Microsoft has released an emergency security updates for critical vulnerabilities that allow attackers to execute arbitrary code on the vulnerable machine.
The updates patched 87 vulnerabilities that include 12 are classified as Critical, and 74 are classified as Important, and one as moderate.
The October security release includes security updates for the following software:
- Microsoft Windows
- Microsoft Office and Microsoft Office Services and Web Apps
- Microsoft JET Database Engine
- Azure Functions
- Open Source Software
- Microsoft Exchange Server
- Visual Studio
- Microsoft .NET Framework
- Microsoft Dynamics
- Adobe Flash Player
- Microsoft Windows Codecs Library
The update also fixes the RCE flaws with several Microsoft products including Excel, Outlook, the Windows Graphics component, and the Windows TCP/IP stack.
Out of the one’s patches, the severe one is an RCE issue tracked as CVE-2020-16898, it resides in Windows TCP/IP stack, the vulnerability can be exploited by an attacker to take over the Windows systems by sending malicious packets.
Another important flaw tracked as CVE-2020-16947, resides in the MS Outlook that can be exploited by attackers by making victims opening a specially crafted file.
Following are some notable vulnerabilities
- ADV200012 *
- CVE-2020-16896 *
- CVE-2020-16933 *
- CVE-2020-16947 *
- CVE-2020-16949 *
Microsoft strongly recommended installing these security updates for all the windows users to avoid the security risk and protect your Windows.