Daily Archives: September 8, 2020

  • The September 2020 Microsoft patches

    Posted on September 8, 2020 at 12:09 CDT by Comment in the Forums

    The patches are out.

    I see 189 new entries in the Microsoft Update Catalog, plus 23 Intel microcode updates that were released last week.

    Win10 version 2004 cumulative update KB 4571756 appears to contain the fix that updates the defrag date, but it doesn’t fix the TRIM command running on hard drives. Lawrence Abrams on BleepingComputer has details. Hey, it only took Microsoft eight months to fix the defrag bug.

    Win10 version 1903 and 1909 cumulative update KB 4574727 is the same for both versions (as usual).

    There are new .NET patches, including KB 4576478, the September 8, 2020 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 2004.

    There are also new Servicing Stack Updates, including KB 4577266 for Win10 version 2004. If you use Windows Update, you don’t have to worry about Servicing Stack Updates – they come along for the ride.

    Dustin Childs just posted his usual in-depth analysis on the Zero Day Initiative blog:

    • 139 separately identified security holes
    • None are marked as “Public” (i.e., with detailed descriptions widely available) or “Exploited” (i.e., zero-days).

    If you’re running an Exchange Server (as opposed to just using one), there’s a heads-up for  CVE-2020-16875 , which Microsoft lists as “2 – Exploitation Less Likely.” There’s yet another security hole in the Windows HEVC video stream processor.

    The SANS Internet Storm Center list adds a warning about CVE-2020-1210, a SharePoint application package vulnerability. That’s another “2 – Exploitation Less Likely,” although its CVSS rating of 9.9 makes it notable.

    Martin Brinkmann has his usual thorough list on Ghacks.net.

    Looks like a big, but dull, crop. You can go back to panic scrolling.

    UPDATE: Great catch from Catalin Cimpanu, via @tx_drewdad. The description of CVE-2020-1252 includes this gem:

    To exploit the vulnerability, an attacker would first have to log on to the target system and then run a specially crafted application.

    Which is hardly a “Remote Code Execution” vulnerability. It’s listed as “Critical.”

    Windows Patches/Security
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    September 2020
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.