Security News > 2020 > September > September 2020 Patch Tuesday: Microsoft fixes over 110 CVEs again
Trend Micro Zero Day Initiative's Dustin Childs says that patching CVE-2020-16875, a memory corruption vulnerability in Microsoft Exchange, should be top priority for organizations using the popular mail server.
CVE-2020-0922, a RCE in Microsoft COM, should also be patched quickly on all Windows and Windows Server systems.
He also advised organizations in the financial industry who use Microsoft Dynamics 365 for Finance and Operations and Microsoft Dynamics 365 to quickly patch CVE-2020-16857 and CVE-2020-16862.
Intel took advantage of the September 2020 Patch Tuesday to release four advisories, accompanying fixes for the Intel Driver & Support Assistant, BIOS firmware for multiple Intel Platforms, and Intel Active Management Technology and Intel Standard Manageability.
SAP marked the September 2020 Patch Tuesday by releasing 10 security notes and updates to six previously released ones.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/5sJ6jTzQOXc/
Related news
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Microsoft cleans up hot mess of Patch Tuesday preview (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Microsoft slips Task Manager and processor count fixes into Patch Tuesday (source)
- October 2024 Patch Tuesday forecast: Recall can be recalled (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Patch Tuesday: Internet Explorer Vulnerabilities Still Pose a Problem (source)
- Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch (source)
- November 2024 Patch Tuesday forecast: New servers arrive early (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-11 | CVE-2020-0922 | Unspecified vulnerability in Microsoft products <p>A remote code execution vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. | 8.8 |
| 2020-09-11 | CVE-2020-16857 | Unspecified vulnerability in Microsoft Dynamics 365 for Finance and Operations 10.0.11 <p>A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11. | 7.1 |
| 2020-09-11 | CVE-2020-16862 | Unspecified vulnerability in Microsoft Dynamics 365 9.0 <p>A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server. | 7.1 |
| 2020-09-11 | CVE-2020-16875 | Improper Privilege Management vulnerability in Microsoft Exchange Server 2016/2019 <p>A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.</p> <p>An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. | 8.4 |