DEV Community

tristanHdez18
tristanHdez18

Posted on

Microsoft September 2020 Patch Tuesday

I just wanna told you: "This article is inspired by 'Catalin Cimpanu', 'cause somethings we need know this information and is a little hard to search about it, so... Thanks, Cimpanu!

If u use to Windows, is very important update every months (Patch Tuesday), 'cause has this updates:

form:

CVE -> Common Vulnerabilities and Exposures
the asteric* -> further steps to take after installing the updates
MITRE -> The MITRE Corporation

our mate 'Catalin Cimpanu' say:
"Of note is that this month, of the 129 vulnerabilities, 32 were classified as remote code execution issues, which are bugs that permit attackers to exploit vulnerable applications remotely, over a network."

It's true, if u check in the Microsoft official page, the release of this month is severity 10/10

Check this CVE:

MITRE CVE-2020-1256
"An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.
There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.
The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory."

I mean, is usually see this type of pages (pishing, scam) and in this points it's patched

Finally, this is the list of CVE patched:

  • CVE-2020-0664
  • CVE-2020-0856
  • CVE-2020-0875
  • CVE-2020-0914
  • CVE-2020-0921
  • CVE-2020-0928
  • CVE-2020-0941
  • CVE-2020-0989
  • CVE-2020-1031
  • CVE-2020-1033
  • CVE-2020-1083
  • CVE-2020-1091
  • CVE-2020-1097
  • CVE-2020-1119
  • CVE-2020-1193
  • CVE-2020-1210
  • CVE-2020-1218
  • CVE-2020-1224
  • CVE-2020-1250
  • CVE-2020-1256
  • CVE-2020-1332
  • CVE-2020-1335
  • CVE-2020-1338
  • CVE-2020-1589
  • CVE-2020-1592
  • CVE-2020-1594
  • CVE-2020-1596 *
  • CVE-2020-16851 *
  • CVE-2020-16852 *
  • CVE-2020-16853 *
  • CVE-2020-16854
  • CVE-2020-16855
  • CVE-2020-16879
  • CVE-2020-16884 *

this is not a complete list of CVEs for this release
clarifies Microsoft

So... What's your thinking about?
Sorry for my syntax's, but isn't my mother tongue.

PD: Windows 10 Security told: 'So good, it can block zero-days without being patched'

Bibliography

Top comments (0)