Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2020.0161 Microsoft Patch Tuesday update for Windows for October 2020 14 October 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Windows Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Administrator Compromise -- Remote with User Interaction Increased Privileges -- Existing Account Access Privileged Data -- Existing Account Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Provide Misleading Information -- Existing Account Unauthorised Access -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2020-16980 CVE-2020-16976 CVE-2020-16975 CVE-2020-16974 CVE-2020-16973 CVE-2020-16972 CVE-2020-16968 CVE-2020-16967 CVE-2020-16940 CVE-2020-16939 CVE-2020-16938 CVE-2020-16936 CVE-2020-16935 CVE-2020-16927 CVE-2020-16924 CVE-2020-16923 CVE-2020-16922 CVE-2020-16921 CVE-2020-16920 CVE-2020-16919 CVE-2020-16916 CVE-2020-16915 CVE-2020-16914 CVE-2020-16913 CVE-2020-16912 CVE-2020-16911 CVE-2020-16910 CVE-2020-16909 CVE-2020-16908 CVE-2020-16907 CVE-2020-16905 CVE-2020-16902 CVE-2020-16901 CVE-2020-16900 CVE-2020-16899 CVE-2020-16898 CVE-2020-16897 CVE-2020-16896 CVE-2020-16895 CVE-2020-16894 CVE-2020-16892 CVE-2020-16891 CVE-2020-16890 CVE-2020-16889 CVE-2020-16887 CVE-2020-16885 CVE-2020-16877 CVE-2020-16876 CVE-2020-1243 CVE-2020-1167 CVE-2020-1080 CVE-2020-1047 CVE-2020-0764 Member content until: Friday, November 13 2020 Reference: ESB-2020.1833 ESB-2020.1815 ESB-2020.1733.2 ESB-2020.1039 OVERVIEW Microsoft has released its monthly security patch update for the month of October 2020. This update resolves 53 vulnerabilities across the following products: [1] Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1709 for 32-bit Systems Windows 10 Version 1709 for ARM64-based Systems Windows 10 Version 1709 for x64-based Systems Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1903 for 32-bit Systems Windows 10 Version 1903 for ARM64-based Systems Windows 10 Version 1903 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2019 Windows Server 2019 (Server Core installation) IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2020-0764 Elevation of Privilege Important CVE-2020-1047 Elevation of Privilege Important CVE-2020-1080 Elevation of Privilege Important CVE-2020-1167 Remote Code Execution Important CVE-2020-1243 Denial of Service Important CVE-2020-16876 Elevation of Privilege Important CVE-2020-16877 Elevation of Privilege Important CVE-2020-16885 Elevation of Privilege Important CVE-2020-16887 Elevation of Privilege Important CVE-2020-16889 Information Disclosure Important CVE-2020-16890 Elevation of Privilege Important CVE-2020-16891 Remote Code Execution Critical CVE-2020-16892 Elevation of Privilege Important CVE-2020-16894 Remote Code Execution Important CVE-2020-16895 Elevation of Privilege Important CVE-2020-16896 Information Disclosure Important CVE-2020-16897 Information Disclosure Important CVE-2020-16898 Remote Code Execution Critical CVE-2020-16899 Denial of Service Important CVE-2020-16900 Elevation of Privilege Important CVE-2020-16901 Information Disclosure Important CVE-2020-16902 Elevation of Privilege Important CVE-2020-16905 Elevation of Privilege Important CVE-2020-16907 Elevation of Privilege Important CVE-2020-16908 Elevation of Privilege Important CVE-2020-16909 Elevation of Privilege Important CVE-2020-16910 Security Feature Bypass Important CVE-2020-16911 Remote Code Execution Critical CVE-2020-16912 Elevation of Privilege Important CVE-2020-16913 Elevation of Privilege Important CVE-2020-16914 Information Disclosure Important CVE-2020-16915 Remote Code Execution Critical CVE-2020-16916 Elevation of Privilege Important CVE-2020-16919 Information Disclosure Important CVE-2020-16920 Elevation of Privilege Important CVE-2020-16921 Information Disclosure Important CVE-2020-16922 Spoofing Important CVE-2020-16923 Remote Code Execution Critical CVE-2020-16924 Remote Code Execution Important CVE-2020-16927 Denial of Service Important CVE-2020-16935 Elevation of Privilege Important CVE-2020-16936 Elevation of Privilege Important CVE-2020-16938 Information Disclosure Important CVE-2020-16939 Elevation of Privilege Important CVE-2020-16940 Elevation of Privilege Important CVE-2020-16967 Remote Code Execution Critical CVE-2020-16968 Remote Code Execution Critical CVE-2020-16972 Elevation of Privilege Important CVE-2020-16973 Elevation of Privilege Important CVE-2020-16974 Elevation of Privilege Important CVE-2020-16975 Elevation of Privilege Important CVE-2020-16976 Elevation of Privilege Important CVE-2020-16980 Elevation of Privilege Important MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1] KB4579311, KB4580353, KB4580347, KB4580346, KB4580330 KB4580358, KB4577668, KB4580328, KB4577049, KB4577671 KB4577041, KB4580327, KB4580382 REFERENCES [1] Microsoft Security Update Guidance https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBX4YxouNLKJtyKPYoAQiJJw/9Hh3Xx4W/dL5qfa2yrhRxyn3RYWQmXcDf BcN89+/ZibUPxuyih0vWxpd8HDCoYKHdOS4D1bhNoP4g6dqWCUJscp0pyflvSw0L H+gGNrv00SWYjWJPYBRXs0ibdQbV7sNErbP8eDgZ6/KLk/kCFmkVo1uldZIrE9L8 vxtFEiXzaA81W7qSNV9lVhKxdaEGAHbSD1LYfPNWruSUOIsocJhxLiFW5HpkPEpZ T1oG8UYR2aOAxiro7SPC0Rv5OXLuBgzSV7/zbM1dLZwNHsgRLfn5H48aO+AcwpYR nRmv4A0wUSqzqWzKn6igUB3Az6yNohslMAf1F1EyF3m7cVpbODA2BjCDENl7NAdW S1D1QcfF+31hSVjGSzJyMGMXIMN8CMNgnFZym8XMunxxjtwofXBsYz4OBB5jtsuD ZOn+VKBUKqhuIZ8rWoSJFJeu4WQTyH9vRGtNOdUp3BTzjlf6fNiPlL019OISgqgO 579hwa6owH6pUHT1Wh/sB86rYnubtJEVvZDgtz5JpNaWMLtTPdHdOg/oJ28lNnir Fm1PLuENbtVujov2ffVaRxr/Vjfy8KSQD+AtLMeln8DEU3nroYf8ctH+CCfSqvE9 c3pyYzn/VMFaC/b2QfMEzsAVJGok4kqpnkwKDnaxU4BT9CIfA/Qu3NPDKxopScYt fms3/gFqins= =AJFQ -----END PGP SIGNATURE-----