Security News > 2020 > October > Microsoft Patch Tuesday, October 2020 Edition
It's Cybersecurity Awareness Month! In keeping with that theme, if youuse Microsoft Windows computers you should be aware the company shipped a bevy of software updates today to fix at least 87 security problems in Windows and programs that run on top of the operating system.
Worst in terms of outright scariness is probably CVE-2020-16898, which is a nasty bug in Windows 10 and Windows Server 2019 that could be abused to install malware just by sending a malformed packet of data at a vulnerable system.
Trend Micro's Zero Day Initiative calls special attention to another critical bug quashed in this month's patch batch: CVE-2020-16947, which is a problem with Microsoft Outlook that could result in malware being loaded onto a system just by previewing a malicious email in Outlook.
Mercifully, Adobe is slated to retire Flash Player later this year, and Microsoft has said it plans to ship updates at the end of the year that will remove Flash from Windows machines.
It's a good idea for Windows users to get in the habit of updating at least once a month, but for regular users it's usually safe to wait a few days until after the patches are released, so that Microsoft has time to iron out any chinks in the new armor.
News URL
https://krebsonsecurity.com/2020/10/microsoft-patch-tuesday-october-2020-edition/
Related news
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- February's Patch Tuesday sees Microsoft offer just 63 fixes (source)
- Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- January 2025 Patch Tuesday forecast: Changes coming in cybersecurity guidance (source)
- Week in review: Exploited Ivanti Connect Secure zero-day, Patch Tuesday forecast (source)
- Patch Tuesday: January 2025 Security Update Patches Exploited Elevation of Privilege Attacks (source)
- Windows Patch Tuesday hits snag with Citrix software, workarounds published (source)
- February 2025 Patch Tuesday forecast: New directions for AI development (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-16 | CVE-2020-16898 | Unspecified vulnerability in Microsoft products <p>A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. | 0.0 |
| 2020-10-16 | CVE-2020-16947 | Out-of-bounds Write vulnerability in Microsoft 365 Apps, Office and Outlook <p>A remote code execution vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. | 0.0 |