PDQ.com mobilePDQ.com desktop
Support

September 2020 Patch Tuesday Vulnerabilities

Jordan Hammond
·

Time to secure your systems once again! To the delight of Sysadmins everywhere, the world of patching is not completely on fire for the first time in months. No zero days, no actively being exploited, none known before release. It is interesting how quickly you can adjust to 100+ exploits closed, 20+ of those being critical. I used to write these all aghast, with my fainting couch nearby, as I would talk about 3 digits of exploits and surely this is an outlier. Now look at me - talking about 129 CVE’s patched (23 critical)- and it feels like a big win that none of these had been publicly known or are being actively exploited.

Some Highlights (Or Lowlights)

CVE-2020-1252 - This one is a remote code execution bug that comes from how Windows handles memory. Some Jerk face could make an application, that if run, would allow them to take control of that system. Even creating new accounts that have full access.

CVE-2020-0908 - This is an exploit with the Windows Text Service Module. An attacker could create a website that is a user went to in Edge, and through that, get the ability to execute malicious code. This one would take some social engineering to get any type of access.

CVE-2020-1285 - This exploit is in Graphics Device Interface. It can be exploited through a file share or a corrupted website, but in both cases, it does require a user to interact with the bad file. If a user did click on such a file then the attacker would be able to run scripts or create a new user account with full access.

In Review

So here we are in our lull of doom. Breathe easy, laugh at the weak offering, maybe even dance for joy through the cubicles or front room, depending on where you are working from. Make sure you do still patch though. "Less critical" does not mean "no risk".

Check out last months Patch Tuesday

Ready to get started with PDQ Deploy & Inventory?

Take our 14-day Free Trial.
This round is on us!

Don't miss the next post!

(CVE-2020-1472) 'ZeroLogon' Vulnerability

The Zerologon Vulnerability Allows Attackers To Completely Take Over Your Domain Controller Without Credentials.

PDQ.com
© 2020 PDQ.com Corporation

Products

  • PDQ Deploy
  • PDQ Inventory
  • PDQ Link
  • Enterprise SL
  • Pricing
  • Downloads
  • Licensing
  • Buy