
on't miss a single vulnerability this Patch Tuesday. The latest patches and updates from Microsoft and multiple third-party applications can be found in September's Patch Tuesday Index below.
September's Patch Tuesday brings a total of 129 Microsoft patches, with 23 deemed critical. Adobe also released fixes for products including InDesign, Framemaker, and Experience Manager. Finally, Firefox updated a number of its products including Firefox ESR and Thunderbird. View the patch index below for details and links to each CVE.
Updated Live. Last Update 1:15 PM EST September 08 2020.
![]() |
|||
Product |
Title
|
Identifier
|
Severity
|
Adobe InDesign | 5 Security Vulnerabilities fixed in Adobe InDesign | APSB20-52 | Critical |
Adobe Framemaker | 2 Security Vulnerabilities fixed in Adobe Framemaker | APSB20-54 | Critical |
Adobe Experience Manager | 11 Security Vulnerabilities fixed in Adobe Experience Manager | APSB20-56 | Critical & High |
![]() |
|||
Product |
Title
|
Identifier
|
Severity
|
Firefox for Android | 8 Security Vulnerabilities fixed in Firefox for Android | MFSA 2020-39 | High |
Thunderbird | 3 Security Vulnerabilities fixed in Thunderbird 78.2 | MFSA 2020-41 | High |
Firefox ESR | 3 Security Vulnerabilities fixed in Firefox ESR 78.2 | MFSA 2020-38 | High |
Firefox ESR | 3 Security Vulnerabilities fixed in Firefox ESR 68.12 | MFSA 2020-37 | High |
Firefox | 10 Security Vulnerabilities fixed in Firefox 80 | MFSA 2020-36 | High |
![]() |
|||
Product |
Title
|
Identifier
|
Severity
|
Microsoft Browsers | Microsoft Browser Memory Corruption Vulnerability | CVE-2020-0878 | Critical |
Microsoft Windows | Windows Text Service Module Remote Code Execution Vulnerability | CVE-2020-0908 | Critical |
Microsoft Windows | Microsoft COM for Windows Remote Code Execution Vulnerability | CVE-2020-0922 | Critical |
Microsoft Windows Codecs Library | Windows Camera Codec Pack Remote Code Execution Vulnerability | CVE-2020-0997 | Critical |
Microsoft Scripting Engine | Scripting Engine Memory Corruption Vulnerability | CVE-2020-1057 | Critical |
Microsoft Windows Codecs Library | Microsoft Windows Codecs Library Remote Code Execution Vulnerability | CVE-2020-1129 | Critical |
Microsoft Scripting Engine | Scripting Engine Memory Corruption Vulnerability | CVE-2020-1172 | Critical |
Microsoft Office SharePoint | Microsoft SharePoint Remote Code Execution Vulnerability | CVE-2020-1200 | Critical |
Microsoft Office SharePoint | Microsoft SharePoint Remote Code Execution Vulnerability | CVE-2020-1210 | Critical |
Microsoft Windows | Windows Remote Code Execution Vulnerability | CVE-2020-1252 | Critical |
Microsoft Graphics Component | GDI+ Remote Code Execution Vulnerability | CVE-2020-1285 | Critical |
Microsoft Windows Codecs Library | Microsoft Windows Codecs Library Remote Code Execution Vulnerability | CVE-2020-1319 | Critical |
Microsoft Office SharePoint | Microsoft SharePoint Remote Code Execution Vulnerability | CVE-2020-1452 | Critical |
Microsoft Office SharePoint | Microsoft SharePoint Remote Code Execution Vulnerability | CVE-2020-1453 | Critical |
Microsoft Office SharePoint | Microsoft SharePoint Server Remote Code Execution Vulnerability | CVE-2020-1460 | Critical |
Microsoft Windows | Windows Media Audio Decoder Remote Code Execution Vulnerability | CVE-2020-1508 | Critical |
Microsoft Office SharePoint | Microsoft SharePoint Remote Code Execution Vulnerability | CVE-2020-1576 | Critical |
Microsoft Windows | Windows Media Audio Decoder Remote Code Execution Vulnerability | CVE-2020-1593 | Critical |
Microsoft Office SharePoint | Microsoft SharePoint Remote Code Execution Vulnerability | CVE-2020-1595 | Critical |
Microsoft Dynamics | Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability | CVE-2020-16857 | Critical |
Microsoft Dynamics | Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability | CVE-2020-16862 | Critical |
Visual Studio | Visual Studio Remote Code Execution Vulnerability | CVE-2020-16874 | Critical |
Microsoft Exchange Server | Microsoft Exchange Memory Corruption Vulnerability | CVE-2020-16875 | Critical |
Microsoft Windows | Windows RSoP Service Application Elevation of Privilege Vulnerability | CVE-2020-0648 | High |
Active Directory | Active Directory Information Disclosure Vulnerability | CVE-2020-0664 | High |
Active Directory | Active Directory Remote Code Execution Vulnerability | CVE-2020-0718 | High |
Active Directory | Active Directory Remote Code Execution Vulnerability | CVE-2020-0761 | High |
Microsoft Windows | Microsoft Store Runtime Elevation of Privilege Vulnerability | CVE-2020-0766 | High |
Microsoft Windows | Windows Cryptographic Catalog Services Elevation of Privilege Vulnerability | CVE-2020-0782 | High |
Microsoft Windows | Microsoft splwow64 Elevation of Privilege Vulnerability | CVE-2020-0790 | High |
Microsoft Windows | Projected Filesystem Security Feature Bypass Vulnerability | CVE-2020-0805 | High |
Microsoft Windows DNS | Windows DNS Denial of Service Vulnerability | CVE-2020-0836 | High |
Active Directory Federation Services | ADFS Spoofing Vulnerability | CVE-2020-0837 | High |
Microsoft NTFS | NTFS Elevation of Privilege Vulnerability | CVE-2020-0838 | High |
Microsoft Windows DNS | Windows dnsrslvr.dll Elevation of Privilege Vulnerability | CVE-2020-0839 | High |
Active Directory | Active Directory Information Disclosure Vulnerability | CVE-2020-0856 | High |
Windows Shell | Shell infrastructure component Elevation of Privilege Vulnerability | CVE-2020-0870 | High |
Microsoft Windows | Microsoft splwow64 Information Disclosure Vulnerability | CVE-2020-0875 | High |
Microsoft Windows | Windows Storage Services Elevation of Privilege Vulnerability | CVE-2020-0886 | High |
Windows Hyper-V | Windows Hyper-V Denial of Service Vulnerability | CVE-2020-0890 | High |
Windows Hyper-V | Windows Hyper-V Denial of Service Vulnerability | CVE-2020-0904 | High |
Microsoft Windows | Windows Modules Installer Elevation of Privilege Vulnerability | CVE-2020-0911 | High |
Microsoft Windows | Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability | CVE-2020-0912 | High |
Microsoft Windows | Windows State Repository Service Information Disclosure Vulnerability | CVE-2020-0914 | High |
Microsoft Graphics Component | Microsoft Graphics Component Information Disclosure Vulnerability | CVE-2020-0921 | High |
Windows Kernel | Windows Kernel Information Disclosure Vulnerability | CVE-2020-0928 | High |
Windows Kernel | Win32k Information Disclosure Vulnerability | CVE-2020-0941 | High |
Microsoft Windows | Windows Defender Application Control Security Feature Bypass Vulnerability | CVE-2020-0951 | High |
Microsoft Windows | Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability | CVE-2020-0989 | High |
Microsoft Graphics Component | Windows Graphics Component Elevation of Privilege Vulnerability | CVE-2020-0998 | High |
Internet Explorer | Windows Start-Up Application Elevation of Privilege Vulnerability | CVE-2020-1012 | High |
Microsoft Windows | Group Policy Elevation of Privilege Vulnerability | CVE-2020-1013 | High |
Windows Print Spooler Components | Windows Print Spooler Elevation of Privilege Vulnerability | CVE-2020-1030 | High |
Windows DHCP Server | Windows DHCP Server Information Disclosure Vulnerability | CVE-2020-1031 | High |
Windows Kernel | Windows Kernel Information Disclosure Vulnerability | CVE-2020-1033 | High |
Windows Kernel | Windows Kernel Elevation of Privilege Vulnerability | CVE-2020-1034 | High |
Microsoft Windows | Windows Routing Utilities Denial of Service | CVE-2020-1038 | High |
Microsoft JET Database Engine | Jet Database Engine Remote Code Execution Vulnerability | CVE-2020-1039 | High |
SQL Server | SQL Server Reporting Services Security Feature Bypass Vulnerability | CVE-2020-1044 | High |
ASP.NET | Microsoft ASP.NET Core Security Feature Bypass Vulnerability | CVE-2020-1045 | High |
Microsoft Windows | Windows Elevation of Privilege Vulnerability | CVE-2020-1052 | High |
Microsoft Graphics Component | DirectX Elevation of Privilege Vulnerability | CVE-2020-1053 | High |
Microsoft JET Database Engine | Jet Database Engine Remote Code Execution Vulnerability | CVE-2020-1074 | High |
Microsoft Graphics Component | Microsoft Graphics Component Information Disclosure Vulnerability | CVE-2020-1083 | High |
Microsoft Graphics Component | Windows Graphics Component Information Disclosure Vulnerability | CVE-2020-1091 | High |
Microsoft Graphics Component | Windows Graphics Component Information Disclosure Vulnerability | CVE-2020-1097 | High |
Microsoft Windows | Windows Shell Infrastructure Component Elevation of Privilege Vulnerability | CVE-2020-1098 | High |
Common Log File System Driver | Windows Common Log File System Driver Elevation of Privilege Vulnerability | CVE-2020-1115 | High |
Microsoft Windows | Windows Information Disclosure Vulnerability | CVE-2020-1119 | High |
Microsoft Windows | Windows Language Pack Installer Elevation of Privilege Vulnerability | CVE-2020-1122 | High |
Windows Diagnostic Hub | Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | CVE-2020-1130 | High |
Windows Diagnostic Hub | Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | CVE-2020-1133 | High |
Microsoft Windows | Microsoft Store Runtime Elevation of Privilege Vulnerability | CVE-2020-1146 | High |
Microsoft Graphics Component | Windows Win32k Elevation of Privilege Vulnerability | CVE-2020-1152 | High |
Microsoft Windows | Windows Elevation of Privilege Vulnerability | CVE-2020-1159 | High |
Microsoft Windows | Windows Runtime Elevation of Privilege Vulnerability | CVE-2020-1169 | High |
Microsoft Scripting Engine | Scripting Engine Memory Corruption Vulnerability | CVE-2020-1180 | High |
Microsoft Office | Microsoft Excel Remote Code Execution Vulnerability | CVE-2020-1193 | High |
Microsoft Office SharePoint | Microsoft Office SharePoint XSS Vulnerability | CVE-2020-1198 | High |
Microsoft Office SharePoint | Microsoft SharePoint Spoofing Vulnerability | CVE-2020-1205 | High |
Microsoft Office | Microsoft Word Remote Code Execution Vulnerability | CVE-2020-1218 | High |
Microsoft Office | Microsoft Excel Information Disclosure Vulnerability | CVE-2020-1224 | High |
Microsoft Office SharePoint | Microsoft Office SharePoint XSS Vulnerability | CVE-2020-1227 | High |
Microsoft Windows DNS | Windows DNS Denial of Service Vulnerability | CVE-2020-1228 | High |
Microsoft Graphics Component | Win32k Elevation of Privilege Vulnerability | CVE-2020-1245 | High |
Microsoft Graphics Component | Win32k Information Disclosure Vulnerability | CVE-2020-1250 | High |
Microsoft Graphics Component | Windows GDI Information Disclosure Vulnerability | CVE-2020-1256 | High |
Microsoft Windows | Windows Runtime Elevation of Privilege Vulnerability | CVE-2020-1303 | High |
Microsoft Graphics Component | DirectX Elevation of Privilege Vulnerability | CVE-2020-1308 | High |
Microsoft Office | Microsoft Excel Remote Code Execution Vulnerability | CVE-2020-1332 | High |
Microsoft Office | Microsoft Excel Remote Code Execution Vulnerability | CVE-2020-1335 | High |
Microsoft Office | Microsoft Word Remote Code Execution Vulnerability | CVE-2020-1338 | High |
Microsoft Office SharePoint | Microsoft Office SharePoint XSS Vulnerability | CVE-2020-1345 | High |
Microsoft Windows | Windows Elevation of Privilege Vulnerability | CVE-2020-1376 | High |
Microsoft Office SharePoint | Microsoft SharePoint Server Tampering Vulnerability | CVE-2020-1440 | High |
Microsoft Windows | Windows CloudExperienceHost Elevation of Privilege Vulnerability | CVE-2020-1471 | High |
Microsoft Office SharePoint | Microsoft Office SharePoint XSS Vulnerability | CVE-2020-1482 | High |
Microsoft Windows | Windows Function Discovery Service Elevation of Privilege Vulnerability | CVE-2020-1491 | High |
Internet Explorer | Windows Start-Up Application Elevation of Privilege Vulnerability | CVE-2020-1506 | High |
Microsoft Windows | Microsoft COM for Windows Elevation of Privilege Vulnerability | CVE-2020-1507 | High |
Microsoft Office SharePoint | Microsoft Office SharePoint XSS Vulnerability | CVE-2020-1514 | High |
Microsoft Office SharePoint | Microsoft SharePoint Information Disclosure Vulnerability | CVE-2020-1523 | High |
Microsoft Windows | Windows InstallService Elevation of Privilege Vulnerability | CVE-2020-1532 | High |
Microsoft Windows | Windows Storage Services Elevation of Privilege Vulnerability | CVE-2020-1559 | High |
Microsoft Office SharePoint | Microsoft Office SharePoint XSS Vulnerability | CVE-2020-1575 | High |
Windows Kernel | Windows Kernel Information Disclosure Vulnerability | CVE-2020-1589 | High |
Microsoft Windows | Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability | CVE-2020-1590 | High |
Windows Kernel | Windows Kernel Information Disclosure Vulnerability | CVE-2020-1592 | High |
Microsoft Office | Microsoft Excel Remote Code Execution Vulnerability | CVE-2020-1594 | High |
Microsoft Windows | TLS Information Disclosure Vulnerability | CVE-2020-1596 | High |
Microsoft Windows | Windows UPnP Service Elevation of Privilege Vulnerability | CVE-2020-1598 | High |
Microsoft OneDrive | OneDrive for Windows Elevation of Privilege Vulnerability | CVE-2020-16851 | High |
Microsoft OneDrive | OneDrive for Windows Elevation of Privilege Vulnerability | CVE-2020-16852 | High |
Microsoft OneDrive | OneDrive for Windows Elevation of Privilege Vulnerability | CVE-2020-16853 | High |
Windows Kernel | Windows Kernel Information Disclosure Vulnerability | CVE-2020-16854 | High |
Microsoft Office | Microsoft Office Information Disclosure Vulnerability | CVE-2020-16855 | High |
Visual Studio | Visual Studio Remote Code Execution Vulnerability | CVE-2020-16856 | High |
Microsoft Dynamics | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability | CVE-2020-16858 | High |
Microsoft Dynamics | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability | CVE-2020-16859 | High |
Microsoft Dynamics | Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability | CVE-2020-16860 | High |
Microsoft Dynamics | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability | CVE-2020-16861 | High |
Microsoft Dynamics | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability | CVE-2020-16864 | High |
Microsoft Dynamics | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability | CVE-2020-16871 | High |
Microsoft Dynamics | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability | CVE-2020-16872 | High |
Open Source Software | Xamarin.Forms Spoofing Vulnerability | CVE-2020-16873 | High |
Microsoft Dynamics | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability | CVE-2020-16878 | High |
Microsoft Windows | Projected Filesystem Information Disclosure Vulnerability | CVE-2020-16879 | High |
Visual Studio | Visual Studio JSON Remote Code Execution | CVE-2020-16881 | High |
Internet Explorer | Internet Explorer Browser Helper Object (BHO) Memory Corruption Vulnerability | CVE-2020-16884 | High |
About Automox
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.
See for yourself how Automox can help you manage your remote workforce. No VPN required.
Start your 15-day free trial today.
15-day free trial. No credit card required.
By submitting this form you agree to our terms of service.
Already have an account? Log in