D

on't miss a single vulnerability this Patch Tuesday. The latest patches and updates from Microsoft and multiple third-party applications can be found in October's Patch Tuesday Index below.

Automox Patch Tuesday expert Jay Goodman will be breaking down all of October's Patch Tuesday releases tomorrow, October 14, 2020. Register here so you can prioritize the patches for your environment and ask any question you may have.

Microsoft released 89 total vulnerabilities in October, with 11 earning the Critical rating. View the details of each CVE below for more information.

Updated Live. Last Update 1:04 PM EST October 13 2020.


chromeGoogle Chrome
Product
Title
Identifier
Severity
Stable Channel Update for Desktop Chrome 86.0.4240.75 contains a number of fixes and improvements including 35 security fixes. Chrome 86.0.4240.75 High
adobeAdobe
Product
Title
Identifier
Severity
Adobe InDesign 1 Security Vulnerability fixed in Adobe Flash Player APSB20-58 Critical
microsoftMicrosoft
Product
Title
Identifier
Severity
Microsoft Graphics Component GDI+ Remote Code Execution Vulnerability CVE-2020-16911 Critical
Microsoft Graphics Component Microsoft Graphics Components Remote Code Execution Vulnerability CVE-2020-16923 Critical
Microsoft Office Microsoft Outlook Remote Code Execution Vulnerability CVE-2020-16947 Critical
Microsoft Office SharePoint Microsoft SharePoint Remote Code Execution Vulnerability CVE-2020-16951 Critical
Microsoft Office SharePoint Microsoft SharePoint Remote Code Execution Vulnerability CVE-2020-16952 Critical
Microsoft Windows Windows TCP/IP Remote Code Execution Vulnerability CVE-2020-16898 Critical
Microsoft Windows Codecs Library Windows Camera Codec Pack Remote Code Execution Vulnerability CVE-2020-16967 Critical
Microsoft Windows Codecs Library Windows Camera Codec Pack Remote Code Execution Vulnerability CVE-2020-16968 Critical
3D Viewer Base3D Remote Code Execution Vulnerability CVE-2020-17003 Critical
Windows Hyper-V Windows Hyper-V Remote Code Execution Vulnerability CVE-2020-16891 Critical
Windows Media Player Media Foundation Memory Corruption Vulnerability CVE-2020-16915 Critical
.NET Framework .NET Framework Information Disclosure Vulnerability CVE-2020-16937 High
Azure Azure Functions Elevation of Privilege Vulnerability CVE-2020-16904 High
Azure Network Watcher Agent virtual machine extension for Linux Elevation of Privilege Vulnerability CVE-2020-16995 High
Group Policy Group Policy Elevation of Privilege Vulnerability CVE-2020-16939 High
Microsoft Dynamics Dynamics 365 Commerce Elevation of Privilege Vulnerability CVE-2020-16943 High
Microsoft Dynamics Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability CVE-2020-16956 High
Microsoft Dynamics Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability CVE-2020-16978 High
Microsoft Exchange Server Microsoft Exchange Information Disclosure Vulnerability CVE-2020-16969 High
Microsoft Graphics Component Microsoft Graphics Components Remote Code Execution Vulnerability CVE-2020-1167 High
Microsoft Graphics Component Windows GDI+ Information Disclosure Vulnerability CVE-2020-16914 High
Microsoft JET Database Engine Jet Database Engine Remote Code Execution Vulnerability CVE-2020-16925 High
Microsoft NTFS Windows Kernel Information Disclosure Vulnerability CVE-2020-16938 High
Microsoft Office Base3D Remote Code Execution Vulnerability CVE-2020-16918 High
Microsoft Office Microsoft Office Click-to-Run Elevation of Privilege Vulnerability CVE-2020-16928 High
Microsoft Office Microsoft Excel Remote Code Execution Vulnerability CVE-2020-16929 High
Microsoft Office Microsoft Excel Remote Code Execution Vulnerability CVE-2020-16930 High
Microsoft Office Microsoft Excel Remote Code Execution Vulnerability CVE-2020-16931 High
Microsoft Office Microsoft Excel Remote Code Execution Vulnerability CVE-2020-16932 High
Microsoft Office Microsoft Word Security Feature Bypass Vulnerability CVE-2020-16933 High
Microsoft Office Microsoft Office Click-to-Run Elevation of Privilege Vulnerability CVE-2020-16934 High
Microsoft Office Microsoft Office Remote Code Execution Vulnerability CVE-2020-16954 High
Microsoft Office Microsoft Office Click-to-Run Elevation of Privilege Vulnerability CVE-2020-16955 High
Microsoft Office Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability CVE-2020-16957 High
Microsoft Office SharePoint Microsoft SharePoint Information Disclosure Vulnerability CVE-2020-16941 High
Microsoft Office SharePoint Microsoft SharePoint Information Disclosure Vulnerability CVE-2020-16942 High
Microsoft Office SharePoint Microsoft SharePoint Reflective XSS Vulnerability CVE-2020-16944 High
Microsoft Office SharePoint Microsoft Office SharePoint XSS Vulnerability CVE-2020-16945 High
Microsoft Office SharePoint Microsoft Office SharePoint XSS Vulnerability CVE-2020-16946 High
Microsoft Office SharePoint Microsoft SharePoint Information Disclosure Vulnerability CVE-2020-16948 High
Microsoft Office SharePoint Microsoft SharePoint Information Disclosure Vulnerability CVE-2020-16950 High
Microsoft Office SharePoint Microsoft SharePoint Information Disclosure Vulnerability CVE-2020-16953 High
Microsoft Windows Windows Storage Services Elevation of Privilege Vulnerability CVE-2020-0764 High
Microsoft Windows Windows Hyper-V Elevation of Privilege Vulnerability CVE-2020-1080 High
Microsoft Windows Windows Application Compatibility Client Library Elevation of Privilege Vulnerability CVE-2020-16876 High
Microsoft Windows Windows Elevation of Privilege Vulnerability CVE-2020-16877 High
Microsoft Windows Windows Storage VSP Driver Elevation of Privilege Vulnerability CVE-2020-16885 High
Microsoft Windows Windows Network Connections Service Elevation of Privilege Vulnerability CVE-2020-16887 High
Microsoft Windows Windows Error Reporting Manager Elevation of Privilege Vulnerability CVE-2020-16895 High
Microsoft Windows NetBT Information Disclosure Vulnerability CVE-2020-16897 High
Microsoft Windows Windows TCP/IP Denial of Service Vulnerability CVE-2020-16899 High
Microsoft Windows Windows Event System Elevation of Privilege Vulnerability CVE-2020-16900 High
Microsoft Windows Windows Kernel Information Disclosure Vulnerability CVE-2020-16901 High
Microsoft Windows Win32k Elevation of Privilege Vulnerability CVE-2020-16907 High
Microsoft Windows Windows Setup Elevation of Privilege Vulnerability CVE-2020-16908 High
Microsoft Windows Windows Error Reporting Elevation of Privilege Vulnerability CVE-2020-16909 High
Microsoft Windows Windows Backup Service Elevation of Privilege Vulnerability CVE-2020-16912 High
Microsoft Windows Windows Enterprise App Management Service Information Disclosure Vulnerability CVE-2020-16919 High
Microsoft Windows Windows Application Compatibility Client Library Elevation of Privilege Vulnerability CVE-2020-16920 High
Microsoft Windows Windows Text Services Framework Information Disclosure Vulnerability CVE-2020-16921 High
Microsoft Windows Windows Spoofing Vulnerability CVE-2020-16922 High
Microsoft Windows Jet Database Engine Remote Code Execution Vulnerability CVE-2020-16924 High
Microsoft Windows Windows COM Server Elevation of Privilege Vulnerability CVE-2020-16935 High
Microsoft Windows Windows Backup Service Elevation of Privilege Vulnerability CVE-2020-16936 High
Microsoft Windows Windows - User Profile Service Elevation of Privilege Vulnerability CVE-2020-16940 High
Microsoft Windows Windows Backup Service Elevation of Privilege Vulnerability CVE-2020-16972 High
Microsoft Windows Windows Backup Service Elevation of Privilege Vulnerability CVE-2020-16973 High
Microsoft Windows Windows Backup Service Elevation of Privilege Vulnerability CVE-2020-16974 High
Microsoft Windows Windows Backup Service Elevation of Privilege Vulnerability CVE-2020-16975 High
Microsoft Windows Windows Backup Service Elevation of Privilege Vulnerability CVE-2020-16976 High
Microsoft Windows Windows iSCSI Target Service Elevation of Privilege Vulnerability CVE-2020-16980 High
PowerShellGet PowerShellGet Module WDAC Security Feature Bypass Vulnerability CVE-2020-16886 High
Visual Studio Visual Studio Code Python Extension Remote Code Execution Vulnerability CVE-2020-16977 High
Windows COM Windows COM Server Elevation of Privilege Vulnerability CVE-2020-16916 High
Windows Error Reporting Windows Error Reporting Elevation of Privilege Vulnerability CVE-2020-16905 High
Windows Hyper-V Windows Hyper-V Denial of Service Vulnerability CVE-2020-1243 High
Windows Hyper-V Windows NAT Remote Code Execution Vulnerability CVE-2020-16894 High
Windows Installer Windows Installer Elevation of Privilege Vulnerability CVE-2020-16902 High
Windows Kernel Windows Hyper-V Elevation of Privilege Vulnerability CVE-2020-1047 High
Windows Kernel Windows KernelStream Information Disclosure Vulnerability CVE-2020-16889 High
Windows Kernel Windows Image Elevation of Privilege Vulnerability CVE-2020-16892 High
Windows Kernel Windows Security Feature Bypass Vulnerability CVE-2020-16910 High
Windows Kernel Win32k Elevation of Privilege Vulnerability CVE-2020-16913 High
Windows RDP Windows Remote Desktop Service Denial of Service Vulnerability CVE-2020-16863 High
Windows RDP Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability CVE-2020-16896 High
Windows RDP Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability CVE-2020-16927 High
Windows Secure Kernel Mode Windows Kernel Elevation of Privilege Vulnerability CVE-2020-16890 High
Azure SDK Azure SDK for Java Spoofing Vulnerability CVE-2020-16971 Medium
Microsoft Office Microsoft Outlook Denial of Service Vulnerability CVE-2020-16949 Medium

 

About Automox

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure. 

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.

# of endpoints

15-day free trial. No credit card required.

By submitting this form you agree to our terms of service.

Already have an account?