• Skip to primary navigation
  • Skip to main content
  • Skip to footer
Logo of Agilient Security Consultants, Australia

Agilient Security Consultants Australia

Cybersecurity & Risk Management Specialists

Menu
  • Home
  • Industries
      • Aviation
      • Defence & Defence Industry
      • Government
      • Health & Hospitals
      • Corrections and Detention
      • Maritime
      • Aged Care Facilities
      • Mining, Oil & Gas
      • Public Venues & Events
      • Rail
      • Research and Education Industry
      • Telecommunications
      • Utilities
    • advice-colleagues-communication-newIndustries
  • Services
      • Cybersecurity
      • Protective Security
      • Business Resilience
      • Building Security Consultants
      • Security Audits
      • Pandemic Planning
      • Electronic Security
      • IT Disaster Recovery Plan
      • Security Consultants
      • CCTV and Security Cameras
      • Duress Alarms
      • Security Risk Assessment Consultants
      • Managed Security Service Provider
      • Protection against Vehicles as a Weapon
    • training-1Services
  • Solutions
    • banner-menuUnisys Solutions
    • CTO-Blog-110619-Header-GraphicLookingGlass Solutions
    • menu-bg-2Dell Technologies (RSA) Solutions
    • Sightline-Visualization-menuSightline Solutions
  • Resources
    • menumanagers-dealing-customer-agreTraining
    • working-together-newJoin The Tribe
    • Webinars_3-1.jpgUpcoming and Past Events
    • hacking-detected-shutterstock_newResources
  • Articles
  • About
    • About Us
      We are an Australian owned and operated security company specialising in risk, cybersecurity, protective security, crisis and business continuity management services.
    • frequently-asked-questions-smallFAQ’s
    • bg-menu-government-institutionsConsultant Registration
  • Contact Us
Contact Us

Microsoft September Patch Fixes 129 Vulnerabilities

You are here: Home / Security News / Microsoft September Patch Fixes 129 Vulnerabilities

This patch Tuesday contains 129 fixes, including 20 critical fixes for remote code execution, which allows unauthorised access to a system with this type of vulnerability.  This is an increase from 17 critical vulnerabilities in the August patch Tuesday rollup. More than 5 fixes require follow up actions to ensure security.

Organisations are highly encouraged to apply these patches as soon as possible, while still following their patch verification and impact assessment method. The 20 critical CVEs in descending CVSS scores are:

 

CVE Vulnerability CVSS Description
CVE-2020-1210 Microsoft Sharepoint Remote Code Execution Vulnerability 9.9 Allows an attacker to run arbitrary code due to the software failing to check the source markup of an application package.
CVE-2020-1595 Microsoft Sharepoint Remote Code Execution Vulnerability 9.9 Allows an attacker to run arbitrary code due to the software failing to check the source markup of an application package. Requires that users access a susceptible API on an affected version of SharePoint with specially formatted input.
CVE-2020-1129 Windows Codecs Library Remote Code Execution Vulnerability 8.8 Allows adversary to access information that can be used to further compromise the user’s system.
CVE-2020-1319 Windows Codecs Library Remote Code Execution Vulnerability 8.8 Allows adversary to take control of the user’s system.
CVE-2020-0922 Microsoft COM for Windows Remote Code Execution Vulnerability 8.8 Allows adversary to execute arbitrary code on the target system.
CVE-2020-1200 Microsoft Sharepoint Remote Code Execution Vulnerability 8.6 Allows an attacker to run arbitrary code due to the software failing to check the source markup of an application package.
CVE-2020-1452 Microsoft Sharepoint Remote Code Execution Vulnerability 8.6 Allows an attacker to run arbitrary code due to the software failing to check the source markup of an application package.
CVE-2020-1453 Microsoft Sharepoint Remote Code Execution Vulnerability 8.6 Allows an attacker to run arbitrary code due to the software failing to check the source markup of an application package.
CVE-2020-1460 Microsoft Sharepoint Remote Code Execution Vulnerability 8.6 Sharepoint fails to filter unsafe ASP.Net web controls, allowing hackers to perform actions in the security context of Sharepoint.
CVE-2020-1576 Microsoft Sharepoint Remote Code Execution Vulnerability 8.5 Allows an attacker to run arbitrary code due to the software failing to check the source markup of an application package.
CVE-2020-16875 Exchange Server Remote Code Execution Vulnerability 8.4 Attacker can run arbitrary code by sending a specially crafted email to a vulnerable server.
CVE-2020-1285 GDI+ Remote Code Execution Vulnerability 8.4 Allows attacker to take control of the system, installing programs, changing/deleting data and creating new accounts.
CVE-2020-1252 Windows Remote Code Execution Vulnerability 7.8 Requires some social engineering to trick user into running a specially crafted application.
CVE-2020-0997 Windows Camera CODEC Pack Remote Code Execution Vulnerability 7.8 CODEC improperly handles objects. allowing attacker to take control of the system and/or install arbitrary programs or code.
CVE-2020-16862 Visual Studio Remote Code Execution Vulnerability 7.8 Allows adversary to run arbitrary code in the context of the logged in user.
CVE-2020-1593 Windows Media Audio Decoder Remote Code Execution Vulnerability 7.6 Decoder improperly handles objects, allowing attacker to take control of the system.
CVE-2020-1508 Windows Media Audio Decoder Remote Code Execution Vulnerability 7.6 Convincing user to open a specially crafted document or website allows adversary to take control of the user’s system.
CVE-2020-0908 Windows Text Service Module Remote Code Execution Vulnerability 7.5 Allows adversary to gain execution on a victim system.
CVE-2020-16857 Microsoft Dynamics 365 for Finance and Operations Remote Code Execution Vulnerability 7.1 Allows adversary to gain remote code execution capabilities on the victim’s server.
CVE-2020-16853 OneDrive for Windows Elevation of Privilege Vulnerability 7.1 Allows adversary to overwrite a file with an elevated status.

 

If you need assistance with managing software or hardware updates, please contact Agilient to discuss.

Author: David Steele, Agilient Consultant

Tweet
Share

Security News cyber attack,  cybersecurity,  malware,  Microsoft,  Patch Tuesday,  remote code execution,  Windows

Looking for a security partner? Get in touch with Agilient.

Looking for practical and cost-effective security and risk solutions for your government department, agency or company? Speak with Australia’s leading senior security, risk and resilience experts.


Looking for a pandemic planning partner? Get in touch with Agilient.

Looking for practical and cost-effective risk management solutions for your government department, agency or company? Speak with Australia’s leading senior risk and emergency management experts.



Footer

Agilient is a proud member of

Ai Group Defence Council
Australian Industry & Defence Network
Australian Security Industry Association
Sydney Aerospace & Defence Interest Group

Company and Licensing Details:

ABN: 37 157 911 441
NSW Security Master Licence # 410783087
ACT Security Master Licence # 17502184
Vic Security Registration # 878-460-40S
Qld Security Firm Licence # 3834422

Join The Tribe

Sign up to receive our regular Agilient newsletter including the latest security, risk and resilience updates

Sign up now

Copyright © 2022 Agilient – Level 14, 275 Alfred St, North Sydney NSW 2060 Australia – 1300 341 692