Microsoft issues 129 security fixes as part of Patch Tuesday September

Posted on by

This month’s patch Tuesday includes patches for 15 Microsoft products, including 23 critical CVEs.

Microsoft has addressed 129 security issues as part of its September 2020 Patch Tuesday update.

The company patched 23 Common Vulnerabilities and Exposures (CVEs) – security flaws –  marked as ‘critical’ this month, with 105 marked as ‘important’ and one as ‘moderate’, in terms of their severity.

More about Windows

September’s security update covers 15 Microsoft products and services in total, including Microsoft Edge (legacy and Chromium), Internet Explorer, SQL Server, Microsoft Office and Microsoft Office Services and Web Apps, Microsoft Dynamics, Visual Studio, Microsoft Exchange Server, Microsoft OneDrive and Azure DevOps.

Many of this month’s vulnerabilities are privilege-specific, meaning the vulnerabilities pose greater threats to admins with full system access than to users without administrative rights.

Amongst the most high-severity issues resolved by Microsoft related to the Windows operating system, SharePoint, Microsoft Edge and Microsoft Dynamics 365, though none of the bugs are believed to have been exploited or publicly known.

SEE: Top Windows 10 run commands (free PDF) (TechRepublic)

Microsoft’s SharePoint software received a number of patches for remote code execution (RCE) bugs this month, including CVE-2020-1210CVE-2020-1452CVE-2020-1453CVE-2020-1576CVE-2020-1595.

Microsoft Exchange received a patch for CVE-2020-16875, a bug that an attacker could exploit by sending a malicious email to the affected Exchange Server.

Windows Text Service Module received a patch for CVE-2020-0908, a vulnerability though which an attacker could lure users to a malicious website via the new Chromium-based Microsoft Edge. An attacker who successfully exploited the vulnerability could then gain power over a victim system.

SEE: How Apple users can make the most of Microsoft 365 at work (TechRepublic Premium)

Another RCE addressed by Microsoft is CVE-2020-0922, an vulnerability that exists in the way Microsoft COM for Windows handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system.

Commenting, Gill Langston, head of security at SolarWinds MSP, said: “There are no emergency vulnerabilities this month at the time of this writing, so the guidance is to ensure you’re addressing the workstation devices on their normal patch schedule (to address operating system and browser vulnerabilities), and servers on their next available maintenance window.

“As is best practice, it’s a good idea to audit the rights you allow your users to have on workstation systems. While it’s more convenient to simply make them administrators, limiting their rights on workstations can reduce the risk when they inevitably click on that link or visit a malicious webpage.”

Also see

View original article here Source

Apple Watch Series 3 (GPS, 38mm) - Silver Aluminum Case with White Sport Band
4.8 out of 5 stars (99250)
$169.00 (as of January 18, 2021 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Echo Show 8 -- HD smart display with Alexa – stay connected with video calling - Charcoal
4.7 out of 5 stars (134140)
$99.99 (as of January 18, 2021 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Roku Ultra 2020 | Streaming Media Player HD/4K/HDR/Dolby Vision with Dolby Atmos, Bluetooth Streaming, and Roku Voice Remote with Headphone Jack and Personal Shortcuts, includes Premium HDMI Cable
4.7 out of 5 stars (3584)
$93.93 (as of January 18, 2021 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Nintendo Switch with Neon Blue and Neon Red Joy‑Con - HAC-001(-01)
4.9 out of 5 stars (53966)
$299.99 (as of January 18, 2021 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Apple Watch Series 3 (GPS, 38mm) - Space Gray Aluminium Case with Black Sport Band
4.8 out of 5 stars (99250)
$169.00 (as of January 18, 2021 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
TP-Link AC1750 Smart WiFi Router (Archer A7) - Dual Band Gigabit Wireless Internet Router for Home, Works with Alexa, VPN Server, Parental Control and QoS
4.5 out of 5 stars (37681)
$56.99 (as of January 18, 2021 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Wyze Cam Pan 1080p Pan/Tilt/Zoom Wi-Fi Indoor Smart Home Camera with Night Vision, 2-Way Audio, Works with Alexa & the Google Assistant, White - WYZECP1
4.5 out of 5 stars (54578)
$37.95 (as of January 18, 2021 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Fire HD 8 Kids Edition tablet, 8" HD display, 32 GB, Blue Kid-Proof Case
4.7 out of 5 stars (52172)
$139.99 (as of January 18, 2021 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Fire 7 Kids Edition Tablet, 7" Display, 16 GB, Blue Kid-Proof Case
4.6 out of 5 stars (132832)
$99.99 (as of January 18, 2021 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
HP 24mh FHD Monitor - Computer Monitor with 23.8-Inch IPS Display (1080p) - Built-In Speakers and VESA Mounting - Height/Tilt Adjustment for Ergonomic Viewing - HDMI and DisplayPort - (1D0J9AA#ABA)
4.7 out of 5 stars (6315)
$109.99 (as of January 18, 2021 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)

Amazon Auto Links: Could not resolve the given unit type, . Please be sure to update the auto-insert definition if you have deleted the unit.