Security News > 2020 > October > October 2020 Patch Tuesday: Microsoft fixes potentially wormable Windows TCP/IP RCE flaw
Microsoft has plugged 87 security holes, including critical ones in the Windows TCP/IP stack and Microsoft Outlook and Microsoft 365 Apps for Enterprise.
CVE-2020-16898 - A Windows TCP/IP vulnerability that could be remotely exploited by sending a specially crafted ICMPv6 router advertisement to an affected Windows server or client and could allow code execution.
CVE-2020-16947 - A remote code execution flaw affecting Microsoft Outlook and Microsoft 365 Apps for Enterprise.
Adobe has published a single security bulletin this time, carrying news of security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. A critical NULL pointer dereference flaw has been fixed, which could lead to an exploitable crash and potentially allow arbitrary code execution in the context of the current user.
SAP marked the October 2020 Patch Tuesday by releasing 15 security notes and updates to 6 previously released ones.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/8P0v_GvX0OI/
Related news
- April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft (source)
- Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws (source)
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)
- April's Patch Tuesday leaves unlucky Windows Hello users unable to login (source)
- Microsoft pitches pay-to-patch reboot reduction subscription for Windows Server 2025 (source)
- Microsoft May 2025 Patch Tuesday fixes 5 exploited zero-days, 72 flaws (source)
- Microsoft fixes Windows update bug that uninstalled Copilot (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Microsoft lifts Windows 11 upgrade block after Asphalt 8 crash fix (source)
- Veeam RCE bug lets domain users hack backup servers, patch now (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-16 | CVE-2020-16898 | Unspecified vulnerability in Microsoft products <p>A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. | 0.0 |
| 2020-10-16 | CVE-2020-16947 | Out-of-bounds Write vulnerability in Microsoft 365 Apps, Office and Outlook <p>A remote code execution vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. | 0.0 |