Security News > 2020 > September > September 2020 Patch Tuesday: Microsoft fixes over 110 CVEs again
Trend Micro Zero Day Initiative's Dustin Childs says that patching CVE-2020-16875, a memory corruption vulnerability in Microsoft Exchange, should be top priority for organizations using the popular mail server.
CVE-2020-0922, a RCE in Microsoft COM, should also be patched quickly on all Windows and Windows Server systems.
He also advised organizations in the financial industry who use Microsoft Dynamics 365 for Finance and Operations and Microsoft Dynamics 365 to quickly patch CVE-2020-16857 and CVE-2020-16862.
Intel took advantage of the September 2020 Patch Tuesday to release four advisories, accompanying fixes for the Intel Driver & Support Assistant, BIOS firmware for multiple Intel Platforms, and Intel Active Management Technology and Intel Standard Manageability.
SAP marked the September 2020 Patch Tuesday by releasing 10 security notes and updates to six previously released ones.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/5sJ6jTzQOXc/
Related news
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- February's Patch Tuesday sees Microsoft offer just 63 fixes (source)
- Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft (source)
- Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws (source)
- March 2025 Patch Tuesday forecast: A return to normalcy (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-11 | CVE-2020-0922 | Unspecified vulnerability in Microsoft products <p>A remote code execution vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. | 0.0 |
| 2020-09-11 | CVE-2020-16857 | Unspecified vulnerability in Microsoft Dynamics 365 for Finance and Operations 10.0.11 <p>A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11. | 0.0 |
| 2020-09-11 | CVE-2020-16862 | Unspecified vulnerability in Microsoft Dynamics 365 9.0 <p>A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server. | 0.0 |
| 2020-09-11 | CVE-2020-16875 | Improper Privilege Management vulnerability in Microsoft Exchange Server 2016/2019 <p>A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.</p> <p>An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. | 0.0 |