Security News > 2020 > September > September 2020 Patch Tuesday: Microsoft fixes over 110 CVEs again
Trend Micro Zero Day Initiative's Dustin Childs says that patching CVE-2020-16875, a memory corruption vulnerability in Microsoft Exchange, should be top priority for organizations using the popular mail server.
CVE-2020-0922, a RCE in Microsoft COM, should also be patched quickly on all Windows and Windows Server systems.
He also advised organizations in the financial industry who use Microsoft Dynamics 365 for Finance and Operations and Microsoft Dynamics 365 to quickly patch CVE-2020-16857 and CVE-2020-16862.
Intel took advantage of the September 2020 Patch Tuesday to release four advisories, accompanying fixes for the Intel Driver & Support Assistant, BIOS firmware for multiple Intel Platforms, and Intel Active Management Technology and Intel Standard Manageability.
SAP marked the September 2020 Patch Tuesday by releasing 10 security notes and updates to six previously released ones.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/5sJ6jTzQOXc/
Related news
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- Microsoft holds last Patch Tuesday of the year with 72 gifts for admins (source)
- Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others (source)
- What Is Patch Tuesday? Microsoft’s Monthly Update Explained (source)
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- Microsoft says premature patch could make Windows Recall forget how to work (source)
- December 2024 Patch Tuesday forecast: The secure future initiative impact (source)
- Week in review: Veeam Service Provider Console flaws fixed, Patch Tuesday forecast (source)
- Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability (source)
- January 2025 Patch Tuesday forecast: Changes coming in cybersecurity guidance (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-11 | CVE-2020-0922 | Unspecified vulnerability in Microsoft products <p>A remote code execution vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. | 0.0 |
| 2020-09-11 | CVE-2020-16857 | Unspecified vulnerability in Microsoft Dynamics 365 for Finance and Operations 10.0.11 <p>A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11. | 0.0 |
| 2020-09-11 | CVE-2020-16862 | Unspecified vulnerability in Microsoft Dynamics 365 9.0 <p>A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server. | 0.0 |
| 2020-09-11 | CVE-2020-16875 | Improper Privilege Management vulnerability in Microsoft Exchange Server 2016/2019 <p>A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.</p> <p>An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. | 0.0 |