September Patch Tuesday Updates Exchange, SharePoint

This month’s update includes 129 updates for the Microsoft Office suite, with 15 specifically addressing SharePoint vulnerabilities. Of the total number, 23 have been rated Critical and 105 as Important. No zero days have been observed, but four vulnerabilities are under close scrutiny for their potential abuse.

Specifically, CVE-2020-16875 can be exploited for remote code execution (RCE), CVE-2020-1596 for man-in-the-middle (MiTM) attacks, while CVE-2020-0836 and CVE-2020-1228 can be abused for domain name system (DNS) denial of service (DoS).

12 of the vulnerabilities included have also been reported by the Zero Day Initiative (ZDI), including three critical gaps that can be used for RCE. This update brings us to seven consecutive months of patching more than 110 gaps per batch, and brings the year’s total number close to a thousand updates.

Read more…
Source: Trend Micro