Don't miss a single vulnerability this Patch Tuesday. The latest patches and updates from Microsoft and multiple third-party applications can be found in October's Patch Tuesday Index below.
Automox Patch Tuesday expert Jay Goodman will be breaking down all of October's Patch Tuesday releases tomorrow, October 14, 2020. Register here so you can prioritize the patches for your environment and ask any question you may have.
Microsoft released 89 total vulnerabilities in October, with 11 earning the Critical rating. View the details of each CVE below for more information.
Updated Live. Last Update 1:04 PM EST October 13 2020.
![]() |
|||
Product |
Title
|
Identifier
|
Severity
|
Stable Channel Update for Desktop | Chrome 86.0.4240.75 contains a number of fixes and improvements including 35 security fixes. | Chrome 86.0.4240.75 | High |
![]() |
|||
Product |
Title
|
Identifier
|
Severity
|
Adobe InDesign | 1 Security Vulnerability fixed in Adobe Flash Player | APSB20-58 | Critical |
![]() |
|||
Product |
Title
|
Identifier
|
Severity
|
Microsoft Graphics Component | GDI+ Remote Code Execution Vulnerability | CVE-2020-16911 | Critical |
Microsoft Graphics Component | Microsoft Graphics Components Remote Code Execution Vulnerability | CVE-2020-16923 | Critical |
Microsoft Office | Microsoft Outlook Remote Code Execution Vulnerability | CVE-2020-16947 | Critical |
Microsoft Office SharePoint | Microsoft SharePoint Remote Code Execution Vulnerability | CVE-2020-16951 | Critical |
Microsoft Office SharePoint | Microsoft SharePoint Remote Code Execution Vulnerability | CVE-2020-16952 | Critical |
Microsoft Windows | Windows TCP/IP Remote Code Execution Vulnerability | CVE-2020-16898 | Critical |
Microsoft Windows Codecs Library | Windows Camera Codec Pack Remote Code Execution Vulnerability | CVE-2020-16967 | Critical |
Microsoft Windows Codecs Library | Windows Camera Codec Pack Remote Code Execution Vulnerability | CVE-2020-16968 | Critical |
3D Viewer | Base3D Remote Code Execution Vulnerability | CVE-2020-17003 | Critical |
Windows Hyper-V | Windows Hyper-V Remote Code Execution Vulnerability | CVE-2020-16891 | Critical |
Windows Media Player | Media Foundation Memory Corruption Vulnerability | CVE-2020-16915 | Critical |
.NET Framework | .NET Framework Information Disclosure Vulnerability | CVE-2020-16937 | High |
Azure | Azure Functions Elevation of Privilege Vulnerability | CVE-2020-16904 | High |
Azure | Network Watcher Agent virtual machine extension for Linux Elevation of Privilege Vulnerability | CVE-2020-16995 | High |
Group Policy | Group Policy Elevation of Privilege Vulnerability | CVE-2020-16939 | High |
Microsoft Dynamics | Dynamics 365 Commerce Elevation of Privilege Vulnerability | CVE-2020-16943 | High |
Microsoft Dynamics | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability | CVE-2020-16956 | High |
Microsoft Dynamics | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability | CVE-2020-16978 | High |
Microsoft Exchange Server | Microsoft Exchange Information Disclosure Vulnerability | CVE-2020-16969 | High |
Microsoft Graphics Component | Microsoft Graphics Components Remote Code Execution Vulnerability | CVE-2020-1167 | High |
Microsoft Graphics Component | Windows GDI+ Information Disclosure Vulnerability | CVE-2020-16914 | High |
Microsoft JET Database Engine | Jet Database Engine Remote Code Execution Vulnerability | CVE-2020-16925 | High |
Microsoft NTFS | Windows Kernel Information Disclosure Vulnerability | CVE-2020-16938 | High |
Microsoft Office | Base3D Remote Code Execution Vulnerability | CVE-2020-16918 | High |
Microsoft Office | Microsoft Office Click-to-Run Elevation of Privilege Vulnerability | CVE-2020-16928 | High |
Microsoft Office | Microsoft Excel Remote Code Execution Vulnerability | CVE-2020-16929 | High |
Microsoft Office | Microsoft Excel Remote Code Execution Vulnerability | CVE-2020-16930 | High |
Microsoft Office | Microsoft Excel Remote Code Execution Vulnerability | CVE-2020-16931 | High |
Microsoft Office | Microsoft Excel Remote Code Execution Vulnerability | CVE-2020-16932 | High |
Microsoft Office | Microsoft Word Security Feature Bypass Vulnerability | CVE-2020-16933 | High |
Microsoft Office | Microsoft Office Click-to-Run Elevation of Privilege Vulnerability | CVE-2020-16934 | High |
Microsoft Office | Microsoft Office Remote Code Execution Vulnerability | CVE-2020-16954 | High |
Microsoft Office | Microsoft Office Click-to-Run Elevation of Privilege Vulnerability | CVE-2020-16955 | High |
Microsoft Office | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | CVE-2020-16957 | High |
Microsoft Office SharePoint | Microsoft SharePoint Information Disclosure Vulnerability | CVE-2020-16941 | High |
Microsoft Office SharePoint | Microsoft SharePoint Information Disclosure Vulnerability | CVE-2020-16942 | High |
Microsoft Office SharePoint | Microsoft SharePoint Reflective XSS Vulnerability | CVE-2020-16944 | High |
Microsoft Office SharePoint | Microsoft Office SharePoint XSS Vulnerability | CVE-2020-16945 | High |
Microsoft Office SharePoint | Microsoft Office SharePoint XSS Vulnerability | CVE-2020-16946 | High |
Microsoft Office SharePoint | Microsoft SharePoint Information Disclosure Vulnerability | CVE-2020-16948 | High |
Microsoft Office SharePoint | Microsoft SharePoint Information Disclosure Vulnerability | CVE-2020-16950 | High |
Microsoft Office SharePoint | Microsoft SharePoint Information Disclosure Vulnerability | CVE-2020-16953 | High |
Microsoft Windows | Windows Storage Services Elevation of Privilege Vulnerability | CVE-2020-0764 | High |
Microsoft Windows | Windows Hyper-V Elevation of Privilege Vulnerability | CVE-2020-1080 | High |
Microsoft Windows | Windows Application Compatibility Client Library Elevation of Privilege Vulnerability | CVE-2020-16876 | High |
Microsoft Windows | Windows Elevation of Privilege Vulnerability | CVE-2020-16877 | High |
Microsoft Windows | Windows Storage VSP Driver Elevation of Privilege Vulnerability | CVE-2020-16885 | High |
Microsoft Windows | Windows Network Connections Service Elevation of Privilege Vulnerability | CVE-2020-16887 | High |
Microsoft Windows | Windows Error Reporting Manager Elevation of Privilege Vulnerability | CVE-2020-16895 | High |
Microsoft Windows | NetBT Information Disclosure Vulnerability | CVE-2020-16897 | High |
Microsoft Windows | Windows TCP/IP Denial of Service Vulnerability | CVE-2020-16899 | High |
Microsoft Windows | Windows Event System Elevation of Privilege Vulnerability | CVE-2020-16900 | High |
Microsoft Windows | Windows Kernel Information Disclosure Vulnerability | CVE-2020-16901 | High |
Microsoft Windows | Win32k Elevation of Privilege Vulnerability | CVE-2020-16907 | High |
Microsoft Windows | Windows Setup Elevation of Privilege Vulnerability | CVE-2020-16908 | High |
Microsoft Windows | Windows Error Reporting Elevation of Privilege Vulnerability | CVE-2020-16909 | High |
Microsoft Windows | Windows Backup Service Elevation of Privilege Vulnerability | CVE-2020-16912 | High |
Microsoft Windows | Windows Enterprise App Management Service Information Disclosure Vulnerability | CVE-2020-16919 | High |
Microsoft Windows | Windows Application Compatibility Client Library Elevation of Privilege Vulnerability | CVE-2020-16920 | High |
Microsoft Windows | Windows Text Services Framework Information Disclosure Vulnerability | CVE-2020-16921 | High |
Microsoft Windows | Windows Spoofing Vulnerability | CVE-2020-16922 | High |
Microsoft Windows | Jet Database Engine Remote Code Execution Vulnerability | CVE-2020-16924 | High |
Microsoft Windows | Windows COM Server Elevation of Privilege Vulnerability | CVE-2020-16935 | High |
Microsoft Windows | Windows Backup Service Elevation of Privilege Vulnerability | CVE-2020-16936 | High |
Microsoft Windows | Windows - User Profile Service Elevation of Privilege Vulnerability | CVE-2020-16940 | High |
Microsoft Windows | Windows Backup Service Elevation of Privilege Vulnerability | CVE-2020-16972 | High |
Microsoft Windows | Windows Backup Service Elevation of Privilege Vulnerability | CVE-2020-16973 | High |
Microsoft Windows | Windows Backup Service Elevation of Privilege Vulnerability | CVE-2020-16974 | High |
Microsoft Windows | Windows Backup Service Elevation of Privilege Vulnerability | CVE-2020-16975 | High |
Microsoft Windows | Windows Backup Service Elevation of Privilege Vulnerability | CVE-2020-16976 | High |
Microsoft Windows | Windows iSCSI Target Service Elevation of Privilege Vulnerability | CVE-2020-16980 | High |
PowerShellGet | PowerShellGet Module WDAC Security Feature Bypass Vulnerability | CVE-2020-16886 | High |
Visual Studio | Visual Studio Code Python Extension Remote Code Execution Vulnerability | CVE-2020-16977 | High |
Windows COM | Windows COM Server Elevation of Privilege Vulnerability | CVE-2020-16916 | High |
Windows Error Reporting | Windows Error Reporting Elevation of Privilege Vulnerability | CVE-2020-16905 | High |
Windows Hyper-V | Windows Hyper-V Denial of Service Vulnerability | CVE-2020-1243 | High |
Windows Hyper-V | Windows NAT Remote Code Execution Vulnerability | CVE-2020-16894 | High |
Windows Installer | Windows Installer Elevation of Privilege Vulnerability | CVE-2020-16902 | High |
Windows Kernel | Windows Hyper-V Elevation of Privilege Vulnerability | CVE-2020-1047 | High |
Windows Kernel | Windows KernelStream Information Disclosure Vulnerability | CVE-2020-16889 | High |
Windows Kernel | Windows Image Elevation of Privilege Vulnerability | CVE-2020-16892 | High |
Windows Kernel | Windows Security Feature Bypass Vulnerability | CVE-2020-16910 | High |
Windows Kernel | Win32k Elevation of Privilege Vulnerability | CVE-2020-16913 | High |
Windows RDP | Windows Remote Desktop Service Denial of Service Vulnerability | CVE-2020-16863 | High |
Windows RDP | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | CVE-2020-16896 | High |
Windows RDP | Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability | CVE-2020-16927 | High |
Windows Secure Kernel Mode | Windows Kernel Elevation of Privilege Vulnerability | CVE-2020-16890 | High |
Azure SDK | Azure SDK for Java Spoofing Vulnerability | CVE-2020-16971 | Medium |
Microsoft Office | Microsoft Outlook Denial of Service Vulnerability | CVE-2020-16949 | Medium |
About Automox
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.