Microsoft September 2020 Security and Adobe Updates

Microsoft September 2020 Security and Adobe Updates

Microsoft has released the September 2020 Security updates that includes patches for 129 vulnerabilities, 24 of them rated Critical. Adobe also released updates for Experience Manager, Framemaker and InDesign.

In all, the Microsoft security updates address vulnerabilities in the following products:

  • ASP.NET
  • Azure DevOps
  • Internet Explorer
  • Microsoft ChakraCore
  • Microsoft Dynamics
  • Microsoft Edge (Chromium-based)
  • Microsoft Edge (EdgeHTML-based)
  • Microsoft Exchange Server
  • Microsoft JET Database Engine
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Microsoft OneDrive
  • Microsoft Windows
  • SQL Server
  • SQL Server
  • Visual Studio.

Microsoft has provided patches for each of the vulnerabilities and also summarized them in the September 2020 Security Updates Release Notes.

Readers can also check out more vulnerability and patch details in Microsoft’s Security Update Guide.

Critical RCEs

All of the Critical vulnerabilities are remote code execution (RCE) vulnerabilities, 24 in total.

Microsoft patched 7 Critical SharePoint RCE bugs – CVE-2020-1200, CVE-2020-1210, CVE-2020-1452, CVE-2020-1453, CVE-2020-1460, CVE-2020-1576 and CVE-2020-1595.

“A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account,” Microsoft stated in several of the SharePoint advisories.

In addition, Microsoft patched Critical RCE vulnerabilities in the following products:

According to Microsoft, none of advisories had known exploits as of the original advisory posting dates.

Finally, the remaining patches address vulnerabilities rated Important, to include: Denial of Service (5), Elevation of Privilege (41), Information Disclosure (23), RCE (15), Security Feature Bypass (3), Spoofing (16) and Tampering (2).

Adobe Patches

Adobe also released updates for InDesign, Framemaker and Experience Manager.

The security update for Experience Manager APSB20-52 fixes 5 Critical Abitrary Code Execution vulnerabilities CVE-2020-9727, CVE-2020-9728, CVE-2020-9729, CVE-2020-9730 and CVE-2020-9731.

The Framemaker update APSB20-54 addresses 2 Critical Abitrary Code Execution bugs CVE-2020-9725 and CVE-2020-9726.

Finally, the Experience Manager patch APSB20-56 addresses multiple Information Disclosure, Cross Site Scripting, Privilege Execution and HTML injection vulnerabilities.

Related Articles