OnlyFm252
Patch Tuesday Archive

Patch Tuesday October 2020

Total CVEs

90

Critical

12

Important

77

Exploited

0

Publicly Disclosed

6

All CVEs this month 90

CVE Title Severity CVSS Product Exploited Disclosed
ADV200012 October 2020 Adobe Flash Security Update Critical - Adobe Flash Player - -
CVE-2020-16891 Windows Hyper-V Remote Code Execution Vulnerability Critical 8.8 Windows Hyper-V - -
CVE-2020-16898 Windows TCP/IP Remote Code Execution Vulnerability Critical 8.8 Microsoft Windows - -
CVE-2020-16911 GDI+ Remote Code Execution Vulnerability Critical 8.8 Microsoft Graphics Component - -
CVE-2020-16915 Media Foundation Memory Corruption Vulnerability Critical 7.8 Windows Media Player - -
CVE-2020-16923 Microsoft Graphics Components Remote Code Execution Vulnerability Critical 7.8 Microsoft Graphics Component - -
CVE-2020-16947 Microsoft Outlook Remote Code Execution Vulnerability Critical 7.5 Microsoft Office - -
CVE-2020-16951 Microsoft SharePoint Remote Code Execution Vulnerability Critical 8.6 Microsoft Office SharePoint - -
CVE-2020-16952 Microsoft SharePoint Remote Code Execution Vulnerability Critical 8.6 Microsoft Office SharePoint - -
CVE-2020-16967 Windows Camera Codec Pack Remote Code Execution Vulnerability Critical 7.8 Microsoft Windows Codecs Library - -
CVE-2020-16968 Windows Camera Codec Pack Remote Code Execution Vulnerability Critical 7.8 Microsoft Windows Codecs Library - -
CVE-2020-17003 Base3D Remote Code Execution Vulnerability Critical 7.8 Microsoft Office - -
CVE-2020-0764 Windows Storage Services Elevation of Privilege Vulnerability Important 7.8 Microsoft Windows - -
CVE-2020-1047 Windows Hyper-V Elevation of Privilege Vulnerability Important 7.8 Windows Kernel - -
CVE-2020-1080 Windows Hyper-V Elevation of Privilege Vulnerability Important 8.8 Microsoft Windows - -
CVE-2020-1167 Microsoft Graphics Components Remote Code Execution Vulnerability Important 7.8 Microsoft Graphics Component - -
CVE-2020-1243 Windows Hyper-V Denial of Service Vulnerability Important 7.8 Windows Hyper-V - -
CVE-2020-16863 Windows Remote Desktop Service Denial of Service Vulnerability Important 7.5 Windows RDP - -
CVE-2020-16876 Windows Application Compatibility Client Library Elevation of Privilege Vulnerability Important 7.1 Microsoft Windows - -
CVE-2020-16877 Windows Elevation of Privilege Vulnerability Important 7.1 Microsoft Windows - -
CVE-2020-16885 Windows Storage VSP Driver Elevation of Privilege Vulnerability Important 7.8 Microsoft Windows - Yes
CVE-2020-16886 PowerShellGet Module WDAC Security Feature Bypass Vulnerability Important 5.3 PowerShellGet - -
CVE-2020-16887 Windows Network Connections Service Elevation of Privilege Vulnerability Important 7.8 Microsoft Windows - -
CVE-2020-16889 Windows KernelStream Information Disclosure Vulnerability Important 5.5 Windows Kernel - -
CVE-2020-16890 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 Windows Secure Kernel Mode - -
CVE-2020-16892 Windows Image Elevation of Privilege Vulnerability Important 7.8 Windows Kernel - -
CVE-2020-16894 Windows NAT Denial of Service Vulnerability Important 7.7 Windows Hyper-V - -
CVE-2020-16895 Windows Error Reporting Manager Elevation of Privilege Vulnerability Important 7.8 Microsoft Windows - -
CVE-2020-16896 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Important 7.5 Windows RDP - -
CVE-2020-16897 NetBT Information Disclosure Vulnerability Important 5.5 Microsoft Windows - -
CVE-2020-16899 Windows TCP/IP Denial of Service Vulnerability Important 7.5 Microsoft Windows - -
CVE-2020-16900 Windows Event System Elevation of Privilege Vulnerability Important 7 Microsoft Windows - -
CVE-2020-16901 Windows Kernel Information Disclosure Vulnerability Important 5 Microsoft Windows - Yes
CVE-2020-16902 Windows Installer Elevation of Privilege Vulnerability Important 7.8 Windows Installer - -
CVE-2020-16904 Azure Functions Elevation of Privilege Vulnerability Important 5.3 Azure - -
CVE-2020-16905 Windows Error Reporting Elevation of Privilege Vulnerability Important 6.8 Windows Error Reporting - -
CVE-2020-16907 Win32k Elevation of Privilege Vulnerability Important 7.8 Microsoft Windows - -
CVE-2020-16908 Windows Setup Elevation of Privilege Vulnerability Important 7.8 Microsoft Windows - Yes
CVE-2020-16909 Windows Error Reporting Elevation of Privilege Vulnerability Important 7.8 Microsoft Windows - Yes
CVE-2020-16910 Windows Security Feature Bypass Vulnerability Important 6.2 Windows Kernel - -
CVE-2020-16912 Windows Backup Service Elevation of Privilege Vulnerability Important 7.8 Microsoft Windows - -
CVE-2020-16913 Win32k Elevation of Privilege Vulnerability Important 7.8 Windows Kernel - -
CVE-2020-16914 Windows GDI+ Information Disclosure Vulnerability Important 5.5 Microsoft Graphics Component - -
CVE-2020-16916 Windows COM Server Elevation of Privilege Vulnerability Important 7.8 Windows COM - -
CVE-2020-16918 Base3D Remote Code Execution Vulnerability Important 7.8 Microsoft Office - -
CVE-2020-16919 Windows Enterprise App Management Service Information Disclosure Vulnerability Important 5.5 Microsoft Windows - -
CVE-2020-16920 Windows Application Compatibility Client Library Elevation of Privilege Vulnerability Important 7.8 Microsoft Windows - -
CVE-2020-16921 Windows Text Services Framework Information Disclosure Vulnerability Important 5.5 Microsoft Windows - -
CVE-2020-16922 Windows Spoofing Vulnerability Important 5.3 Microsoft Windows - -
CVE-2020-16924 Jet Database Engine Remote Code Execution Vulnerability Important 7.8 Microsoft Windows - -
CVE-2020-16927 Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability Important 7.5 Windows RDP - -
CVE-2020-16928 Microsoft Office Click-to-Run Elevation of Privilege Vulnerability Important 7.8 Microsoft Office - -
CVE-2020-16929 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 Microsoft Office - -
CVE-2020-16930 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 Microsoft Office - -
CVE-2020-16931 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 Microsoft Office - -
CVE-2020-16932 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 Microsoft Office - -
CVE-2020-16933 Microsoft Word Security Feature Bypass Vulnerability Important 7 Microsoft Office - -
CVE-2020-16934 Microsoft Office Click-to-Run Elevation of Privilege Vulnerability Important 7 Microsoft Office - -
CVE-2020-16935 Windows COM Server Elevation of Privilege Vulnerability Important 7.8 Microsoft Windows - -
CVE-2020-16936 Windows Backup Service Elevation of Privilege Vulnerability Important 7.8 Microsoft Windows - -
CVE-2020-16937 .NET Framework Information Disclosure Vulnerability Important 4.7 .NET Framework - Yes
CVE-2020-16938 Windows Kernel Information Disclosure Vulnerability Important 5.5 Microsoft NTFS - Yes
CVE-2020-16939 Group Policy Elevation of Privilege Vulnerability Important 7.8 Group Policy - -
CVE-2020-16940 Windows - User Profile Service Elevation of Privilege Vulnerability Important 7.8 Microsoft Windows - -
CVE-2020-16941 Microsoft SharePoint Information Disclosure Vulnerability Important 4.1 Microsoft Office SharePoint - -
CVE-2020-16942 Microsoft SharePoint Information Disclosure Vulnerability Important 4.1 Microsoft Office SharePoint - -
CVE-2020-16943 Dynamics 365 Commerce Elevation of Privilege Vulnerability Important 6.5 Microsoft Dynamics - -
CVE-2020-16944 Microsoft SharePoint Reflective XSS Vulnerability Important 8.7 Microsoft Office SharePoint - -
CVE-2020-16945 Microsoft Office SharePoint XSS Vulnerability Important 8.7 Microsoft Office SharePoint - -
CVE-2020-16946 Microsoft Office SharePoint XSS Vulnerability Important 8.7 Microsoft Office SharePoint - -
CVE-2020-16948 Microsoft SharePoint Information Disclosure Vulnerability Important 6.5 Microsoft Office SharePoint - -
CVE-2020-16950 Microsoft SharePoint Information Disclosure Vulnerability Important 5 Microsoft Office SharePoint - -
CVE-2020-16953 Microsoft SharePoint Information Disclosure Vulnerability Important 6.5 Microsoft Office SharePoint - -
CVE-2020-16954 Microsoft Office Remote Code Execution Vulnerability Important 7.8 Microsoft Office - -
CVE-2020-16955 Microsoft Office Click-to-Run Elevation of Privilege Vulnerability Important 7.8 Microsoft Office - -
CVE-2020-16956 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Important 5.4 Microsoft Dynamics - -
CVE-2020-16957 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Important 7.8 Microsoft Office - -
CVE-2020-16969 Microsoft Exchange Information Disclosure Vulnerability Important 7.1 Microsoft Exchange Server - -
CVE-2020-16972 Windows Backup Service Elevation of Privilege Vulnerability Important 7.8 Microsoft Windows - -
CVE-2020-16973 Windows Backup Service Elevation of Privilege Vulnerability Important 7.8 Microsoft Windows - -
CVE-2020-16974 Windows Backup Service Elevation of Privilege Vulnerability Important 7.8 Microsoft Windows - -
CVE-2020-16975 Windows Backup Service Elevation of Privilege Vulnerability Important 7.8 Microsoft Windows - -
CVE-2020-16976 Windows Backup Service Elevation of Privilege Vulnerability Important 7.8 Microsoft Windows - -
CVE-2020-16977 Visual Studio Code Python Extension Remote Code Execution Vulnerability Important 7 - -
CVE-2020-16978 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Important 5.4 Microsoft Dynamics - -
CVE-2020-16980 Windows iSCSI Target Service Elevation of Privilege Vulnerability Important 7.8 Microsoft Windows - -
CVE-2020-16995 Network Watcher Agent Virtual Machine Extension for Linux Elevation of Privilege Vulnerability Important 7.8 Azure - -
CVE-2020-17022 Microsoft Windows Codecs Library Remote Code Execution Vulnerability Important 7.8 Microsoft Windows Codecs Library - -
CVE-2020-17023 Visual Studio JSON Remote Code Execution Vulnerability Important 7.8 Visual Studio - -
CVE-2020-16949 Microsoft Outlook Denial of Service Vulnerability Moderate 4.7 Microsoft Office - -

    Threat Categories 6

    Threat Category CVEs Critical
    Elevation of Privilege 36 -
    Remote Code Execution 24 12
    Information Disclosure 15 -
    Denial of Service 6 -
    Spoofing 6 -
    Security Feature Bypass 3 -

    Affected Products 23

    Product CVEs Exploited
    Microsoft Windows 30 -
    Microsoft Office 14 -
    Microsoft Office SharePoint 10 -
    Windows Kernel 5 -
    Microsoft Graphics Component 4 -
    Windows Hyper-V 3 -
    Microsoft Windows Codecs Library 3 -
    Windows RDP 3 -
    Microsoft Dynamics 3 -
    Azure 2 -
    Adobe Flash Player 1 -
    Windows Media Player 1 -
    PowerShellGet 1 -
    Windows Secure Kernel Mode 1 -
    Windows Installer 1 -
    Windows Error Reporting 1 -
    Windows COM 1 -
    .NET Framework 1 -
    Microsoft NTFS 1 -
    Group Policy 1 -
    Microsoft Exchange Server 1 -
    Other 1 -
    Visual Studio 1 -