Security News > 2020 > September > Microsoft’s Patch Tuesday Packed with Critical RCE Bugs
Microsoft has released patches for 129 security bugs in its September Patch Tuesday update.
Another critical RCE vulnerability that should be prioritized for patching is CVE-2020-1210, which exists in SharePoint due to a failure to check an application package's source markup.
September's slew of patches also features several other RCE bugs, including one in the Microsoft Windows Codecs Library, which is used by multiple applications and can therefore affect a wide range of programs.
September's Patch Tuesday release continues a trend of high-volume security updates.
Adobe fixed five critical cross-site scripting flaws in Experience Manager as part of its regularly scheduled patches on Tuesday.
News URL
https://threatpost.com/microsofts-patch-tuesday-critical-rce-bugs/159044/
Related news
- Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
- Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (source)
- Microsoft May 2025 Patch Tuesday fixes 5 exploited zero-days, 72 flaws (source)
- Patch Tuesday: Microsoft fixes 5 actively exploited zero-days (source)
- Microsoft's May Patch Tuesday update fails on some Windows 11 VMs (source)
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
- Microsoft pitches pay-to-patch reboot reduction subscription for Windows Server 2025 (source)
- Critical Langflow RCE flaw exploited to hack AI app servers (source)
- SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-11 | CVE-2020-1210 | Download of Code Without Integrity Check vulnerability in Microsoft products <p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. | 0.0 |