Security News > 2020 > September > Enjoyed the US Labor Day weekend? Because it's September 2020 and Exchange Server can be pwned via email

Enjoyed the US Labor Day weekend? Because it's September 2020 and Exchange Server can be pwned via email
2020-09-08 22:02

September sees a bundle of 129 CVE-listed flaws patched by Microsoft.

Of the nearly two-dozen critical patches, Zero Day Initiative's Dustin Childs says that far and away the most serious is CVE-2020-16875, a memory object error in Exchange Server that allows a poisoned email to execute code with System clearance.

"We have seen the previously patched Exchange bug CVE-2020-0688 used in the wild, and that requires authentication. We'll likely see this one in the wild soon."

Intel drops critical fix for AMT/ISM. Of the four patches released this month by Intel, the most serious looks to the fix for CVE-2020-8758, an elevation of privilege bug in Active Management Technology and Standard Manageability.

Finally, there is Adobe Experience Manager, where a total of 11 CVE-listed bugs were patched.


News URL

https://go.theregister.com/feed/www.theregister.com/2020/09/08/patch_tuesday_september/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-09-11 CVE-2020-16875 Improper Privilege Management vulnerability in Microsoft Exchange Server 2016/2019
<p>A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.</p> <p>An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user.
network
low complexity
microsoft CWE-269
8.4
8.4
2020-09-10 CVE-2020-8758 Improper buffer restrictions in network subsystem in provisioned Intel(R) AMT and Intel(R) ISM versions before 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
network
low complexity
intel netapp
critical
 9.8
9.8
2020-02-11 CVE-2020-0688 Improper Authentication vulnerability in Microsoft Exchange Server
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.
network
low complexity
microsoft CWE-287
8.8
8.8