Microsoft September 2020 Patch Tuesday fixes 129 vulnerabilities

Microsoft has published today its monthly batch of security updates, also known as Patch Tuesday. This month, the OS maker patched 129 vulnerabilities across 15 products, ranging from Windows to ASP.NET.

Of note is that this month, of the 129 vulnerabilities, 32 were classified as remote code execution issues, which are bugs that permit attackers to exploit vulnerable applications remotely, over a network.

Of these 32, 20 also received a severity classification of “critical,” the highest rating on Microsoft’s scale, making the 20 vulnerabilities some of the most important bugs patched across Microsoft products this month.The list of 20 critical RCEs includes bugs in:

All of the vulnerabilities listed above are serious issues, and especially the ones impacting Windows (due to the huge attack surface) and SharePoint and Dynamics 365 (as these systems are often installed on large enterprise networks).

Malware authors are known to follow Microsoft’s monthly security updates, select the most useful/dangerous bugs, and patch-diff the updated components to find the exact bug Microsoft fixed — so they can weaponize it for future attacks.

System administrators are advised to review the threat posed by each of the RCE vulnerabilities listed above, and then decide if this month’s security updates need to be applied right away or delayed for additional testing.

Below is additional information about today’s Microsoft Patch Tuesday and security updates released by other major tech companies:

Microsoft’s official Security Update Guide portal lists all security updates in a filterable table.
ZDNet has published this file listing all this month’s security advisories on one single page.
Adobe’s security updates are detailed here.
SAP security updates are available here.
Intel security updates are available here.
VMWare security updates are available here.
Chrome 85 security updates are detailed here.
The Android Security Bulletin for September 2020 will also be out later today, delayed due to the Labor Day extended weekend.

Tag	CVE ID	CVE Title
Active Directory	CVE-2020-0761	Active Directory Remote Code Execution Vulnerability
Active Directory	CVE-2020-0856	Active Directory Information Disclosure Vulnerability
Active Directory	CVE-2020-0718	Active Directory Remote Code Execution Vulnerability
Active Directory	CVE-2020-0664	Active Directory Information Disclosure Vulnerability
Active Directory Federation Services	CVE-2020-0837	ADFS Spoofing Vulnerability
ASP.NET	CVE-2020-1045	Microsoft ASP.NET Core Security Feature Bypass Vulnerability
Common Log File System Driver	CVE-2020-1115	Windows Common Log File System Driver Elevation of Privilege Vulnerability
Internet Explorer	CVE-2020-1012	WinINet API Elevation of Privilege Vulnerability
Internet Explorer	CVE-2020-16884	Internet Explorer Browser Helper Object (BHO) Memory Corruption Vulnerability
Internet Explorer	CVE-2020-1506	Windows Start-Up Application Elevation of Privilege Vulnerability
Microsoft Browsers	CVE-2020-0878	Microsoft Browser Memory Corruption Vulnerability
Microsoft Dynamics	CVE-2020-16857	Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
Microsoft Dynamics	CVE-2020-16858	Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
Microsoft Dynamics	CVE-2020-16860	Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
Microsoft Dynamics	CVE-2020-16859	Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
Microsoft Dynamics	CVE-2020-16861	Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
Microsoft Dynamics	CVE-2020-16872	Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
Microsoft Dynamics	CVE-2020-16864	Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
Microsoft Dynamics	CVE-2020-16878	Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
Microsoft Dynamics	CVE-2020-16862	Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
Microsoft Dynamics	CVE-2020-16871	Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
Microsoft Exchange Server	CVE-2020-16875	Microsoft Exchange Memory Corruption Vulnerability
Microsoft Graphics Component	CVE-2020-0921	Microsoft Graphics Component Information Disclosure Vulnerability
Microsoft Graphics Component	CVE-2020-0998	Windows Graphics Component Elevation of Privilege Vulnerability
Microsoft Graphics Component	CVE-2020-1091	Windows Graphics Component Information Disclosure Vulnerability
Microsoft Graphics Component	CVE-2020-1152	Windows Win32k Elevation of Privilege Vulnerability
Microsoft Graphics Component	CVE-2020-1097	Windows Graphics Component Information Disclosure Vulnerability
Microsoft Graphics Component	CVE-2020-1083	Microsoft Graphics Component Information Disclosure Vulnerability
Microsoft Graphics Component	CVE-2020-1053	DirectX Elevation of Privilege Vulnerability
Microsoft Graphics Component	CVE-2020-1308	DirectX Elevation of Privilege Vulnerability
Microsoft Graphics Component	CVE-2020-1245	Win32k Elevation of Privilege Vulnerability
Microsoft Graphics Component	CVE-2020-1285	GDI+ Remote Code Execution Vulnerability
Microsoft Graphics Component	CVE-2020-1256	Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component	CVE-2020-1250	Win32k Information Disclosure Vulnerability
Microsoft JET Database Engine	CVE-2020-1039	Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine	CVE-2020-1074	Jet Database Engine Remote Code Execution Vulnerability
Microsoft NTFS	CVE-2020-0838	NTFS Elevation of Privilege Vulnerability
Microsoft Office	CVE-2020-1594	Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office	CVE-2020-1335	Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office	CVE-2020-16855	Microsoft Office Information Disclosure Vulnerability
Microsoft Office	CVE-2020-1338	Microsoft Word Remote Code Execution Vulnerability
Microsoft Office	CVE-2020-1332	Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office	CVE-2020-1224	Microsoft Excel Information Disclosure Vulnerability
Microsoft Office	CVE-2020-1218	Microsoft Word Remote Code Execution Vulnerability
Microsoft Office	CVE-2020-1193	Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office SharePoint	CVE-2020-1345	Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint	CVE-2020-1205	Microsoft SharePoint Spoofing Vulnerability
Microsoft Office SharePoint	CVE-2020-1210	Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePoint	CVE-2020-1514	Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint	CVE-2020-1595	Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePoint	CVE-2020-1523	Microsoft SharePoint Server Tampering Vulnerability
Microsoft Office SharePoint	CVE-2020-1440	Microsoft SharePoint Server Tampering Vulnerability
Microsoft Office SharePoint	CVE-2020-1200	Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePoint	CVE-2020-1482	Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint	CVE-2020-1198	Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint	CVE-2020-1227	Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint	CVE-2020-1576	Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePoint	CVE-2020-1452	Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePoint	CVE-2020-1575	Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint	CVE-2020-1453	Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePoint	CVE-2020-1460	Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft OneDrive	CVE-2020-16853	OneDrive for Windows Elevation of Privilege Vulnerability
Microsoft OneDrive	CVE-2020-16851	OneDrive for Windows Elevation of Privilege Vulnerability
Microsoft OneDrive	CVE-2020-16852	OneDrive for Windows Elevation of Privilege Vulnerability
Microsoft Scripting Engine	CVE-2020-1057	Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2020-1180	Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2020-1172	Scripting Engine Memory Corruption Vulnerability
Microsoft Windows	CVE-2020-1596	TLS Information Disclosure Vulnerability
Microsoft Windows	CVE-2020-1169	Windows Runtime Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1593	Windows Media Audio Decoder Remote Code Execution Vulnerability
Microsoft Windows	CVE-2020-1159	Windows Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1598	Windows UPnP Service Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-0790	Microsoft splwow64 Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-0922	Microsoft COM for Windows Remote Code Execution Vulnerability
Microsoft Windows	CVE-2020-0782	Windows Cryptographic Catalog Services Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-0648	Windows RSoP Service Application Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-0766	Microsoft Store Runtime Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1590	Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1376	Windows Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1471	Windows CloudExperienceHost Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-16879	Projected Filesystem Information Disclosure Vulnerability
Microsoft Windows	CVE-2020-1013	Group Policy Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1532	Windows InstallService Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1491	Windows Function Discovery Service Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1303	Windows Runtime Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1252	Windows Remote Code Execution Vulnerability
Microsoft Windows	CVE-2020-1559	Windows Storage Services Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1507	Microsoft COM for Windows Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1508	Windows Media Audio Decoder Remote Code Execution Vulnerability
Microsoft Windows	CVE-2020-0914	Windows State Repository Service Information Disclosure Vulnerability
Microsoft Windows	CVE-2020-0886	Windows Storage Services Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-0989	Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability
Microsoft Windows	CVE-2020-0875	Microsoft splwow64 Information Disclosure Vulnerability
Microsoft Windows	CVE-2020-0912	Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1038	Windows Routing Utilities Denial of Service
Microsoft Windows	CVE-2020-0908	Windows Text Service Module Remote Code Execution Vulnerability
Microsoft Windows	CVE-2020-1052	Windows Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-0911	Windows Modules Installer Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-0805	Projected Filesystem Security Feature Bypass Vulnerability
Microsoft Windows	CVE-2020-1119	Windows Information Disclosure Vulnerability
Microsoft Windows	CVE-2020-1146	Microsoft Store Runtime Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-0951	Windows Defender Application Control Security Feature Bypass Vulnerability
Microsoft Windows	CVE-2020-1122	Windows Language Pack Installer Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1098	Windows Shell Infrastructure Component Elevation of Privilege Vulnerability
Microsoft Windows Codecs Library	CVE-2020-1319	Microsoft Windows Codecs Library Remote Code Execution Vulnerability
Microsoft Windows Codecs Library	CVE-2020-0997	Windows Camera Codec Pack Remote Code Execution Vulnerability
Microsoft Windows Codecs Library	CVE-2020-1129	Microsoft Windows Codecs Library Remote Code Execution Vulnerability
Microsoft Windows DNS	CVE-2020-0839	Windows dnsrslvr.dll Elevation of Privilege Vulnerability
Microsoft Windows DNS	CVE-2020-1228	Windows DNS Denial of Service Vulnerability
Microsoft Windows DNS	CVE-2020-0836	Windows DNS Denial of Service Vulnerability
Open Source Software	CVE-2020-16873	Xamarin.Forms Spoofing Vulnerability
SQL Server	CVE-2020-1044	SQL Server Reporting Services Security Feature Bypass Vulnerability
Visual Studio	CVE-2020-16874	Visual Studio Remote Code Execution Vulnerability
Visual Studio	CVE-2020-16856	Visual Studio Remote Code Execution Vulnerability
Visual Studio	CVE-2020-16881	Visual Studio JSON Remote Code Execution Vulnerability
Windows DHCP Server	CVE-2020-1031	Windows DHCP Server Information Disclosure Vulnerability
Windows Diagnostic Hub	CVE-2020-1130	Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
Windows Diagnostic Hub	CVE-2020-1133	Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
Windows Hyper-V	CVE-2020-0904	Windows Hyper-V Denial of Service Vulnerability
Windows Hyper-V	CVE-2020-0890	Windows Hyper-V Denial of Service Vulnerability
Windows Kernel	CVE-2020-0941	Win32k Information Disclosure Vulnerability
Windows Kernel	CVE-2020-0928	Windows Kernel Information Disclosure Vulnerability
Windows Kernel	CVE-2020-16854	Windows Kernel Information Disclosure Vulnerability
Windows Kernel	CVE-2020-1034	Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel	CVE-2020-1033	Windows Kernel Information Disclosure Vulnerability
Windows Kernel	CVE-2020-1589	Windows Kernel Information Disclosure Vulnerability
Windows Kernel	CVE-2020-1592	Windows Kernel Information Disclosure Vulnerability
Windows Print Spooler Components	CVE-2020-1030	Windows Print Spooler Elevation of Privilege Vulnerability
Windows Shell	CVE-2020-0870	Shell infrastructure component Elevation of Privilege Vulnerability

Source: Information Technologies - zdnet.com

Microsoft September 2020 Patch Tuesday fixes 129 vulnerabilities

New gene regulation model provides insight into brain development

Modeling the impact of testing, tracing, and quarantine

ITALIAN LANGUAGE

ENGLISH LANGUAGE