Sunday, September 20, 2020
Home Science Microsoft Patch Tuesday, Sept. 2020 Edition — Krebs on Security - Krebs...

Microsoft Patch Tuesday, Sept. 2020 Edition — Krebs on Security – Krebs on Security

Microsoft today released updates to remedy nearly 130 security vulnerabilities in its Windows operating system and supported software. None of the flaws are known to be currently under active exploitation, but 23 of them could be exploited by malware or malcontents to seize complete control of Windows computers with little or no help from users.

The majority of the most dangerous or “critical” bugs deal with issues in Microsoft’s various Windows operating systems and its web browsers, Internet Explorer and Edge. September marks the seventh month in a row Microsoft has shipped fixes for more than 100 flaws in its products, and the fourth month in a row that it fixed more than 120.

Among the chief concerns for enterprises this month is CVE-2020-16875, which involves a critical flaw in the email software Microsoft Exchange Server 2016 and 2019. An attacker could leverage the Exchange bug to run code of his choosing just by sending a booby-trapped email to a vulnerable Exchange server.

“That doesn’t quite make it wormable, but it’s about the worst-case scenario for Exchange servers,” said Dustin Childs, of Trend Micro’s Zero Day Initiative. “We have seen the previously patched Exchange bug CVE-2020-0688 used in the wild, and that requires authentication. We’ll likely see this one in the wild soon. This should be your top priority.”

Also not great for companies to have around is CVE-2020-1210, which is a remote code execution flaw in supported versions of Microsoft Sharepoint document management software that bad guys could attack by uploading a file to a vulnerable Sharepoint site. Security firm Tenable notes that this bug is reminiscent of CVE-2019-0604, another Sharepoint problem that’s been exploited for cybercriminal gains since April 2019.

Microsoft fixed at least five other serious bugs in Sharepoint versions 2010 through 2019 that also could be used to compromise systems running this software. And because ransomware purveyors have a history of seizing upon Sharepoint flaws to wreak havoc inside enterprises, companies should definitely prioritize deployment of these fixes, says Alan Liska, senior security architect at Recorded Future.

Todd Schell at Ivanti reminds us that Patch Tuesday isn’t just about Windows updates: Google has shipped a critical update for its Chrome browser that resolves at least five security flaws that are rated high severity. If you use Chrome and notice an icon featuring a small upward-facing arrow inside of a circle to the right of the address bar, it’s time to update. Completely closing out Chrome and restarting it should apply the pending updates.

Once again, there are no security updates available today for Adobe’s Flash Player, although the company did ship a non-security software update for the browser plugin. The last time Flash got a security update was June 2020, which may suggest researchers and/or attackers have stopped looking for flaws in it. Adobe says it will retire the plugin at the end of this year, and Microsoft has said it plans to completely remove the program from all Microsoft browsers via Windows Update by then.

Before you update with this month’s patch batch, please make sure you have backed up your system and/or important files. It’s not uncommon for Windows updates to hose one’s system or prevent it from booting properly, and some updates even have known to erase or corrupt files.

So do yourself a favor and backup before installing any patches. Windows 10 even has some built-in tools to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once.

And if you wish to ensure Windows has been set to pause updating so you can back up your files and/or system before the operating system decides to reboot and install patches on its own schedule, see this guide.

As always, if you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there’s a better-than-even chance other readers have experienced the same and may chime in here with some helpful tips.

Tags: , , , , , , , , , , ,


This entry was posted on Tuesday, September 8th, 2020 at 5:33 pm and is filed under Security Tools, Time to Patch.
You can follow any comments to this entry through the RSS 2.0 feed.

You can skip to the end and leave a comment. Pinging is currently not allowed.

Read More

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular

Australia reports lowest coronavirus cases in three months: Live – Al Jazeera English

Australia reported 14 new cases on Sunday - the lowest daily increase in new coronavirus cases in three months as strict lockdown in Melbourne reduces infections sharply. Brazil and Argentina have announced that they are joining a global alliance seeking to pool the purchase and distribution of future COVID-19 vaccines. Despite threats of heavy fines…

Uptick in L.A. County’s COVID-19 case rate raises concerns over increased transmission during Labor Day holiday – KTLA Los Angeles

by: Nouran Salahieh Posted: Sep 19, 2020 / 05:43 PM PDT / Updated: Sep 19, 2020 / 05:43 PM PDT People gather on the beach on the second day of the Labor Day weekend amid a heatwave in Santa Monica on Sept. 6, 2020. (APU GOMES/AFP via Getty Images) After weeks of improvement, a recent…

Joe Biden said in 2016 that it is a president’s ‘constitutional duty’ to fill a SCOTUS seat

Joe Biden is accused of hypocrisy after a 2016 op-ed emerged in which he slammed Republicans for holding up a Supreme Court appointment, stating that it is the 'constitutional duty' of a president to nominate if a vacancy becomes available.  He made the comments in a March 2016 op-ed with the New York Times, in which he…

TikTok Ban Averted: Trump Gives Oracle-Walmart Deal His ‘Blessing’

U.S. President Donald Trump speaks to members of the media before boarding Marine One on the South Lawn of the White House in July. Bloomberg/Bloomberg via Getty Images hide caption toggle caption Bloomberg/Bloomberg via Getty Images U.S. President Donald Trump speaks to members of the media before boarding Marine One on the South Lawn of…