Security News > 2020 > October > Microsoft Patch Tuesday, October 2020 Edition
It's Cybersecurity Awareness Month! In keeping with that theme, if youuse Microsoft Windows computers you should be aware the company shipped a bevy of software updates today to fix at least 87 security problems in Windows and programs that run on top of the operating system.
Worst in terms of outright scariness is probably CVE-2020-16898, which is a nasty bug in Windows 10 and Windows Server 2019 that could be abused to install malware just by sending a malformed packet of data at a vulnerable system.
Trend Micro's Zero Day Initiative calls special attention to another critical bug quashed in this month's patch batch: CVE-2020-16947, which is a problem with Microsoft Outlook that could result in malware being loaded onto a system just by previewing a malicious email in Outlook.
Mercifully, Adobe is slated to retire Flash Player later this year, and Microsoft has said it plans to ship updates at the end of the year that will remove Flash from Windows machines.
It's a good idea for Windows users to get in the habit of updating at least once a month, but for regular users it's usually safe to wait a few days until after the patches are released, so that Microsoft has time to iron out any chinks in the new armor.
News URL
https://krebsonsecurity.com/2020/10/microsoft-patch-tuesday-october-2020-edition/
Related news
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- Microsoft holds last Patch Tuesday of the year with 72 gifts for admins (source)
- Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others (source)
- What Is Patch Tuesday? Microsoft’s Monthly Update Explained (source)
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- Microsoft says premature patch could make Windows Recall forget how to work (source)
- December 2024 Patch Tuesday forecast: The secure future initiative impact (source)
- Week in review: Veeam Service Provider Console flaws fixed, Patch Tuesday forecast (source)
- Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability (source)
- January 2025 Patch Tuesday forecast: Changes coming in cybersecurity guidance (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-16 | CVE-2020-16898 | Unspecified vulnerability in Microsoft products <p>A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. | 0.0 |
| 2020-10-16 | CVE-2020-16947 | Out-of-bounds Write vulnerability in Microsoft 365 Apps, Office and Outlook <p>A remote code execution vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. | 0.0 |