Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ The September 2020 Security Update Review

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š The September 2020 Security Update Review


๐Ÿ’ก Newskategorie: Hacking
๐Ÿ”— Quelle: thezdi.com

September is upon us and so are the latest security offerings from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details of security patches for this month.

Adobe Patches for September 2020

Adobe released three patches addressing 18 unique CVEs in InDesign, Framemaker, and Adobe Experience Manager. The patch forย InDesignย corrects five memory corruption bugs. The patch forย Framemakerย fixes an out-of-bounds read and an stack-based buffer overflow. Both are rated Critical and both were reported through the ZDI program. The patch forย Experience Managerย fixes a variety of bugs, but most are related to cross-site scripting (XSS).

As a reminder, Adobe Flash will go out of support at the end of thisย year. It will be interesting to see if any further patches for the once ubiquitous media player are released.

Microsoft Patches for August 2020

For September, Microsoft released patches for 129 CVEs in Microsoft Windows, Edge (EdgeHTML-based and Chromium-based), ChakraCore, Internet Explorer (IE), SQL Server, Office and Office Services and Web Apps, Microsoft Dynamics, Visual Studio, Exchange Server, ASP.NET, OneDrive, and Azure DevOps. That brings us to seven straight months of 110+ CVEs. It also brings the yearly total close to 1,000. It certainly seems like this volume is the new normal for Microsoft patches.ย 

Of these 129 patches, 23 are listed as Critical while 105 are listed as Important, and one is listed as Moderate in severity. A total of 12 of these bugs came through the ZDI program. None of the bugs are listed as publicly known or under active attack at the time of release. Letโ€™s take a closer look at some of the more severe bugs in this release, starting with an Exchange bug that is sure to get a lot of attention:

-ย ย ย ย ย ย ย CVE-2020-16875ย โ€“ Microsoft Exchange Memory Corruption VulnerabilityWithout a doubt, this is the most severe bug being addressed this month. This patch corrects a vulnerability that allows an attacker to execute code at SYSTEM by sending a specially crafted email to an affected Exchange Server. That doesnโ€™t quite make it wormable, but itโ€™s about the worst-case scenario for Exchange servers. We have seen the previously patched Exchange bugย CVE-2020-0688used in the wild, and that requires authentication. Weโ€™ll likely see this one in the wild soon. This should be your top priority.

ย -ย ย ย ย ย ย ย CVE-2020-1129ย โ€“ Microsoft Windows Codecs Library Remote Code Execution Vulnerabilityย This bug was reported by ZDI vulnerability researcher Hossein Lotfi and could allow code execution if an affected system views a specially crafted image. Since this vulnerability resides in the codecs library, multiple applications could be affected. The specific flaw exists within the parsing ofย HEVCย streams. A crafted HEVC stream in a video file can trigger an overflow of a fixed-length stack-based buffer.

-ย ย ย ย ย ย ย CVE-2020-0922ย โ€“ Microsoft COM for Windows Remote Code Execution Vulnerability
This patch corrects a vulnerability that would allow an attacker to execute code on an affected system if they can convince a user to open a specially crafted file or lure the target to a website hosting malicious JavaScript. Since this bug resides in COM, there are likely multiple applications that could be impacted by this flaw.

-ย ย ย ย ย ย ย CVE-2020-0951ย โ€“ Windows Defender Application Control Security Feature Bypass Vulnerability
This patch is interesting for reasons beyond just the bug being fixed. An attacker with administrative privileges on a local machine could connect to a PowerShell session and send commands to execute arbitrary code. This behavior should be blocked by WDAC, which does make this an interesting bypass. However, whatโ€™s really interesting is that this is getting patched at all. Vulnerabilities that require administrative access to exploit typically do not get patches. Iโ€™m curious about what makes this one different.

Hereโ€™s the full list of CVEs released by Microsoft for September 2020:

CVE Title Severity Public Exploited XI - Latest XI - Older Type
CVE-2020-1285 GDI+ Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-0878 Microsoft Browser Memory Corruption Vulnerability Critical No No 2 2 RCE
CVE-2020-0922 Microsoft COM for Windows Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-16862 Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-16857 Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability Critical No No N/A N/A RCE
CVE-2020-16875 Microsoft Exchange Memory Corruption Vulnerability Critical No No 2 2 RCE
CVE-2020-1200 Microsoft SharePoint Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-1210 Microsoft SharePoint Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-1452 Microsoft SharePoint Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-1453 Microsoft SharePoint Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-1576 Microsoft SharePoint Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-1595 Microsoft SharePoint Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-1460 Microsoft SharePoint Server Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-1129 Microsoft Windows Codecs Library Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-1319 Microsoft Windows Codecs Library Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-1057 Scripting Engine Memory Corruption Vulnerability Critical No No 2 2 RCE
CVE-2020-1172 Scripting Engine Memory Corruption Vulnerability Critical No No 2 2 RCE
CVE-2020-16874 Visual Studio Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-0997 Windows Camera Codec Pack Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-1508 Windows Media Audio Decoder Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-1593 Windows Media Audio Decoder Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-1252 Windows Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-0908 Windows Text Service Module Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-0664 Active Directory Information Disclosure Vulnerability Important No No 1 1 Info
CVE-2020-0856 Active Directory Information Disclosure Vulnerability Important No No 1 1 Info
CVE-2020-0718 Active Directory Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-0761 Active Directory Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-0837 ADFS Spoofing Vulnerability Important No No 2 2 Spoofing
CVE-2020-1590 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1130 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1133 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1053 DirectX Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1308 DirectX Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2020-1013 Group Policy Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-16884 Internet Explorer Browser Helper Object (BHO) Memory Corruption Vulnerability Important No No 2 2 RCE
CVE-2020-1039 Jet Database Engine Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1074 Jet Database Engine Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1045 Microsoft ASP.NET Core Security Feature Bypass Vulnerability Important No No 2 2 SFB
CVE-2020-1507 Microsoft COM for Windows Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-16858 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Important No No 2 2 XSS
CVE-2020-16859 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Important No No 2 2 XSS
CVE-2020-16861 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Important No No 2 2 XSS
CVE-2020-16864 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Important No No 2 2 XSS
CVE-2020-16871 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Important No No 2 2 XSS
CVE-2020-16872 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Important No No 2 2 XSS
CVE-2020-16878 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Important No No 2 2 XSS
CVE-2020-16860 Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1224 Microsoft Excel Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1193 Microsoft Excel Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1332 Microsoft Excel Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1335 Microsoft Excel Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1594 Microsoft Excel Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-0921 Microsoft Graphics Component Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1083 Microsoft Graphics Component Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-16855 Microsoft Office Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1198 Microsoft Office SharePoint XSS Vulnerability Important No No N/A N/A XSS
CVE-2020-1227 Microsoft Office SharePoint XSS Vulnerability Important No No N/A N/A XSS
CVE-2020-1345 Microsoft Office SharePoint XSS Vulnerability Important No No 2 2 XSS
CVE-2020-1482 Microsoft Office SharePoint XSS Vulnerability Important No No 2 2 XSS
CVE-2020-1514 Microsoft Office SharePoint XSS Vulnerability Important No No 2 2 XSS
CVE-2020-1575 Microsoft Office SharePoint XSS Vulnerability Important No No 2 2 XSS
CVE-2020-1440 Microsoft SharePoint Server Tampering Vulnerability Important No No 2 2 Tampering
CVE-2020-1523 Microsoft SharePoint Server Tampering Vulnerability Important No No 2 2 Tampering
CVE-2020-1205 Microsoft SharePoint Spoofing Vulnerability Important No No 2 2 Spoofing
CVE-2020-0790 Microsoft splwow64 Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0875 Microsoft splwow64 Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0766 Microsoft Store Runtime Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1146 Microsoft Store Runtime Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1218 Microsoft Word Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1338 Microsoft Word Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-0838 NTFS Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-16851 OneDrive for Windows Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-16852 OneDrive for Windows Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-16853 OneDrive for Windows Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-16879 Projected Filesystem Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0805 Projected Filesystem Security Feature Bypass Vulnerability Important No No 2 2 SFB
CVE-2020-1180 Scripting Engine Memory Corruption Vulnerability Important No No 2 2 RCE
CVE-2020-0870 Shell infrastructure component Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1596 TLS Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-16881 Visual Studio JSON Remote Code Execution Important No No 2 2 RCE
CVE-2020-16856 Visual Studio Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1245 Win32k Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2020-0941 Win32k Information Disclosure Vulnerability Important No No 1 1 Info
CVE-2020-1250 Win32k Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1471 Windows CloudExperienceHost Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1115 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2020-0782 Windows Cryptographic Catalog Services Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0951 Windows Defender Application Control Security Feature Bypass Vulnerability Important No No 2 2 SFB
CVE-2020-1031 Windows DHCP Server Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0836 Windows DNS Denial of Service Vulnerability Important No No 2 2 DoS
CVE-2020-1228 Windows DNS Denial of Service Vulnerability Important No No 2 2 DoS
CVE-2020-0839 Windows dnsrslvr.dll Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1052 Windows Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1159 Windows Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1376 Windows Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1491 Windows Function Discovery Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0912 Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1256 Windows GDI Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0998 Windows Graphics Component Elevation of Privilege Vulnerability Important No No 2 2 EoP
...



๐Ÿ“Œ The September 2020 Security Update Review


๐Ÿ“ˆ 21.64 Punkte

๐Ÿ“Œ The September 2019 Security Update Review


๐Ÿ“ˆ 18.96 Punkte

๐Ÿ“Œ The September 2022 Security Update Review


๐Ÿ“ˆ 18.96 Punkte

๐Ÿ“Œ The September 2023 Security Update Review


๐Ÿ“ˆ 18.96 Punkte

๐Ÿ“Œ Die September-Angebote vom 15. September 2020


๐Ÿ“ˆ 18.08 Punkte

๐Ÿ“Œ Klimawandel: September 2020 wรคrmster September seit Beginn der Aufzeichnungen


๐Ÿ“ˆ 18.08 Punkte

๐Ÿ“Œ iOS 13 kommt am 19. September, iPadOS 13 folgt am 30. September


๐Ÿ“ˆ 15.4 Punkte

๐Ÿ“Œ The Qt Developer Conference will be held in Berlin from September 28 to September 30, 2021. Call for Proposals for talks closes on June 30.


๐Ÿ“ˆ 15.4 Punkte

๐Ÿ“Œ Amazon September Angebote: Die besten Technik-Deals am 2. September


๐Ÿ“ˆ 15.4 Punkte

๐Ÿ“Œ Sky: โ€ž1972 โ€“ Mรผnchens schwarzer Septemberโ€ startet im September


๐Ÿ“ˆ 15.4 Punkte

๐Ÿ“Œ Amazon September-Angebote: Blitzangebote im Vergleich 03. September


๐Ÿ“ˆ 15.4 Punkte

๐Ÿ“Œ Amazon September-Angebote: Blitzangebote im Vergleich 04. September


๐Ÿ“ˆ 15.4 Punkte

๐Ÿ“Œ Amazon September-Angebote: Blitzangebote im Vergleich 05. September


๐Ÿ“ˆ 15.4 Punkte

๐Ÿ“Œ Amazon September-Angebote: Blitzangebote im Vergleich 05. September


๐Ÿ“ˆ 15.4 Punkte

๐Ÿ“Œ Amazon September-Angebote: Blitzangebote im Vergleich 05. September


๐Ÿ“ˆ 15.4 Punkte

๐Ÿ“Œ Amazon September-Angebote: Blitzangebote im Vergleich 06. September


๐Ÿ“ˆ 15.4 Punkte

๐Ÿ“Œ Amazon September-Angebote: Blitzangebote im Vergleich 06. September


๐Ÿ“ˆ 15.4 Punkte

๐Ÿ“Œ Amazon September-Angebote: Blitzangebote im Vergleich 06. September


๐Ÿ“ˆ 15.4 Punkte

๐Ÿ“Œ Amazon September-Angebote: Blitzangebote im Vergleich 07. September


๐Ÿ“ˆ 15.4 Punkte

๐Ÿ“Œ Amazon September-Angebote: Blitzangebote im Vergleich 07. September


๐Ÿ“ˆ 15.4 Punkte

๐Ÿ“Œ Amazon September-Angebote: Blitzangebote im Vergleich 08. September


๐Ÿ“ˆ 15.4 Punkte

๐Ÿ“Œ Amazon September-Angebote: Blitzangebote im Vergleich 09. September


๐Ÿ“ˆ 15.4 Punkte

๐Ÿ“Œ Amazon September-Angebote: Blitzangebote im Vergleich 09. September


๐Ÿ“ˆ 15.4 Punkte

๐Ÿ“Œ Amazon September-Angebote: Blitzangebote im Vergleich 10. September


๐Ÿ“ˆ 15.4 Punkte

๐Ÿ“Œ Mixer's new streamer review system launches September 4


๐Ÿ“ˆ 14.31 Punkte

๐Ÿ“Œ iPhone 14, Apple Watch Ultra, AirPods Pro and more - Apple's September 2022 in review


๐Ÿ“ˆ 14.31 Punkte

๐Ÿ“Œ Apple's September 2023 in review: 'Wonderlust,' iPhone 15, a French iPhone ban, and more


๐Ÿ“ˆ 14.31 Punkte

๐Ÿ“Œ The January 2020 Security Update Review


๐Ÿ“ˆ 13.94 Punkte

๐Ÿ“Œ The February 2020 Security Update Review


๐Ÿ“ˆ 13.94 Punkte

๐Ÿ“Œ The March 2020 Security Update Review


๐Ÿ“ˆ 13.94 Punkte

๐Ÿ“Œ The April 2020 Security Update Review


๐Ÿ“ˆ 13.94 Punkte

๐Ÿ“Œ The May 2020 Security Update Review


๐Ÿ“ˆ 13.94 Punkte











matomo
CVE-2020-1091 Windows Graphics Component Information Disclosure Vulnerability Important No No 2 2