Skip to main content
SolarWinds MSP
  • Login
  • Support
  • Partnerships
    • Partnerships Overview
    • Solution Provider Program
    • Technology Alliance Program
    • Distributor Program
SolarWinds MSP
  • Products
    • Monitoring & Management
    • N-central Automate. Tackle complex networks. Get remote monitoring and management built for efficiency and scale.
    • RMM Start fast. Grow at your own pace. Try this powerful but easy remote monitoring and management solution.
    • Backup
    • Backup Get data protection for servers, workstations, applications, documents, and Microsoft 365 from one dashboard.
    • Security
    • EDR Defend against ransomware, zero-day attacks, and evolving threats with endpoint detection and response.
    • Mail Assure Leverage mail protection and archiving to keep your users safe from email threats and downtime.
    • Passportal Adopt and enforce best practices for password and documentation management with ease.
    • Tools & Services
    • MSP Manager Increase helpdesk efficiency with a robust PSA, ticketing, reporting, and billing management solution.
    • Take Control Help support customers and their devices with remote support tools designed to be fast and powerful.
    • View All
  • Solutions

    Solutions

    • Security Protect your customers and expand your business by offering layered security services without the complexity.
    • Monitoring Choose the right remote monitoring and management solution to meet you where you are and grow with you.
    • Operational Efficiency Boost profits by improving efficiency via automation, resources and training, and time-saving products.
    • IT Departments Keep your organization productive by easily managing IT from a single, easy-to-use, web-based dashboard.
    • Remote Monitoring Solutions Comparison Compare SolarWinds RMM and N-central side by side. Sign up to talk to a specialist to find the right fit.
    • View All
  • Resources
    • Download
    • Resource Library
    • Product Information
    • Free Tools
    • Learn
    • MSP Institute Webinar Series
    • Daily Live Demos
    • MSP Advice Project
    • Ask the N-central Experts
    • Upcoming Webcasts
    • Connect
    • Blog
    • Security Resource Center
    • Events
    • RMM Foundations Training
  • About
    • Company
    • About Us
    • Leadership
    • Careers
    • News & Press
    • Awards & Recognition
    • Support & Policies
    • Customer Success
    • Customer Support
    • Legal
    • Security
    • Get in Touch
    • Contact
    • Get a Quote
    • Worldwide Sales & Support
  • IT Departments
  • Contact Sales
    • Contact Sales
    • General Inquiry
    • Get a Quote
    • Worldwide Sales & Support
    • Talk to Specialist
    • Security Solutions
    • Monitoring Solutions
    • Operational Efficiency
  • Try Now
    • Monitoring & Management
    • N-central
    • RMM
    • Backup
    • Security
    • EDR
    • Mail Assure
    • Passportal
    • Tools & Services
    • MSP Manager
    • Take Control
  • Request a Quote
  • Try Now
    • SolarWinds RMM
    • SolarWinds N-central
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Mail Assure
    • SolarWinds Passportal
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
Request quote
Filter Blogs
  • Filter by:
  • MSP Business
    • Automation
    • Backup & Disaster Recovery
    • Security-series
    • Best Practices
    • Business
    • Business Growth
    • Business Risk
    • Cloud Computing
    • Customer Service
    • Cybersecurity
    • Cybersecurity Awareness Month
    • Data
    • GDPR
    • Internet of Things
    • IT Support
    • ITSM
    • LOGICcards
    • Machine Learning
    • Mail
    • Managed Services
    • Marketing
    • Mobile
    • Networking
    • Operations
    • Podcast
    • Product
    • PSA
    • Remote Management
    • Research & Trends
    • Risk Intelligence
    • Security
    • Security Vlog
    • Service Desk
    • Services & Support
    • The Head Nerds
    • Tips & Advice
    • Training
Home Blog MSP Business Security September 2020 Patch Tuesday—A Higher Count of Critical Vulnerabilities
Security

September 2020 Patch Tuesday—A Higher Count of Critical Vulnerabilities

By Gill Langston
9 September, 2020

As we head into September, Microsoft fixed another large chunk of vulnerabilities this month. While none of the “Critical” vulnerabilities appear to be under active attack (at the time of review), there is a higher count of vulnerabilities Microsoft has chosen to label as “Critical”—at least in comparison to the last few months. Additionally, most vulnerabilities are marked as “Important,” with only a handful listed and “Low” or “Moderate.” All in all, there are 129 vulnerabilities fixed this month, with 23 marked “Critical” and 105 as “Important.” For September, Microsoft has listed all the “Critical” vulnerabilities as “Exploitation Less Likely.” We’ll also review a couple of “Important” fixes to pay attention to as well.

Operating systems

CVE-2020-0908 is a Windows Text Service Module Remote Code Execution Vulnerability that would allow an attacker to execute code on a target system if a user accessed a malicious website through standard attack vectors (link in instant message, email, or an attachment). This vulnerability affects Windows 10 (versions 1609-current) and all corresponding Server versions.

Microsoft COM for Windows Remote Code Execution Vulnerability: CVE-2020-0922 would grant an attacker full rights to a system if the user was tricked into accessing a specially crafted image file. This vulnerability affects Windows 7 up to the current version of Windows 10, including the corresponding Server and Core versions.

CVE-202-0997 is a Windows Camera Codec Pack Remote Code Execution Vulnerability that would grant an attacker the same rights as the logged-on user. The user would have to open a specially crafted file with the Windows Camera Codec Pack, which is unlikely. 

There are two vulnerabilities this month with the name Microsoft Windows Codecs Library Remote Code Execution Vulnerability. CVE-2020-1129 and CVE-2020-1319 have similar descriptions, granting the attacker full control over the system if the user accessed a malicious image file. These vulnerabilities affect all Windows 10 versions, including Server.

CVE-2020-1252 is a Windows Remote Code Execution Vulnerability that affects Windows 8.1 up to the current version of Windows 10, including the corresponding Server versions. If the attacker tricked the user into running an application, they’d gain full control over the system.

There are also two Windows Media Audio Decoder Remote Code Execution Vulnerability fixes this month, listed as CVE-2020-1508, and CVE-2020-1593. If a user opened a malicious webpage, the attacker would gain full control over the system. 

Browsers

CVE-2020-0878 is listed as Microsoft Browser Memory Corruption Vulnerability, and affects Internet Explorer 11, Internet Explorer 9, and the Edge-HTML version of Microsoft Edge browsers. If a user visited a malicious webpage, the attacker could gain the same rights as the user on the affected machine.

The last two browser vulnerabilities have the same description. CVE-2020-1057 and CVE-2020-1172 are titled Scripting Engine Memory Corruption Vulnerability, and would also give the attacker the same rights as the logged-on user. You can find these vulnerabilities in the Edge-HTML version of Microsoft Edge on all operating systems that support the Edge browser.

Other applications

There are a larger than usual amount of vulnerabilities in SharePoint this month, so you should give your SharePoint servers extra attention in your update cycles. Generally, when a group of vulnerabilities are found in a certain application, it’s enticing to bad actors and they may work quickly to develop exploits.

There are five vulnerabilities with the same title and description of Microsoft SharePoint Remote Code Execution Vulnerability. CVE-2020-1452, CVE-2020-1453, CVE-2020-1200, CVE-2020-1210, and CVE-2020-1576 are all issues in SharePoint’s source markup check against application packages that are uploaded to SharePoint. If a malicious user were to upload a specially crafted application package, it would run in the context of the application pool on the system, giving the attacker the ability to execute code. These vulnerabilities affect SharePoint Enterprise 2013 and 2016, SharePoint Foundation 2010 and 2013, and SharePoint 2019.

There are two more vulnerabilities in SharePoint as well this month. CVE-2020-1460 is a Microsoft SharePoint Server Remote Code Execution Vulnerability in ASP.Net that would allow a page to run in the application pool context if the user created and invoked a page on the SharePoint Server. CVE-2020-1595 is an API vulnerability that would allow the attacker to run code on the system if they submitted a malicious API request.

CVE-2020-16875 is a Microsoft Exchange Memory Corruption Vulnerability that would allow an attacker to execute code on Exchange 2016 (CU 16 and 17) and 2019 (CU 5 and 6) by sending a specially crafted email.

There are two Microsoft Dynamics vulnerabilities this month as well. CVE-2020-16857 is a Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability. This vulnerability would require an authenticated attacker to upload a file to the Dynamics server to execute code on Microsoft Dynamics server version 10.0.11. The other vulnerability, CVE-2020-16862 is a Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability that would allow an authenticated attacker to upload a specially crafted file that would run in the context of the SQL Server account that services the Dynamics server on version 9.0 of Dynamics 365.

Our final “Critical” vulnerability in this batch is a Visual Studio Remote Code Execution Vulnerability listed as CVE-2020-16874. This vulnerability would grant an attacker the same rights as a logged-on user, if that user was tricked into opening a file with Visual Studio 2012, 2013, 2017, or 2019.

Other notable vulnerabilities

Occasionally, as I sift through the vulnerabilities fixed in each Patch Tuesday release, I find a few issues that are not listed as “Critical,” but still warrant some attention. While all the vulnerabilities so far are listed as “Exploitation Less Likely,” I did see one “Important” vulnerability that Microsoft labeled as “Exploitation More Likely.” CVE-2020-0664 is an Active Directory Information Disclosure Vulnerability in the DNS component of Active Directory. If an attacker submitted a properly formed DNS request, they could uncover information about the system that might allow them to perform follow up attacks with other vulnerabilities. In fact, I saw several “Important” vulnerabilities in Active Directory this month, so while they’re not on the “Critical” list, you may want to ensure you prioritize Active Directory servers under your care, as these are prize trophies to a bad actor who’s looking to gather intel about your environment or use it as a jumping-off point to other systems in your network.

Summary

As I mentioned at the beginning of this article, there are no “emergency” vulnerabilities this month at the time of this writing, so the guidance is to ensure you’re addressing the workstation devices on their normal patch schedule (to address operating system and browser vulnerabilities), and servers on their next available maintenance window. Make sure your Active Directory servers are highest priority on the server front. If you’re running on-premises Exchange or SharePoint, they should be next on your list. 

On another note, several of this month’s vulnerabilities are privilege-specific, meaning that users who do not have administrative rights pose less of a risk than a user with full rights to a system. As is best practice, it’s a good idea to audit the rights you allow your users to have on workstation systems. While it’s more convenient to simply make them administrators, limiting their rights on workstations can reduce the risk when they inevitably click on that link or visit a malicious webpage.

As always, stay safe out there!

 

Gill Langston is head security nerd for SolarWinds MSP. You can follow Gill on Twitter at @cybersec_nerd

You might also like...
Security

February 2021 Patch Tuesday: Many “Exploitation More Likely” and an update to a Netlogon fix from last year

Automation

What the Head Nerds Were Up to in 2020

Security

January 2021 Patch Tuesday: One Actively Exploited Vulnerability and a Few Likely to Be

Security

December 2020 Patch Tuesday—A quiet(er) finish to a busy year in vulnerabilities

Security

National Computer Security Day—It’s Not Just About the Computer Anymore

Security

November 2020 Patch Tuesday Update: 111 CVE Numbers Addressed

Want to stay up to date?

Get the latest MSP tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a subscription.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site

Recent Posts
  • Three things I learned working for an MSP
  • Earning word-of-mouth referrals for your IT business
  • Backup automation part 1: Deploying backup devices
  • Ultimate Guide: MySQL Backup
  • Most common automation requests and how to solve them: Ep 2
Categories:
  • Security (240)
  • Tips & Advice (130)
  • Best Practices (97)
  • Backup & Disaster Recovery (96)
  • Managed Services (89)
  • The Head Nerds (82)
  • Business Growth (79)
  • IT Support (43)
  • Business (41)
  • Automation (40)
  • Operations (38)
  • Cybersecurity (37)
  • Mail (33)
  • Remote Management (30)
  • ITSM (26)
  • Networking (22)
  • Cloud Computing (21)
  • Data (21)
  • Marketing (15)
  • PSA (13)
  • Product (11)
  • Service Desk (6)
  • Services & Support (5)
  • Mobile (4)
  • Risk Intelligence (4)
  • GDPR (3)
  • Internet of Things (3)
  • Customer Service (3)
  • Research & Trends (2)
  • Training (2)
  • Business Risk (1)
  • LOGICcards (1)
  • Cybersecurity Awareness Month (1)
Show moreless
SolarWinds MSP

Products
  • SolarWinds RMM
  • SolarWinds N-central
  • SolarWinds Backup
  • SolarWinds EDR
  • SolarWinds MSP Manager
  • SolarWinds Mail Assure
  • SolarWinds Risk Intelligence
  • SolarWinds Take Control
  • SolarWinds Passportal
  • All Products Use Cases
Solutions
  • Security Solutions
  • Monitoring Solutions
  • Efficiency Solutions
  • Identify which RMM solution is right for me
  • Drive Efficiency with Automation
  • Manage my MSP Business More Efficiently
  • Manage my IT Department More Efficiently
  • Layered Security
  • Cross-Platform Support
  • Data-Driven Insights
About
  • About Us
  • Careers
  • Newsroom
  • Leadership Team
  • Upcoming Events
  • Subscription Preferences
  • SolarWinds
  • SolarWinds Trust Center
  • COVID-19 Response
Support
  • SolarWinds RMM
  • Solarwinds N-central
  • SolarWinds Backup
  • SolarWinds Mail Assure
  • SolarWinds Take Control
  • SolarWinds MSP Manager
  • Solarwinds Risk Intelligence
  • Solarwinds Threat Monitor
  • SolarWinds Passportal
  • SolarWinds Take Control Downloads
  • Backup & Recovery Downloads
  • Service Status

Footer 2

  • Legal Documents
  • Privacy
  • California Privacy Rights
  • Security Information
  • Sitemap

© SolarWinds MSP Canada ULC and SolarWinds MSP UK Ltd.
All Rights Reserved.