Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing

        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing

        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing

        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing

        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training

        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing

        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review

        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention

        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise

        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle

        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

I'VE BEEN BREACHED

Microsoft October 2020 Patch Tuesday Fixes 87 Security Bugs

Microsoft October 2020 Patch Tuesday Fixes 87 Security Bugs

Today is Microsoft’s October 2020 Patch Tuesday, and your Windows administrators will be pulling their hair out as they install new updates and try to fix bugs that pop up.

With the October 2020 Patch Tuesday security updates release, Microsoft has released fixes for 87 vulnerabilities in Microsoft products and an advisory about today’s Adobe Flash Player update.

Of the 87 vulnerabilities fixed today, 12 are classified as Critical, and 74 are classified as Important, and one as moderate.

For information about the non-security Windows updates, you can read about today’s Windows 10 KB4579311 & KB4577671 Cumulative Updates.

Also Read: Website Ownership Laws: Your Rights And What These Protect

Publicly disclosed vulnerabilities:

This month’s Patch Tuesday security updates include a whopping six publicly disclosed vulnerabilities. The good news is that Microsoft states that none of them have been seen publicly exploited.

One of the vulnerabilities, CVE-2020-16938, was found by security researcher Jonas L, who recently began disclosing vulnerabilities on Twitter after being frustrated by Microsoft’s bounty program.

  • CVE-2020-16938 – Windows Kernel Information Disclosure Vulnerability
  • CVE-2020-16885 – Windows Storage VSP Driver Elevation of Privilege Vulnerability
  • CVE-2020-16901 – Windows Kernel Information Disclosure Vulnerability
  • CVE-2020-16908 – Windows Setup Elevation of Privilege Vulnerability
  • CVE-2020-16909 – Windows Error Reporting Elevation of Privilege Vulnerability
  • CVE-2020-16937 – .NET Framework Information Disclosure Vulnerability

Microsoft has not disclosed who found the other five vulnerabilities.

Vulnerabilities of interest

While there were no zero-days this month, there were quite a few interesting vulnerabilities that can be exploited remotely.

Below are the more interesting Critical security vulnerabilities fixed today:

  • CVE-2020-16911 – GDI+ Remote Code Execution Vulnerability” lets attackers create specialty crafted websites that can execute commands with elevated privileges on the visitor’s computer.
  • CVE-2020-16947 – Microsoft Outlook Remote Code Execution Vulnerability” allows attackers to send specially crafted emails that can execute commands when opened in the Microsoft Outlook software.  This attack also works when an email is viewed in the preview pane.
  • CVE-2020-16898 – Windows TCP/IP Remote Code Execution Vulnerability” can be exploited by sending specially crafted ICMPv6 Router Advertisement packets to a remote Windows computer. If successful, it could allow a remote attacker to execute commands on the targeted computer.
  • CVE-2020-16891 – Windows Hyper-V Remote Code Execution Vulnerability” would allow an attacker, or malware, on a guest Hyper-V virtual machine to execute commands on the host operating system.
  • CVE-2020-16915 – Media Foundation Memory Corruption Vulnerability” can be exploited for remote code execution by tricking a user into visiting a malicious website.

Recent security updates from other companies

Other vendors who released security updates in October include:

The October 2020 Patch Tuesday Security Updates

Also Read: Computer Misuses Act Singapore: The Truth And Its Offenses

Below is the full list of resolved vulnerabilities and released advisories in the October 2020 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.

TagCVE IDCVE TitleSeverity
.NET FrameworkCVE-2020-16937.NET Framework Information Disclosure VulnerabilityImportant
Adobe Flash PlayerADV200012October 2020 Adobe Flash Security UpdateCritical
AzureCVE-2020-16995Network Watcher Agent Virtual Machine Extension for Linux Elevation of Privilege VulnerabilityImportant
AzureCVE-2020-16904Azure Functions Elevation of Privilege VulnerabilityImportant
Group PolicyCVE-2020-16939Group Policy Elevation of Privilege VulnerabilityImportant
Microsoft DynamicsCVE-2020-16978Microsoft Dynamics 365 (On-Premise) Cross Site Scripting VulnerabilityImportant
Microsoft DynamicsCVE-2020-16956Microsoft Dynamics 365 (On-Premise) Cross Site Scripting VulnerabilityImportant
Microsoft DynamicsCVE-2020-16943Dynamics 365 Commerce Elevation of Privilege VulnerabilityImportant
Microsoft Exchange ServerCVE-2020-16969Microsoft Exchange Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-16911GDI+ Remote Code Execution VulnerabilityCritical
Microsoft Graphics ComponentCVE-2020-16914Windows GDI+ Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-16923Microsoft Graphics Components Remote Code Execution VulnerabilityCritical
Microsoft Graphics ComponentCVE-2020-1167Microsoft Graphics Components Remote Code Execution VulnerabilityImportant
Microsoft NTFSCVE-2020-16938Windows Kernel Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2020-16933Microsoft Word Security Feature Bypass VulnerabilityImportant
Microsoft OfficeCVE-2020-16929Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-16934Microsoft Office Click-to-Run Elevation of Privilege VulnerabilityImportant
Microsoft OfficeCVE-2020-16932Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-16930Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-16955Microsoft Office Click-to-Run Elevation of Privilege VulnerabilityImportant
Microsoft OfficeCVE-2020-16928Microsoft Office Click-to-Run Elevation of Privilege VulnerabilityImportant
Microsoft OfficeCVE-2020-16957Microsoft Office Access Connectivity Engine Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-16918Base3D Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-16949Microsoft Outlook Denial of Service VulnerabilityModerate
Microsoft OfficeCVE-2020-16947Microsoft Outlook Remote Code Execution VulnerabilityCritical
Microsoft OfficeCVE-2020-16931Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-16954Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-17003Base3D Remote Code Execution VulnerabilityCritical
Microsoft Office SharePointCVE-2020-16948Microsoft SharePoint Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2020-16953Microsoft SharePoint Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2020-16942Microsoft SharePoint Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2020-16951Microsoft SharePoint Remote Code Execution VulnerabilityCritical
Microsoft Office SharePointCVE-2020-16944Microsoft SharePoint Reflective XSS VulnerabilityImportant
Microsoft Office SharePointCVE-2020-16945Microsoft Office SharePoint XSS VulnerabilityImportant
Microsoft Office SharePointCVE-2020-16946Microsoft Office SharePoint XSS VulnerabilityImportant
Microsoft Office SharePointCVE-2020-16941Microsoft SharePoint Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2020-16950Microsoft SharePoint Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2020-16952Microsoft SharePoint Remote Code Execution VulnerabilityCritical
Microsoft WindowsCVE-2020-16900Windows Event System Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-16901Windows Kernel Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-16899Windows TCP/IP Denial of Service VulnerabilityImportant
Microsoft WindowsCVE-2020-16908Windows Setup Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-16909Windows Error Reporting Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-16912Windows Backup Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-16940Windows – User Profile Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-16907Win32k Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-16936Windows Backup Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-16898Windows TCP/IP Remote Code Execution VulnerabilityCritical
Microsoft WindowsCVE-2020-16897NetBT Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-16895Windows Error Reporting Manager Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-16919Windows Enterprise App Management Service Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-16921Windows Text Services Framework Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-16920Windows Application Compatibility Client Library Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-16972Windows Backup Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-16877Windows Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-16876Windows Application Compatibility Client Library Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-16975Windows Backup Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-16973Windows Backup Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-16974Windows Backup Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-16922Windows Spoofing VulnerabilityImportant
Microsoft WindowsCVE-2020-0764Windows Storage Services Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-16980Windows iSCSI Target Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-1080Windows Hyper-V Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-16887Windows Network Connections Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-16885Windows Storage VSP Driver Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-16924Jet Database Engine Remote Code Execution VulnerabilityImportant
Microsoft WindowsCVE-2020-16976Windows Backup Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-16935Windows COM Server Elevation of Privilege VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2020-16967Windows Camera Codec Pack Remote Code Execution VulnerabilityCritical
Microsoft Windows Codecs LibraryCVE-2020-16968Windows Camera Codec Pack Remote Code Execution VulnerabilityCritical
PowerShellGetCVE-2020-16886PowerShellGet Module WDAC Security Feature Bypass VulnerabilityImportant
Visual StudioCVE-2020-16977Visual Studio Code Python Extension Remote Code Execution VulnerabilityImportant
Windows COMCVE-2020-16916Windows COM Server Elevation of Privilege VulnerabilityImportant
Windows Error ReportingCVE-2020-16905Windows Error Reporting Elevation of Privilege VulnerabilityImportant
Windows Hyper-VCVE-2020-16894Windows NAT Remote Code Execution VulnerabilityImportant
Windows Hyper-VCVE-2020-1243Windows Hyper-V Denial of Service VulnerabilityImportant
Windows Hyper-VCVE-2020-16891Windows Hyper-V Remote Code Execution VulnerabilityCritical
Windows InstallerCVE-2020-16902Windows Installer Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2020-16889Windows KernelStream Information Disclosure VulnerabilityImportant
Windows KernelCVE-2020-16892Windows Image Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2020-16913Win32k Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2020-1047Windows Hyper-V Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2020-16910Windows Security Feature Bypass VulnerabilityImportant
Windows Media PlayerCVE-2020-16915Media Foundation Memory Corruption VulnerabilityCritical
Windows RDPCVE-2020-16863Windows Remote Desktop Service Denial of Service VulnerabilityImportant
Windows RDPCVE-2020-16927Windows Remote Desktop Protocol (RDP) Denial of Service VulnerabilityImportant
Windows RDPCVE-2020-16896Windows Remote Desktop Protocol (RDP) Information Disclosure VulnerabilityImportant
Windows Secure Kernel ModeCVE-2020-16890Windows Kernel Elevation of Privilege VulnerabilityImportant

0 Comments

Let us help you out.

Grab your free consultation NOW!

Privacy Ninja

Data Protection​

Cybersecurity

Support

Company

Locations

Singapore

7 Temasek Boulevard
#12-07, Suntec Tower One
Singapore 038987

Thailand

The Royal Place 1
2, 2/399 Mahatlek Luang 1 Alley, Lumphini, Pathum Wan, Bangkok 10330, Thailand



email-icon
Facebook Twitter Linkedin Youtube

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
TALK TO US
×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

× Chat with us