Start your new year off right! We'll be compiling all of January 2020's Patch Tuesday releases in one easy-to-read index. Stay tuned in and ready for the latest patches and updates from Windows, macOS, and third-party applications. We have tracked the patches as they became available to the masses and inserted all releases into the index below to help ensure you are minimizing your attack surface. We will have a breakdown blog released Wednesday.
Updated Live. Last Update 2:02 PM EST Jan. 14 2020.
 Adobe |
|||
| Product |
Title
|
Identifier
|
Severity
|
| Illustrator CC 2019 | Arbitrary Code Execution | CVE-2020-3710 | Critical |
| Illustrator CC 2019 | Arbitrary Code Execution | CVE-2020-3711 | Critical |
| Illustrator CC 2019 | Arbitrary Code Execution | CVE-2020-3712 | Critical |
| Illustrator CC 2019 | Arbitrary Code Execution | CVE-2020-3713 | Critical |
| Illustrator CC 2019 | Arbitrary Code Execution | CVE-2020-3714 | Critical |
| Adobe Experience Manager | Sensitive Information Disclosure | CVE-2019-16466 | High |
| Adobe Experience Manager | Sensitive Information Disclosure | CVE-2019-16467 | High |
| Adobe Experience Manager | Sensitive Information Disclosure | CVE-2019-16468 | Medium |
| Adobe Experience Manager | Sensitive Information Disclosure | CVE-2019-16469 | High |
 Mozilla Firefox |
|||
| Product |
Title
|
Identifier
|
Severity
|
| Firefox 72.0.1, Firefox ESR 68.4.1, and Thunderbird 68.4.1 | IonMonkey type confusion with StoreElementHole and FallibleStoreElement | CVE-2019-17026 | Critical |
| Thunderbird 68.4.1 | Memory corruption in parent process during new content process initialization on Windows | CVE-2019-17015 | High |
| Thunderbird 68.4.1 | Bypass of @namespace CSS sanitization during pasting | CVE-2019-17016 | High |
| Thunderbird 68.4.1 | Type Confusion in XPCVariant.cpp | CVE-2019-17017 | High |
| Firefox 72 | Windows Keyboard in Private Browsing Mode may retain word suggestions | CVE-2019-17018 | Medium |
| Firefox 72 | Python files could be inadvertently executed upon opening a download | CVE-2019-17019 | Medium |
| Firefox 72 | Content Security Policy not applied to XSL stylesheets applied to XML documents | CVE-2019-17020 | Medium |
| Thunderbird 68.4.1 | Heap address disclosure in parent process during content process initialization on Windows | CVE-2019-17021 | Medium |
| Thunderbird 68.4.1 | CSS sanitization does not escape HTML tags | CVE-2019-17022 | Medium |
| Firefox 72 | NSS may negotiate TLS 1.2 or below after a TLS 1.3 HelloRetryRequest had been sent | CVE-2019-17023 | Low |
| Thunderbird 68.4.1 | Memory safety bugs fixed in Thunderbird 68.4.1 | CVE-2019-17024 | High |
| Firefox 72 | Memory safety bugs fixed in Firefox 72 | CVE-2019-17025 | High |
 Microsoft |
|||
| Product |
Title
|
Identifier
|
Severity
|
| Windows 10 and Server 2016 and 2019 | Windows CryptoAPI Spoofing Vulnerability | CVE-2020-0601 | High |
| ASP.NET Core 2.1, 3.0, 3.1 | ASP.NET Core Denial of Service Vulnerability | CVE-2020-0602 | High |
| ASP.NET Core 2.1, 3.0, 3.1 | ASP.NET Core Remote Code Execution Vulnerability | CVE-2020-0603 | Critical |
| Microsoft .NET Framework | .NET Framework Remote Code Execution Vulnerability | CVE-2020-0605 | Critical |
| Microsoft .NET Framework | .NET Framework Remote Code Execution Vulnerability | CVE-2020-0606 | Critical |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Microsoft Graphics Components Information Disclosure Vulnerability | CVE-2020-0607 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Win32k Information Disclosure Vulnerability | CVE-2020-0608 | High |
| Windows Server 2012, 2016, 2019 | Windows Remote Desktop Gateway Remote Code Execution Vulnerability | CVE-2020-0609 | Critical |
| Windows Server 2012, 2016, 2019 | Windows Remote Desktop Gateway Remote Code Execution Vulnerability | CVE-2020-0610 | Critical |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Remote Desktop Client Remote Code Execution Vulnerability | CVE-2020-0611 | Critical |
| Windows Server 2016 | Windows Remote Desktop Gateway Denial of Service Vulnerability | CVE-2020-0612 | High |
| Windows 8, 10 and Server 2012, 2016, 2019 | Windows Search Indexer Elevation of Privilege Vulnerability | CVE-2020-0613 | High |
| Windows 8, 10 and Server 2012, 2016, 2019 | Windows Search Indexer Elevation of Privilege Vulnerability | CVE-2020-0614 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows Common Log File System Driver Information Disclosure Vulnerability | CVE-2020-0615 | High |
| Windows 10 and Server 2019 | Microsoft Windows Denial of Service Vulnerability | CVE-2020-0616 | High |
| Windows 10 and Server 2016, 2019 | Hyper-V Denial of Service Vulnerability | CVE-2020-0617 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability | CVE-2020-0620 | High |
| Windows 10 and Server 2019 | Windows Security Feature Bypass Vulnerability | CVE-2020-0621 | High |
| Windows 10 and Server 2016, 2019 | Microsoft Graphics Component Information Disclosure Vulnerability | CVE-2020-0622 | High |
| Windows 8, 10 and Server 2012, 2016, 2019 | Windows Search Indexer Elevation of Privilege Vulnerability | CVE-2020-0623 | High |
| Windows 10 | Win32k Elevation of Privilege Vulnerability | CVE-2020-0624 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows Search Indexer Elevation of Privilege Vulnerability | CVE-2020-0625 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows Search Indexer Elevation of Privilege Vulnerability | CVE-2020-0626 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows Search Indexer Elevation of Privilege Vulnerability | CVE-2020-0627 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows Search Indexer Elevation of Privilege Vulnerability | CVE-2020-0628 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows Search Indexer Elevation of Privilege Vulnerability | CVE-2020-0629 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows Search Indexer Elevation of Privilege Vulnerability | CVE-2020-0630 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows Search Indexer Elevation of Privilege Vulnerability | CVE-2020-0631 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows Search Indexer Elevation of Privilege Vulnerability | CVE-2020-0632 | High |
| Windows 10 and Server 2016, 2019 | Windows Search Indexer Elevation of Privilege Vulnerability | CVE-2020-0633 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | CVE-2020-0634 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows Elevation of Privilege Vulnerability | CVE-2020-0635 | High |
| Windows 10 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | CVE-2020-0636 | High |
| Windows Server 2008, 2012, 2016, 2019 | Remote Desktop Web Access Information Disclosure Vulnerability | CVE-2020-0637 | High |
| Windows 10 and Server 2019 | Update Notification Manager Elevation of Privilege Vulnerability | CVE-2020-0638 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows Common Log File System Driver Information Disclosure Vulnerability | CVE-2020-0639 | High |
| Internet Explorer 9, 10, 11 | Internet Explorer Memory Corruption Vulnerability | CVE-2020-0640 | Critical |
| Windows 8, 10 and Server 2012, 2016, 2019 | Microsoft Windows Elevation of Privilege Vulnerability | CVE-2020-0641 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Win32k Elevation of Privilege Vulnerability | CVE-2020-0642 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows GDI+ Information Disclosure Vulnerability | CVE-2020-0643 | High |
| Windows 8, 10 and Server 2012, 2016, 2019 | Windows Elevation of Privilege Vulnerability | CVE-2020-0644 | High |
| Microsoft .NET Framework | .NET Framework Remote Code Execution Injection Vulnerability | CVE-2020-0646 | Critical |
| Office Online Server | Microsoft Office Online Spoofing Vulnerability | CVE-2020-0647 | High |
| Microsoft Excel 2010, 2013, 2016, 2019 | Microsoft Excel Remote Code Execution Vulnerability | CVE-2020-0650 | High |
| Microsoft Excel 2010, 2013, 2016, 2019 | Microsoft Excel Remote Code Execution Vulnerability | CVE-2020-0651 | High |
| Microsoft Office 2010, 2013, 2016, 2019 | Microsoft Office Memory Corruption Vulnerability | CVE-2020-0652 | High |
| Office 365 ProPlus | Microsoft Excel Remote Code Execution Vulnerability | CVE-2020-0653 | High |
| OneDrive for Android | Microsoft OneDrive for Android Security Feature Bypass Vulnerability | CVE-2020-0654 | High |
| Dynamics 365 Field Service v7 series | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability | CVE-2020-0656 | High |
Keep your 2020 cyber hygiene resolutions, register to attend our Patch Tuesday webinar this Wednesday. Join Richard Melick on Wednesday, January 15th, at 12:00 pm EST for Automox's Automating Patch Tuesday Webinar. Even if you can't make it, we'll send you a recording to watch at your leisure. Sign up below!
About Automox
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.
