BY: Mr. Satnam Narang, Staff Research Engineer at Tenable
Microsoft patched 87 CVEs in the October 2020 Patch Tuesday release, including 11 CVEs rated critical. This release follows seven consecutive months of over 100 CVEs patched, in what has been an unusually busy year for Microsoft Patch Tuesday updates.
This month’s Patch Tuesday includes fixes for 87 CVEs, 11 of which are rated critical. This marks the first time since February that Microsoft patched less than 100 CVEs. The most critical vulnerability in this month’s release is CVE-2020-16898, a remote code execution vulnerability in the Windows TCP/IP stack. Dubbed “Bad Neighbor” by researchers at McAfee, the flaw occurs because Windows TCP/IP stack does not properly handle ICMPv6 Router Advertisement packets.
To exploit this vulnerability, an attacker would need to send a malicious ICMPv6 Router Advertisement to their targeted Windows machine. It received a CVSSv3 score of 9.8, the highest score assigned to any vulnerability in this month’s release. Microsoft also patched CVE-2020-16899, a denial of service vulnerability in the Windows TCP/IP stack. Both vulnerabilities were discovered internally by Microsoft and are rated as ‘Exploitation More Likely,’ according to Microsoft’s Exploitability Index. Microsoft also addressed CVE-2020-16896, an information disclosure vulnerability in Windows Remote Desktop Protocol.
While the vulnerability is rated as ‘Important’ and received a CVSSv3 score of 7.5, Microsoft says exploitation is more likely. To exploit the flaw, an attacker would need to connect to a system that is running RDP and send specially crafted requests to it. This information could be used by the attacker for further compromise. RDP is a prime target for cybercriminals, especially those looking to launch ransomware attacks. If an organization is exposing RDP to the Internet, they need to ensure they’ve taken appropriate steps to harden RDP, which includes ensuring all patches are applied in a timely manner.
16 comments
purchase atorvastatin for sale generic atorvastatin 80mg cost atorvastatin 20mg
ciplox 500mg ca – purchase ciplox generic cheap erythromycin 500mg
ivermectin 6 mg for humans for sale – cefuroxime us buy sumycin for sale
order valacyclovir 1000mg – nateglinide 120 mg price acyclovir drug
glycomet 500mg cost – lamivudine online lincocin for sale online
buy zidovudine 300 mg online pill – buy zyloprim 300mg sale buy zyloprim 300mg pills
purchase clozapine online – glimepiride 1mg us buy famotidine 40mg online
buy cleocin 300mg – order cefpodoxime 100mg online buy generic chloromycetin
ivermectin 12mg for humans for sale – aczone usa cefaclor without prescription
clarinex 5mg usa – aristocort order order ventolin inhalator generic
glyburide 2.5mg over the counter – glucotrol medication buy generic dapagliflozin 10mg
metformin oral – sitagliptin 100 mg pills buy precose online cheap
repaglinide 1mg without prescription – buy prandin pills for sale order empagliflozin 25mg for sale
semaglutide 14 mg price – order rybelsus 14mg online cheap DDAVP buy online
famciclovir pills – valcivir online buy valcivir no prescription
buy ketoconazole 200 mg pill – purchase butenafine generic buy sporanox pills for sale