|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
-
October patched security holes are getting hit hard
Here’s where the threats stand as of early Thursday morning:
CVE-2020-16898: “Bad Neighbor” or “Ping of Death” has a proof of concept available, but it just triggers a bluescreen. US Cyber Command tweets “CVE-2020-16898 in particular should be patched or mitigated immediately, as vulnerable systems could be compromised remotely.” But Kevin Beaumont says, “I wouldn’t panic about the IPv6 thing personally, just keep calm and patch as usual.” Kevin reports that he’s seen a fake exploit.
CVE-2020-16951 and CVE-2020-16952 SharePoint Server security holes have a new proof of concept, but the holes only occur on SharePoint Server 2016 and 2019. If you’re running either of those Server versions, get patched, but everybody else is immune.
CVE-2020-16947 Outlook 2016/Office 2019/Microsoft 365 vulnerability – which can crawl in via Outlook if you simply preview an infected email – doesn’t have any outstanding proof of concepts, as best I can tell.
Bottom line: I don’t see any reason to install this month’s patches just yet, unless you’re running SharePoint Server 2016 or 2019.
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Latest Firefox requires Password on start up
by 26 minutes ago
-
Resolved : AutoCAD 2022 might not open after updating to 24H2
by 4 hours, 47 minutes ago
-
Missing api-ms-win-core-libraryloader-11-2-1.dll
by 38 minutes ago
-
How Much Daylight have YOU Saved?
by 1 hour, 21 minutes ago
-
A brief history of Windows Settings
by 18 minutes ago
-
Thunderbolt is not just for monitors
by 1 hour, 27 minutes ago
-
Password Generators — Your first line of defense
by 39 minutes ago
-
AskWoody at the computer museum
by 1 hour ago
-
Planning for the unexpected
by 1 hour, 57 minutes ago
-
Which printer type is the better one to buy?
by 6 hours, 33 minutes ago
-
Upgrading the web server
by 4 hours, 57 minutes ago
-
New Windows 11 24H2 Setup – Initial Win Update prevention settings?
by 1 day ago
-
Creating a Google account
by 22 hours, 47 minutes ago
-
Undocumented “backdoor” found in Bluetooth chip used by a billion devices
by 1 day, 5 hours ago
-
Microsoft Considering AI Models to Replace OpenAI’s in Copilot
by 1 day, 16 hours ago
-
AI *emergent misalignment*
by 1 day, 17 hours ago
-
Windows 11 Disk Encryption/ Bitlocker/ Recovery Key
by 1 hour, 29 minutes ago
-
Trouble signing out and restarting
by 18 hours, 5 minutes ago
-
Windows 7 MSE Manual Updating
by 2 days, 1 hour ago
-
Problem running LMC 22 flash drive
by 1 day ago
-
Outlook Email Problem
by 1 day ago
-
“Microsoft 365 Office All-in-One For Dummies, 3rd Edition FREE
by 1 day, 8 hours ago
-
Cant use Office 2013 – Getting error message about Office 2013
by 2 days, 1 hour ago
-
Nearly 1 million Windows devices targeted in advanced “malvertising” spree
by 2 days, 1 hour ago
-
Windows 11 Insider Preview build 27808 released to Canary
by 3 days, 2 hours ago
-
Windows 11 Insider Preview Build 22635.5025 (23H2) released to BETA
by 3 days, 2 hours ago
-
Sysprep issue
by 3 days, 1 hour ago
-
Android Security Bulletin—March 2025
by 3 days, 4 hours ago
-
23h2: PIN TO START randomly available on right-click
by 3 days, 4 hours ago
-
Microsoft Defender
by 3 days, 10 hours ago
