[ad_1]
Tuesday this month’s patch includes patches for 15 Microsoft products, including 23 critical CVEs.
Microsoft has addressed 129 security issues as part of its September 2020 Patch Tuesday update.
The company patched 23 Common Vulnerabilities and Exposures (CVE), security flaws, marked as “critical” this month, with 105 marked as “important” and one as “moderate”, in terms of their severity.
September security update covers 15 Microsoft products and services in total, including Microsoft Edge (Legacy and Chromium), Internet Explorer, SQL Server, Microsoft Office and Microsoft Office Services and Web Apps, Microsoft Dynamics, Visual Studio, Microsoft Exchange Server , Microsoft OneDrive, and Azure DevOps.
Many of this month’s vulnerabilities are privilege-specific, which means that the vulnerabilities pose greater threats to administrators with full system access than users without administrative rights.
Among the most serious issues resolved by Microsoft related to the Windows operating system are SharePoint, Microsoft Edge, and Microsoft Dynamics 365, although none of the bugs are believed to have been exploited or publicly known.
SEE: Top Windows 10 Execution Commands (Free PDF) (TechRepublic)
Microsoft SharePoint software received a number of patches for Remote Code Execution (RCE) errors this month, including CVE-2020-1210, CVE-2020-1452, CVE-2020-1453, CVE-2020-1576, CVE- 2020-1595.
Microsoft Exchange received a patch for CVE-2020-16875, a bug that an attacker could exploit by sending malicious email to the affected Exchange server.
The Windows text service module received a patch for CVE-2020-0908, a vulnerability through which an attacker could lure users to a malicious website through the new Chromium-based Microsoft Edge. An attacker who successfully exploited the vulnerability could gain power over a victim system.
SEE: How Apple Users Can Get The Most Out Of Microsoft 365 At Work (TechRepublic Premium)
Another RCE addressed by Microsoft is CVE-2020-0922, a vulnerability that exists in the way that Microsoft COM for Windows handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system.
Commenting, Gill Langston, Head of Security for SolarWinds MSP, said: “There are no emergency vulnerabilities this month at the time of writing this article, so the guide is to make sure you are addressing workstation devices in your normal patch schedule (to address browser and operating system vulnerabilities) and servers at your next available maintenance window.
“As is good practice, it is a good idea to audit the rights you allow your users to have on workstation systems. While it is more convenient to just make them administrators, limiting their rights on workstations can reduce the risk when they inevitably click on that link or visit a malicious web page. ”
Microsoft weekly newsletter
Be a Microsoft expert in your business by reading these Windows and Office tips, tricks, and cheat sheets. Delivery Monday and Wednesday
sign up today
