D

on't miss a single vulnerability this Patch Tuesday. The latest patches and updates from Microsoft and multiple third-party applications can be found in September's Patch Tuesday Index below.

September's Patch Tuesday brings a total of 129 Microsoft patches, with 23 deemed critical. Adobe also released fixes for products including InDesign, Framemaker, and Experience Manager. Finally, Firefox updated a number of its products including Firefox ESR and Thunderbird. View the patch index below for details and links to each CVE.

Updated Live. Last Update 1:15 PM EST September 08 2020.

adobeAdobe
Product
Title
Identifier
Severity
Adobe InDesign 5 Security Vulnerabilities fixed in Adobe InDesign APSB20-52 Critical
Adobe Framemaker 2 Security Vulnerabilities fixed in Adobe Framemaker APSB20-54 Critical
Adobe Experience Manager 11 Security Vulnerabilities fixed in Adobe Experience Manager APSB20-56 Critical & High
firefoxMozilla Firefox
Product
Title
Identifier
Severity
Firefox for Android 8 Security Vulnerabilities fixed in Firefox for Android MFSA 2020-39 High
Thunderbird 3 Security Vulnerabilities fixed in Thunderbird 78.2 MFSA 2020-41 High
Firefox ESR 3 Security Vulnerabilities fixed in Firefox ESR 78.2 MFSA 2020-38 High
Firefox ESR 3 Security Vulnerabilities fixed in Firefox ESR 68.12 MFSA 2020-37 High
Firefox 10 Security Vulnerabilities fixed in Firefox 80 MFSA 2020-36 High
microsoftMicrosoft
Product
Title
Identifier
Severity
Microsoft Browsers Microsoft Browser Memory Corruption Vulnerability CVE-2020-0878 Critical
Microsoft Windows Windows Text Service Module Remote Code Execution Vulnerability CVE-2020-0908 Critical
Microsoft Windows Microsoft COM for Windows Remote Code Execution Vulnerability CVE-2020-0922 Critical
Microsoft Windows Codecs Library Windows Camera Codec Pack Remote Code Execution Vulnerability CVE-2020-0997 Critical
Microsoft Scripting Engine Scripting Engine Memory Corruption Vulnerability CVE-2020-1057 Critical
Microsoft Windows Codecs Library Microsoft Windows Codecs Library Remote Code Execution Vulnerability CVE-2020-1129 Critical
Microsoft Scripting Engine Scripting Engine Memory Corruption Vulnerability CVE-2020-1172 Critical
Microsoft Office SharePoint Microsoft SharePoint Remote Code Execution Vulnerability CVE-2020-1200 Critical
Microsoft Office SharePoint Microsoft SharePoint Remote Code Execution Vulnerability CVE-2020-1210 Critical
Microsoft Windows Windows Remote Code Execution Vulnerability CVE-2020-1252 Critical
Microsoft Graphics Component GDI+ Remote Code Execution Vulnerability CVE-2020-1285 Critical
Microsoft Windows Codecs Library Microsoft Windows Codecs Library Remote Code Execution Vulnerability CVE-2020-1319 Critical
Microsoft Office SharePoint Microsoft SharePoint Remote Code Execution Vulnerability CVE-2020-1452 Critical
Microsoft Office SharePoint Microsoft SharePoint Remote Code Execution Vulnerability CVE-2020-1453 Critical
Microsoft Office SharePoint Microsoft SharePoint Server Remote Code Execution Vulnerability CVE-2020-1460 Critical
Microsoft Windows Windows Media Audio Decoder Remote Code Execution Vulnerability CVE-2020-1508 Critical
Microsoft Office SharePoint Microsoft SharePoint Remote Code Execution Vulnerability CVE-2020-1576 Critical
Microsoft Windows Windows Media Audio Decoder Remote Code Execution Vulnerability CVE-2020-1593 Critical
Microsoft Office SharePoint Microsoft SharePoint Remote Code Execution Vulnerability CVE-2020-1595 Critical
Microsoft Dynamics Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability CVE-2020-16857 Critical
Microsoft Dynamics Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability CVE-2020-16862 Critical
Visual Studio Visual Studio Remote Code Execution Vulnerability CVE-2020-16874 Critical
Microsoft Exchange Server Microsoft Exchange Memory Corruption Vulnerability CVE-2020-16875 Critical
Microsoft Windows Windows RSoP Service Application Elevation of Privilege Vulnerability CVE-2020-0648 High
Active Directory Active Directory Information Disclosure Vulnerability CVE-2020-0664 High
Active Directory Active Directory Remote Code Execution Vulnerability CVE-2020-0718 High
Active Directory Active Directory Remote Code Execution Vulnerability CVE-2020-0761 High
Microsoft Windows Microsoft Store Runtime Elevation of Privilege Vulnerability CVE-2020-0766 High
Microsoft Windows Windows Cryptographic Catalog Services Elevation of Privilege Vulnerability CVE-2020-0782 High
Microsoft Windows Microsoft splwow64 Elevation of Privilege Vulnerability CVE-2020-0790 High
Microsoft Windows Projected Filesystem Security Feature Bypass Vulnerability CVE-2020-0805 High
Microsoft Windows DNS Windows DNS Denial of Service Vulnerability CVE-2020-0836 High
Active Directory Federation Services ADFS Spoofing Vulnerability CVE-2020-0837 High
Microsoft NTFS NTFS Elevation of Privilege Vulnerability CVE-2020-0838 High
Microsoft Windows DNS Windows dnsrslvr.dll Elevation of Privilege Vulnerability CVE-2020-0839 High
Active Directory Active Directory Information Disclosure Vulnerability CVE-2020-0856 High
Windows Shell Shell infrastructure component Elevation of Privilege Vulnerability CVE-2020-0870 High
Microsoft Windows Microsoft splwow64 Information Disclosure Vulnerability CVE-2020-0875 High
Microsoft Windows Windows Storage Services Elevation of Privilege Vulnerability CVE-2020-0886 High
Windows Hyper-V Windows Hyper-V Denial of Service Vulnerability CVE-2020-0890 High
Windows Hyper-V Windows Hyper-V Denial of Service Vulnerability CVE-2020-0904 High
Microsoft Windows Windows Modules Installer Elevation of Privilege Vulnerability CVE-2020-0911 High
Microsoft Windows Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability CVE-2020-0912 High
Microsoft Windows Windows State Repository Service Information Disclosure Vulnerability CVE-2020-0914 High
Microsoft Graphics Component Microsoft Graphics Component Information Disclosure Vulnerability CVE-2020-0921 High
Windows Kernel Windows Kernel Information Disclosure Vulnerability CVE-2020-0928 High
Windows Kernel Win32k Information Disclosure Vulnerability CVE-2020-0941 High
Microsoft Windows Windows Defender Application Control Security Feature Bypass Vulnerability CVE-2020-0951 High
Microsoft Windows Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability CVE-2020-0989 High
Microsoft Graphics Component Windows Graphics Component Elevation of Privilege Vulnerability CVE-2020-0998 High
Internet Explorer Windows Start-Up Application Elevation of Privilege Vulnerability CVE-2020-1012 High
Microsoft Windows Group Policy Elevation of Privilege Vulnerability CVE-2020-1013 High
Windows Print Spooler Components Windows Print Spooler Elevation of Privilege Vulnerability CVE-2020-1030 High
Windows DHCP Server Windows DHCP Server Information Disclosure Vulnerability CVE-2020-1031 High
Windows Kernel Windows Kernel Information Disclosure Vulnerability CVE-2020-1033 High
Windows Kernel Windows Kernel Elevation of Privilege Vulnerability CVE-2020-1034 High
Microsoft Windows Windows Routing Utilities Denial of Service CVE-2020-1038 High
Microsoft JET Database Engine Jet Database Engine Remote Code Execution Vulnerability CVE-2020-1039 High
SQL Server SQL Server Reporting Services Security Feature Bypass Vulnerability CVE-2020-1044 High
ASP.NET Microsoft ASP.NET Core Security Feature Bypass Vulnerability CVE-2020-1045 High
Microsoft Windows Windows Elevation of Privilege Vulnerability CVE-2020-1052 High
Microsoft Graphics Component DirectX Elevation of Privilege Vulnerability CVE-2020-1053 High
Microsoft JET Database Engine Jet Database Engine Remote Code Execution Vulnerability CVE-2020-1074 High
Microsoft Graphics Component Microsoft Graphics Component Information Disclosure Vulnerability CVE-2020-1083 High
Microsoft Graphics Component Windows Graphics Component Information Disclosure Vulnerability CVE-2020-1091 High
Microsoft Graphics Component Windows Graphics Component Information Disclosure Vulnerability CVE-2020-1097 High
Microsoft Windows Windows Shell Infrastructure Component Elevation of Privilege Vulnerability CVE-2020-1098 High
Common Log File System Driver Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2020-1115 High
Microsoft Windows Windows Information Disclosure Vulnerability CVE-2020-1119 High
Microsoft Windows Windows Language Pack Installer Elevation of Privilege Vulnerability CVE-2020-1122 High
Windows Diagnostic Hub Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability CVE-2020-1130 High
Windows Diagnostic Hub Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability CVE-2020-1133 High
Microsoft Windows Microsoft Store Runtime Elevation of Privilege Vulnerability CVE-2020-1146 High
Microsoft Graphics Component Windows Win32k Elevation of Privilege Vulnerability CVE-2020-1152 High
Microsoft Windows Windows Elevation of Privilege Vulnerability CVE-2020-1159 High
Microsoft Windows Windows Runtime Elevation of Privilege Vulnerability CVE-2020-1169 High
Microsoft Scripting Engine Scripting Engine Memory Corruption Vulnerability CVE-2020-1180 High
Microsoft Office Microsoft Excel Remote Code Execution Vulnerability CVE-2020-1193 High
Microsoft Office SharePoint Microsoft Office SharePoint XSS Vulnerability CVE-2020-1198 High
Microsoft Office SharePoint Microsoft SharePoint Spoofing Vulnerability CVE-2020-1205 High
Microsoft Office Microsoft Word Remote Code Execution Vulnerability CVE-2020-1218 High
Microsoft Office Microsoft Excel Information Disclosure Vulnerability CVE-2020-1224 High
Microsoft Office SharePoint Microsoft Office SharePoint XSS Vulnerability CVE-2020-1227 High
Microsoft Windows DNS Windows DNS Denial of Service Vulnerability CVE-2020-1228 High
Microsoft Graphics Component Win32k Elevation of Privilege Vulnerability CVE-2020-1245 High
Microsoft Graphics Component Win32k Information Disclosure Vulnerability CVE-2020-1250 High
Microsoft Graphics Component Windows GDI Information Disclosure Vulnerability CVE-2020-1256 High
Microsoft Windows Windows Runtime Elevation of Privilege Vulnerability CVE-2020-1303 High
Microsoft Graphics Component DirectX Elevation of Privilege Vulnerability CVE-2020-1308 High
Microsoft Office Microsoft Excel Remote Code Execution Vulnerability CVE-2020-1332 High
Microsoft Office Microsoft Excel Remote Code Execution Vulnerability CVE-2020-1335 High
Microsoft Office Microsoft Word Remote Code Execution Vulnerability CVE-2020-1338 High
Microsoft Office SharePoint Microsoft Office SharePoint XSS Vulnerability CVE-2020-1345 High
Microsoft Windows Windows Elevation of Privilege Vulnerability CVE-2020-1376 High
Microsoft Office SharePoint Microsoft SharePoint Server Tampering Vulnerability CVE-2020-1440 High
Microsoft Windows Windows CloudExperienceHost Elevation of Privilege Vulnerability CVE-2020-1471 High
Microsoft Office SharePoint Microsoft Office SharePoint XSS Vulnerability CVE-2020-1482 High
Microsoft Windows Windows Function Discovery Service Elevation of Privilege Vulnerability CVE-2020-1491 High
Internet Explorer Windows Start-Up Application Elevation of Privilege Vulnerability CVE-2020-1506 High
Microsoft Windows Microsoft COM for Windows Elevation of Privilege Vulnerability CVE-2020-1507 High
Microsoft Office SharePoint Microsoft Office SharePoint XSS Vulnerability CVE-2020-1514 High
Microsoft Office SharePoint Microsoft SharePoint Information Disclosure Vulnerability CVE-2020-1523 High
Microsoft Windows Windows InstallService Elevation of Privilege Vulnerability CVE-2020-1532 High
Microsoft Windows Windows Storage Services Elevation of Privilege Vulnerability CVE-2020-1559 High
Microsoft Office SharePoint Microsoft Office SharePoint XSS Vulnerability CVE-2020-1575 High
Windows Kernel Windows Kernel Information Disclosure Vulnerability CVE-2020-1589 High
Microsoft Windows Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability CVE-2020-1590 High
Windows Kernel Windows Kernel Information Disclosure Vulnerability CVE-2020-1592 High
Microsoft Office Microsoft Excel Remote Code Execution Vulnerability CVE-2020-1594 High
Microsoft Windows TLS Information Disclosure Vulnerability CVE-2020-1596 High
Microsoft Windows Windows UPnP Service Elevation of Privilege Vulnerability CVE-2020-1598 High
Microsoft OneDrive OneDrive for Windows Elevation of Privilege Vulnerability CVE-2020-16851 High
Microsoft OneDrive OneDrive for Windows Elevation of Privilege Vulnerability CVE-2020-16852 High
Microsoft OneDrive OneDrive for Windows Elevation of Privilege Vulnerability CVE-2020-16853 High
Windows Kernel Windows Kernel Information Disclosure Vulnerability CVE-2020-16854 High
Microsoft Office Microsoft Office Information Disclosure Vulnerability CVE-2020-16855 High
Visual Studio Visual Studio Remote Code Execution Vulnerability CVE-2020-16856 High
Microsoft Dynamics Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability CVE-2020-16858 High
Microsoft Dynamics Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability CVE-2020-16859 High
Microsoft Dynamics Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability CVE-2020-16860 High
Microsoft Dynamics Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability CVE-2020-16861 High
Microsoft Dynamics Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability CVE-2020-16864 High
Microsoft Dynamics Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability CVE-2020-16871 High
Microsoft Dynamics Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability CVE-2020-16872 High
Open Source Software Xamarin.Forms Spoofing Vulnerability CVE-2020-16873 High
Microsoft Dynamics Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability CVE-2020-16878 High
Microsoft Windows Projected Filesystem Information Disclosure Vulnerability CVE-2020-16879 High
Visual Studio Visual Studio JSON Remote Code Execution CVE-2020-16881 High
Internet Explorer Internet Explorer Browser Helper Object (BHO) Memory Corruption Vulnerability CVE-2020-16884 High

 

About Automox

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure. 

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.