulnerability |
| Microsoft Office | CVE-2020-16933 | Microsoft Word Security Feature Bypass Vulnerability |
| Microsoft Office | CVE-2020-16929 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-16934 | Microsoft Office Click-to-Run Elevation of Privilege Vulnerability |
| Microsoft Office | CVE-2020-16932 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-16930 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-16955 | Microsoft Office Click-to-Run Elevation of Privilege Vulnerability |
| Microsoft Office | CVE-2020-16928 | Microsoft Office Click-to-Run Elevation of Privilege Vulnerability |
| Microsoft Office | CVE-2020-16957 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-16918 | Base3D Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-16949 | Microsoft Outlook Denial of Service Vulnerability |
| Microsoft Office | CVE-2020-16947 | Microsoft Outlook Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-16931 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-16954 | Microsoft Office Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-17003 | Base3D Remote Code Execution Vulnerability |
| Microsoft Office SharePoint | CVE-2020-16948 | Microsoft SharePoint Information Disclosure Vulnerability |
| Microsoft Office SharePoint | CVE-2020-16953 | Microsoft SharePoint Information Disclosure Vulnerability |
| Microsoft Office SharePoint | CVE-2020-16942 | Microsoft SharePoint Information Disclosure Vulnerability |
| Microsoft Office SharePoint | CVE-2020-16951 | Microsoft SharePoint Remote Code Execution Vulnerability |
| Microsoft Office SharePoint | CVE-2020-16944 | Microsoft SharePoint Reflective XSS Vulnerability |
| Microsoft Office SharePoint | CVE-2020-16945 | Microsoft Office SharePoint XSS Vulnerability |
| Microsoft Office SharePoint | CVE-2020-16946 | Microsoft Office SharePoint XSS Vulnerability |
| Microsoft Office SharePoint | CVE-2020-16941 | Microsoft SharePoint Information Disclosure Vulnerability |
| Microsoft Office SharePoint | CVE-2020-16950 | Microsoft SharePoint Information Disclosure Vulnerability |
| Microsoft Office SharePoint | CVE-2020-16952 | Microsoft SharePoint Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2020-16900 | Windows Event System Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-16901 | Windows Kernel Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2020-16899 | Windows TCP/IP Denial of Service Vulnerability |
| Microsoft Windows | CVE-2020-16908 | Windows Setup Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-16909 | Windows Error Reporting Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-16912 | Windows Backup Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-16940 | Windows – User Profile Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-16907 | Win32k Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-16936 | Windows Backup Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-16898 | Windows TCP/IP Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2020-16897 | NetBT Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2020-16895 | Windows Error Reporting Manager Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-16919 | Windows Enterprise App Management Service Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2020-16921 | Windows Text Services Framework Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2020-16920 | Windows Application Compatibility Client Library Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-16972 | Windows Backup Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-16877 | Windows Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-16876 | Windows Application Compatibility Client Library Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-16975 | Windows Backup Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-16973 | Windows Backup Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-16974 | Windows Backup Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-16922 | Windows Spoofing Vulnerability |
| Microsoft Windows | CVE-2020-0764 | Windows Storage Services Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-16980 | Windows iSCSI Target Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1080 | Windows Hyper-V Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-16887 | Windows Network Connections Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-16885 | Windows Storage VSP Driver Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-16924 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2020-16976 | Windows Backup Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-16935 | Windows COM Server Elevation of Privilege Vulnerability |
| Microsoft Windows Codecs Library | CVE-2020-16967 | Windows Camera Codec Pack Remote Code Execution Vulnerability |
| Microsoft Windows Codecs Library | CVE-2020-16968 | Windows Camera Codec Pack Remote Code Execution Vulnerability |
| PowerShellGet | CVE-2020-16886 | PowerShellGet Module WDAC Security Feature Bypass Vulnerability |
| Visual Studio | CVE-2020-16977 | Visual Studio Code Python Extension Remote Code Execution Vulnerability |
| Windows COM | CVE-2020-16916 | Windows COM Server Elevation of Privilege Vulnerability |
| Windows Error Reporting | CVE-2020-16905 | Windows Error Reporting Elevation of Privilege Vulnerability |
| Windows Hyper-V | CVE-2020-16894 | Windows NAT Remote Code Execution Vulnerability |
| Windows Hyper-V | CVE-2020-1243 | Windows Hyper-V Denial of Service Vulnerability |
| Windows Hyper-V | CVE-2020-16891 | Windows Hyper-V Remote Code Execution Vulnerability |
| Windows Installer | CVE-2020-16902 | Windows Installer Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2020-16889 | Windows KernelStream Information Disclosure Vulnerability |
| Windows Kernel | CVE-2020-16892 | Windows Image Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2020-16913 | Win32k Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2020-1047 | Windows Hyper-V Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2020-16910 | Windows Security Feature Bypass Vulnerability |
| Windows Media Player | CVE-2020-16915 | Media Foundation Memory Corruption Vulnerability |
| Windows RDP | CVE-2020-16863 | Windows Remote Desktop Service Denial of Service Vulnerability |
| Windows RDP | CVE-2020-16927 | Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability |
| Windows RDP | CVE-2020-16896 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability |
| Windows Secure Kernel Mode | CVE-2020-16890 | Windows Kernel Elevation of Privilege Vulnerability |
The following KBs contain information about known issues with the security updates. For a complete list of security update KBs, please see 20201013. For more information about Windows Known Issues, please see Windows message center.
| KB Article | Applies To |
|---|---|
| 4577668 | Windows 10 Version 1809, Windows Server 2019 |
| 4577671 | Windows 10, version 1903, Windows Server version 1903, Windows 10, version 1909, Windows Server version 1909 |
| 4579311 | Windows 10, version 2004 |
| 4580327 | Windows 10 |
| 4580328 | Windows 10, version 1709 |
| 4580330 | Windows 10, version 1803 |
| 4580345 | Windows 7, Windows Server 2008 R2 (Monthly Rollup) |
| 4580346 | Windows 10, version 1607, Windows Server 2016 |
| 4580347 | Windows 8.1, Windows Server 2012 R2 (Monthly Rollup) |
| 4580353 | Windows Server 2012 (Security-only update) |
| 4580358 | Windows 8.1, Windows Server 2012 R2 (Security-only update) |
| 4580378 | Windows Server 2008 Service Pack 2 (Monthly Rollup) |
| 4580382 | Windows Server 2012 (Monthly Rollup) |
| 4580385 | Windows Server 2008 Service Pack 2 (Security-only update) |
| 4580387 | Windows 7, Windows Server 2008 R2 (Security-only update) |
| 4581424 | Exchange Server 2019, Exchange Server 2016, Exchange Server 2013 |
More Information:
https://krebsonsecurity.com/2020/10/microsoft-patch-tuesday-october-2020-edition/
https://www.zdnet.com/article/microsoft-october-2020-patch-tuesday-fixes-87-vulnerabilities/
https://msrc.microsoft.com/update-guide/en-us/releaseNote/2020-Oct
https://wuinstall.com/index.php/blog-list/item/24-how-to-force-windows-2004-feature-upgrade-os-build-19041-to-install-using-the-command-line.html
https://windowsreport.com/windows-10-patch-tuesday-update-history/
KB4577668
KB4577671
KB4579311
KB4580327
KB4580328
KB4580330
KB4580345
KB4580346
KB4580347
KB4580353
KB4580358
KB4580378
KB4580382
KB4580385
KB4580387
KB4581424
- ADV200012 *
- CVE-2020-16889
- CVE-2020-16896 *
- CVE-2020-16897
- CVE-2020-16901
- CVE-2020-16904
- CVE-2020-16908 *
- CVE-2020-16914
- CVE-2020-16918
- CVE-2020-16919
- CVE-2020-16921
- CVE-2020-16928
- CVE-2020-16929
- CVE-2020-16930
- CVE-2020-16931
- CVE-2020-16932
- CVE-2020-16933 *
- CVE-2020-16934
- CVE-2020-16937
- CVE-2020-16938
- CVE-2020-16941
- CVE-2020-16942
- CVE-2020-16947 *
- CVE-2020-16949 *
- CVE-2020-16954
- CVE-2020-16955
- CVE-2020-16957
- CVE-2020-16969
- CVE-2020-16995
