Skip to main content
SolarWinds MSP
  • Login
  • Support
  • Partnerships
    • Partnerships Overview
    • Solution Provider Program
    • Technology Alliance Program
    • Distributor Program
SolarWinds MSP
  • Products
    • SolarWinds N-central Automate what you need. Tackle complex networks. Try this remote monitoring and management solution built to help maximize efficiency and scale.
    • SolarWinds RMM Start fast. Grow at your own pace. Try this powerful but simple remote monitoring and management solution.
    • SolarWinds EDR Defend against ransomware, zero-day attacks, and evolving online threats with Endpoint Detection and Response
    • SolarWinds Backup Manage data protection for servers, workstations applications, documents and Microsoft 365 from one SaaS dashboard.
    • Mail Protection & Archiving Protect users from email threats and downtime.
    • Password Management Easily adopt and demonstrate best practice password and documentation management workflows.
      • Passportal Demo
    • PSA & Ticketing Manage ticketing, reporting, and billing to increase helpdesk efficiency.
    • Remote Support Help support customers and their devices with remote support tools designed to be fast and powerful.
  • Solutions

    I'm looking for...

    • Security Solutions
    • Monitoring Solutions
    • Efficiency Solutions
  • Resources
    • Blog
    • Webcasts & Events
    • Ask the N-central Experts
    • Daily Live Demos
    • RMM Foundations Training
    • Upcoming Events
    • Upcoming Webcasts
    • Resource Center
    • COVID-19 Resources
    • Resource Library
      • Case Studies
      • Product Information
      • eBooks
      • White Papers
      • Infographics
    • SolarWinds MSP Free Tools
    • GDPR Resource Center
    • Security Resource Center
    • MSP Institute Webinar Series
    • MSP Advice Project
  • About
    • Contact
    • Customer Success
    • Worldwide sales and support
    • Careers
    • Awards and Recognition
    • Get A Quote
    • Newsroom
      • Press Releases
      • In The News
      • Media Contacts
      • COVID-19 Response
    • Leadership Team
    • Legal
      • Cookie Policy
      • Privacy Notice
      • Software Services Agreement
      • Terms of Use
      • Backup Fair Use Policy
    • Security
      • SolarWinds Security Statement
      • Vendor Data Protection Requirements
    • Support
  • IT Departments
  • Contact Sales
    • Get A Quote
    • General Inquiry
  • TRY NOW
    • SolarWinds RMM
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Passportal
    • SolarWinds N-central
    • SolarWinds Mail Assure
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
  • Request a Quote
  • Try Now
    • SolarWinds RMM
    • SolarWinds N-central
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Mail Assure
    • SolarWinds Passportal
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
Request quote
Filter Blogs
  • Filter by:
  • MSP Business
    • Automation
    • Backup & Disaster Recovery
    • Security-series
    • Best Practices
    • Business
    • Business Growth
    • Business Risk
    • Cloud Computing
    • Customer Service
    • Cybersecurity
    • Cybersecurity Awareness Month
    • Data
    • GDPR
    • Internet of Things
    • IT Support
    • ITSM
    • LOGICcards
    • Machine Learning
    • Mail
    • Managed Services
    • Marketing
    • Mobile
    • Networking
    • Operations
    • Podcast
    • Product
    • PSA
    • Remote Management
    • Research & Trends
    • Risk Intelligence
    • Security
    • Security Vlog
    • Service Desk
    • Services & Support
    • The Head Nerds
    • Tips & Advice
    • Training
Home Blog MSP Business Security October 2020 Patch Tuesday—Smaller than usual, but some systems need patching now
Security

October 2020 Patch Tuesday—Smaller than usual, but some systems need patching now

By Gill Langston
14 October, 2020

This October Patch Tuesday is the first batch this year that fixes less than 100 vulnerabilities. But don’t be fooled by that, as there are several in this group that do warrant your attention. This month Microsoft fixed a total of 88 vulnerabilities, with 11 marked as “Critical,” and the rest “Important” with one “Moderate” exception. Pay special attention to the “Important” ones I cover this month, as many of them are listed as “Exploitation More Likely” and will be in the priority list. While there are no active attacks according to Microsoft, there is a high likelihood some may appear soon for several of these.  First, we’ll review the “Critical” section.

Critical

Operating Systems

The first one we need to pay attention to is the Windows TCP/IP Remote Code Execution Vulnerability that immediately jumped out at me as a concern. CVE-2020-16898 is listed as “Exploitation More Likely.” It especially concerning because an attacker could send a ICMPv6 Router Advertisement Packet to a server and, if successful, would allow the attacker to execute code on the target system. Any system that is internet facing should get the highest priority this month, as it is only a matter of time until bad actors use this vulnerability (along with the Denial of Service vulnerability we cover later on).

This vulnerability affects Windows 10 1709 up to the current version, including Server and Server Core versions. It has a CVSS score of 9.8, so this should be your highest priority this month.

CVE-2020-16891 is a Windows Hyper-V Remote Code Execution Vulnerability that would allow an attacker to force the host machine to run code from a guest operating system on that host. This is generally known as a Hyper-V escape vulnerability, because the attacker can escape the bounds of the guest operating system up to the host. It affects Windows 7 up to the current version of Windows 10, and includes Server 2008, R2, 2012, 2016, 2019, and Server version 1903-2004.

The Media Foundation Memory Corruption Vulnerability labeled as CVE-2020-16915 is listed as “Exploitation Less Likely.” If a user opened a document or visited a malicious webpage, the attacker could gain full rights to the system. It affects Windows 10 1607 to current, including corresponding Server versions.

CVE-2020-16911 is a GDI+ Remote Code Execution Vulnerability that is privilege dependent, meaning a user with admin rights would have more impact that a non-admin user if they clicked on a malicious link or opened a document. It is listed as “Exploitation Less Likely.”

There are two vulnerabilities titled Windows Camera Codec Pack Remote Code Execution Vulnerability. CVE-2020-16967 and CVE-2020-16968 are both listed as “Exploitation Less Likely,” but would grant the attacker the same rights as the user who opened a specially crafted file with the Codec Pack. It affects all supported Windows 10 workstation operating systems.

This final operating system vulnerability is CVE-2020-16923. The Microsoft Graphics Components Remote Code Execution Vulnerability would grant full access to an attacker if the user opened a specially crafted image file. It affects Windows 7 up to the current version of Windows 10, including corresponding Server versions.

Oddly enough, there were no browser fixes in this month’s batch for Internet Explorer or Edge. Perhaps next month we will see more?  

Other Applications

The other “Critical” vulnerabilities are found in Office, SharePoint, Base3D, and in Adobe Flash.

CVE-2020-16947 is a Microsoft Outlook Remote Code Execution Vulnerability that would grant an attacker the same rights as the user. This vulnerability is especially concerning because it affects the preview pane in Outlook, meaning the user would not even have to open the malicious file that was attached if the preview pane feature is active in Outlook. Microsoft lists this one as “Exploitation Less Likely.”

There are two vulnerabilities with the title Microsoft SharePoint Remote Code Execution Vulnerability, and they are listed as CVE-2020-16951 and CVE-2020-16952. They are source markup check vulnerabilities that would require a user to upload an application package to an affected SharePoint server and would allow them to execute code on the server. They affect SharePoint 2013 SP1, SharePoint Enterprise Server 2016, and SharePoint Server 2019, and are listed as “Exploitation Less Likely.”

CVE-2020-17003 is a Base3D Remote Code Execution Vulnerability listed as “Exploitation Less Likely.” It is a memory handling issue in the Base3D rendering engine in Windows.

The final “Critical” is ADV200012 -October 2020 Adobe Flash Security Update, which addresses a vulnerability published in APSB20-58 on Adobe’s site for Adobe Flash. It can be installed using the Windows update supplied in the article for Windows 8.1 up to current version of Windows 10 including Server versions.

Not “Critical” but Really “Important”

Recently, Microsoft released a new version of the Security Update Guide in preview. This guide is what I use to review and sort the fixed vulnerabilities in this blog. This newly designed version will allow me to filter on some of the information I had to dig deeper into the data to find previously; this is great news.  You can get a preview of this format at https://msrc.microsoft.com/update-guide/. Using this new guide, I can more easily uncover the “Important” vulnerabilities that are actually listed as “Exploitation More Likely.” Even though they are not listed as “Critical” they warrant special attention, as sometimes these vulnerabilities end up exploited quickly, and while they may not all be “Remote Code Execution,” bad actors many times use these vulnerabilities after gaining an initial foothold for follow-on or chained attacks. Let’s review them here.

CVE-2020-16899 is a Windows TCP/IP Denial of Service Vulnerability that is similar to the first TCP/IP vulnerability we reviewed in this article. It has the same attack vector but would only result in a Denial of Service instead of Remote Code Execution. Microsoft suggests a workaround of disabling ICMPv6 RDNSS if possible, and the instructions to do so are listed in the linked article. 

CVE-2020-16907 and CVE-2020-16913 are both titled Win32k Elevation of Privilege Vulnerability. This is a kernel driver memory handling vulnerability that would require an attacker to log on to a system. A successful exploit would allow an attacker to execute code on the system. They affect Windows 10 up to current version, including Server operating systems.

There is a Windows Spoofing Vulnerability fix for CVE-2020-16922 that affects Windows 7 up to current Windows 10 versions, including Server. This is a security feature bypass that would allow an attacker to load improperly signed files on a system. 

This final one in this review is CVE-2020-16896 and is a Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability that would allow an attacker to send a specially crafted packet to an RDP server. The response could unintentionally disclose information about the system that would allow an attacker to further compromise the system. Microsoft gives workarounds of disabling RDP if it is not needed, or enabling Network Level Authentication on the server. 

As always, avoid exposing RDP on the Internet wherever possible. It is incredibly easy to discover available and responding RDP server with services like Shodan or other scanners. In my opinion, if you are simply exposing RDP to the internet without additional security in place, you are at a high risk for attack.

Summary

While this month’s batch was lighter than usual, there are some real attention getters here.  I recommend addressing the Windows TCP/IP vulnerabilities first, with highest priority on any Internet-facing systems. Then get those RDP servers patched, since Remote Desktop seems to be one of the most popular attack vectors these days. Next, turn your focus towards patching your Hyper-V systems, and then patching workstations (especially those running Outlook), and finally your SharePoint servers (which by now should be a regular part of your routine considering the volume of SharePoint vulnerabilities fixed this year). 

We will keep our ears to the ground on the TCP/IP vulnerabilities and update you if we start to see attacks leveraging these vulnerabilities.

As always, let’s stay safe out there! 

 

Gill Langston is head security nerd for SolarWinds MSP. You can follow Gill on Twitter at @cybersec_nerd

 

You might also like...
Automation

What the Head Nerds Were Up to in 2020

Security

January 2021 Patch Tuesday: One Actively Exploited Vulnerability and a Few Likely to Be

Security

December 2020 Patch Tuesday—A quiet(er) finish to a busy year in vulnerabilities

Security

National Computer Security Day—It’s Not Just About the Computer Anymore

Security

November 2020 Patch Tuesday Update: 111 CVE Numbers Addressed

Security

US-CERT Releases Warning to Healthcare Organizations about Elevated Ransomware Risks

Want to stay up to date?

Get the latest MSP tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a subscription.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site

Recent Posts
  • What the Head Nerds Were Up to in 2020
  • RMM and PSA Tools: How to Make the Most of Both
  • How to Empower an IT Help Desk Team for Success
  • Six Tips That Will Make Managing Your MSP Company Easier
  • January 2021 Patch Tuesday: One Actively Exploited Vulnerability and a Few Likely to Be
Categories:
  • Security (230)
  • Tips & Advice (122)
  • Best Practices (94)
  • Managed Services (86)
  • Backup & Disaster Recovery (83)
  • The Head Nerds (75)
  • Business Growth (75)
  • IT Support (42)
  • Business (39)
  • Automation (37)
  • Cybersecurity (37)
  • Operations (34)
  • Mail (33)
  • Remote Management (28)
  • ITSM (25)
  • Data (21)
  • Cloud Computing (21)
  • Networking (21)
  • Marketing (14)
  • PSA (11)
  • Product (11)
  • Services & Support (5)
  • Service Desk (5)
  • Mobile (4)
  • Risk Intelligence (4)
  • Internet of Things (3)
  • Customer Service (3)
  • GDPR (2)
  • Research & Trends (2)
  • Training (2)
  • Business Risk (1)
  • LOGICcards (1)
Show moreless
SolarWinds MSP

Products
  • SolarWinds RMM
  • SolarWinds N-central
  • SolarWinds Backup
  • SolarWinds EDR
  • SolarWinds MSP Manager
  • SolarWinds Mail Assure
  • SolarWinds Risk Intelligence
  • SolarWinds Take Control
  • SolarWinds Passportal
  • All Products Use Cases
Solutions
  • Security Solutions
  • Monitoring Solutions
  • Efficiency Solutions
  • Identify which RMM solution is right for me
  • Drive Efficiency with Automation
  • Manage my MSP Business More Efficiently
  • Manage my IT Department More Efficiently
  • Layered Security
  • Cross-Platform Support
  • Data-Driven Insights
About
  • About Us
  • Careers
  • Newsroom
  • Leadership Team
  • Upcoming Events
  • Subscription Preferences
  • SolarWinds
  • SolarWinds Trust Center
  • COVID-19 Response
Support
  • SolarWinds RMM
  • Solarwinds N-central
  • SolarWinds Backup
  • SolarWinds Mail Assure
  • SolarWinds Take Control
  • SolarWinds MSP Manager
  • Solarwinds Risk Intelligence
  • Solarwinds Threat Monitor
  • SolarWinds Passportal
  • SolarWinds Take Control Downloads
  • Backup & Recovery Downloads
  • Service Status

Footer 2

  • Legal Documents
  • Privacy
  • California Privacy Rights
  • Security Information
  • Sitemap

© SolarWinds MSP Canada ULC and SolarWinds MSP UK Ltd.
All Rights Reserved.