129 Vulnerabilities Patched in Microsoft's September 2020 Update Tuesday (2020-Sep Patch Tuesday)
Despite maintaining the continued high volume of vulnerabilities disclosed and patched this month, Microsoft's 129-Vulnerability September 2020 Update Tuesday is seemingly calm from an operations perspective -- at first glance.
While following standard procedures of scheduling the patching for Windows OSes up front immediately closes the door against 60%+ of the vulnerabilities being disclosed this month, there is a slight uptick in Critical Vulnerabilities (23 in September versus 17/18 in August/July respectively) which land on our Server friends Exchange Server and SharePoint.
Microsoft CVE-2020-16875: Microsoft Exchange Memory Corruption Vulnerability
The first vulnerability to note comes from Microsoft Exchange Server. CVE-2020-16875 is a CVSS 9.1-scoring remote code execution vulnerability. In this scenario, Microsoft explains that the vulnerability occurs when a specially crafted email is sent to a vulnerable Exchange Server. Through this attack, arbitrary code could run under the context of the System user due to improper handling of objects in memory.
Noted as affecting supported versions of Exchange Server 2016/2019 Cumulative Update levels, this is something to prioritize patching early.
Microsoft SharePoint Remote Code Execution Vulnerability CVE-2020-1210, CVE-2020-1595 and more
A substantial portion of critical vulnerabilities marked by Microsoft came from SharePoint this month. Unfortunately, this set of seven remote code execution vulnerabilities ( patch tuesday september
