Microsoft brings us an October's Update Tuesday with 87 vulnerabilities, a sub-100 number we haven't experienced in quite some time. To further add to this oddity, there are no Browser-based vulnerabilities to mention and the arrival of a new Adobe Flash vulnerability CVE-2020-9746. Despite this month's lower numbers, there are some precautions we should all take to remediate our environments quickly and effectively.
Starting with Microsoft Windows
As usual, whenever possible, it's better to prioritize updates against the Windows operating system. Coming in at 53 of the 87 vulnerabilities, patching the OS knocks out 60% of the vulnerabilities listed along with over half of the critical remote code execution vulnerabilities resolved today.
Microsoft CVE-2020-16898: Microsoft TCP/IP Remote Code Execution Vulnerability
With a CVSS score of 9.8 and marked as "Exploitation More Likely", this vulnerability grants the ability to execute code on target Windows 10 (version 1709+), Windows Server 2019, and Windows Server version 1903+ systems due to improper handling of ICMPv6 Router Advertisement packets.
Luckily, if immediate patching isn't viable due to reboot scheduling, Microsoft provides PowerShell-based commands to disable ICMPv6 RDNSS on affected operating systems. The PowerShell command netsh int ipv6 set int *INTERFACENUMBER* rabaseddnsconfig=disable does not require a reboot to take effect.
Microsoft CVE-2020-16896: Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
RDP has been a focal ..
Support the originator by clicking the read the rest link below.
