Microsoft September 2020 Security Updates

Discussion in 'update alerts' started by NICK ADSL UK, Sep 8, 2020.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,345
    Location:
    UK
    Release Notes
    September 2020 Security Updates
    Release Date: September 08, 2020


    The September 2020 security release consists of security updates for the following software:




      • Microsoft Windows
      • Microsoft Edge (EdgeHTML-based)
      • Microsoft Edge (Chromium-based)
      • Microsoft ChakraCore
      • Internet Explorer
      • SQL Server
      • Microsoft JET Database Engine
      • Microsoft Office and Microsoft Office Services and Web Apps
      • Microsoft Dynamics
      • Visual Studio
      • Microsoft Exchange Server
      • SQL Server
      • ASP.NET
      • Microsoft OneDrive
      • Azure DevOps
    Please note the following information regarding the security updates:




      • For information regarding enabling Windows 10, version 1909 features, please see Windows 10, version 1909 delivery options. Note that Windows 10, versions 1903 and 1909 share a common core operating system with an identical set of system files. They will also share the same security update KBs.
      • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
      • A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
      • Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
      • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
      • Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.
      • There is a change coming with regards to Servicing Stack Updates. Please see Simplifying SSUs for more information.
    The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates. Please note that this is not a complete list of CVEs for this release.


    Known Issues

    The following KBs contain information about known issues with the security updates. For a complete list of security update KBs, please see 20200908. For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

    KB Article Applies To
    4484488 SharePoint Foundation 2013
    4484515 SharePoint Enterprise Server 2013
    4486667 SharePoint Foundation 2010
    4570333 Windows 10 Version 1809, Windows Server 2019
    4571756 Windows 10, version 2004
    4577015 Windows 10, version 1607, Windows Server 2016
    4577038 Windows Server 2012 (Monthly Rollup)
    4577048 Windows Server 2012 (Security-only update)
    4577051 Windows 7, Windows Server 2008 R2 (Monthly Rollup)
    4577053 Windows 7, Windows Server 2008 R2 (Security-only update)
    4577064 Windows Server 2008 Service Pack 2 (Monthly Rollup)
    4577066 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
    4577070 Windows Server 2008 Service Pack 2 (Security-only update)
    4577071 Windows 8.1, Windows Server 2012 R2 (Security-only update)
    4577352 Exchange Server 2019, Exchange Server 2016

    https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Sep
     
  2. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,345
    Location:
    UK
    Title: Microsoft Security Update Releases
    Issued: September 8, 2020
    **************************************************************************************

    Summary
    =======

    The following CVE has undergone a major revision increment:

    * CVE-2020-1162


    Revision Information:
    =====================

    * CVE-2020-1162

    - CVE-2020-1162 | Windows Elevation of Privilege Vulnerability
    - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1162
    - Version 2.0
    - Reason for Revision: To comprehensively address this vulnerability, Microsoft has
    released the September 2020 security updates for all supported editions of Windows
    10 Version 1809 and Windows Server 2019; Windows 10 Version 1903 and Windows Server,
    version 1903 (Server Core installation); and Windows 10 version 1909 and Windows
    Server, version 1909 (Server Core installation). Microsoft strongly recommends that
    customers running any of these versions of Windows 10 or Windows Server install the
    updates to be fully protected from this vulnerability. Customers whose systems are
    configured to receive automatic updates do not need to take any further action.
    - Originally posted: June 6, 2020
    - Updated: September 8, 2020
    - Aggregate CVE Severity Rating: Important
     
  3. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,345
    Location:
    UK
    Title: Microsoft Security Advisory Notification
    Issued: September 8, 2020
    **************************************************************************************

    Security Advisories Released or Updated on September 8, 2020
    ======================================================================================

    * ADV990001

    - ADV990001 | Latest Servicing Stack Updates
    - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001
    - Reason for Revision: Advisory updated to announce new versions of Servicing Stack
    Updates are available. Please see the FAQ for details.
    - Originally posted: November 13, 2019
    - Updated: September 8, 2020
    - Version: 26.0
     
  4. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,345
    Location:
    UK
    Security Advisories Released or Updated on September 10, 2020
    ======================================================================================

    * Microsoft Security Advisory ADV200002

    - ADV200002 | Chromium Security Updates for Microsoft Edge based on Chromium
    - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200002
    - Reason for Revision: Updated advisory to announce a new version of Microsoft Edge
    (Chromium-based). Please see the table for more information.
    - Originally posted: January 28, 2020
    - Updated: September 10, 2020
    - Version: 22.0
     
  5. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,345
    Location:
    UK
    ************************************************************************************
    Title: Microsoft Security Update Minor Revisions
    Issued: September 9, 2020
    ************************************************************************************

    Summary
    =======

    The following CVE has undergone a minor revision increment.

    ================================================================================== ====

    * CVE-2020-0997

    - CVE-2020-0997 | Windows Camera Codec Pack Remote Code Execution Vulnerability
    - »portal.msrc.microsoft.co ··· 020-0997
    - Version: 1.1
    - Reason for Revision: In the Security Updates table, removed Windows Server,
    version 1803 (Server Core installation) as this version of Windows Server is no
    longer supported.
    - Originally September 8, 2020
    - Updated: September 9, 2020
    - Aggregate CVE Severity Rating: Critical
     
  6. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,345
    Location:
    UK
    Title: Microsoft Security Update Releases
    Issued: September 16, 2020
    **************************************************************************************

    Summary
    =======

    The following CVEs have undergone a major revision increment:

    * CVE-2020-1193
    * CVE-2020-1218
    * CVE-2020-1224
    * CVE-2020-1338
    * CVE-2020-16855


    Revision Information:
    =====================

    - CVE-2020-1193 | Microsoft Excel Remote Code Execution Vulnerability
    - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1193
    - Version 2.0
    - Reason for Revision: Microsoft is announcing the availability of the security
    updates for Microsoft Office for Mac. Customers running affected Mac software should
    install the update for their product to be protected from this vulnerability.
    Customers running other Microsoft Office software do not need to take any action. See
    the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more
    information and download links.
    - Originally posted: September 8, 2020
    - Updated: September 16, 2020
    - Aggregate CVE Severity Rating: Important


    - CVE-2020-1218 | Microsoft Word Remote Code Execution Vulnerability
    - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1218
    - Version 2.0
    - Reason for Revision: Microsoft is announcing the availability of the security
    updates for Microsoft Office for Mac. Customers running affected Mac software should
    install the update for their product to be protected from this vulnerability.
    Customers running other Microsoft Office software do not need to take any action. See
    the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more
    information and download links.
    - Originally posted: September 8, 2020
    - Updated: September 16, 2020
    - Aggregate CVE Severity Rating: Important


    - CVE-2020-1224 | Microsoft Excel Information Disclosure Vulnerability
    - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1224
    - Version 2.0
    - Reason for Revision: Microsoft is announcing the availability of the security
    updates for Microsoft Office for Mac. Customers running affected Mac software should
    install the update for their product to be protected from this vulnerability.
    Customers running other Microsoft Office software do not need to take any action. See
    the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more
    information and download links.
    - Originally posted: September 8, 2020
    - Updated: September 16, 2020
    - Aggregate CVE Severity Rating: Important


    - CVE-2020-1338 | Microsoft Word Remote Code Execution Vulnerability
    - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1338
    - Version 2.0
    - Reason for Revision: Microsoft is announcing the availability of the security
    updates for Microsoft Office for Mac. Customers running affected Mac software should
    install the update for their product to be protected from this vulnerability.
    Customers running other Microsoft Office software do not need to take any action. See
    the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more
    information and download links.
    - Originally posted: September 8, 2020
    - Updated: September 16, 2020
    - Aggregate CVE Severity Rating: Important


    - CVE-2020-16855 | Microsoft Office Information Disclosure Vulnerability
    - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16855
    - Version 2.0
    - Reason for Revision: Microsoft is announcing the availability of the security
    updates for Microsoft Office for Mac. Customers running affected Mac software should
    install the update for their product to be protected from this vulnerability.
    Customers running other Microsoft Office software do not need to take any action. See
    the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more
    information and download links.
    - Originally posted: September 8, 2020
    - Updated: September 16, 2020
    - Aggregate CVE Severity Rating: Important
     
  7. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,345
    Location:
    UK
    Title: Microsoft Security Advisory Notification
    Issued: September 23, 2020
    **************************************************************************************

    Security Advisories Released or Updated on September 23, 2020
    ======================================================================================

    * Microsoft Security Advisory ADV200002

    - ADV200002 | Chromium Security Updates for Microsoft Edge based on Chromium
    - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200002
    - Reason for Revision: Updated advisory to announce a new version of Microsoft Edge
    (Chromium-based). Please see the table for more information.
    - Originally posted: January 28, 2020
    - Updated: September 23, 2020
    - Version: 23.0
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.