Microsoft Patch Tuesday was recently released for 129 critical bugs in its September “Patch Tuesday” updates. One of the bugs is an absolute worst-case scenario.
CVE-2020-16875 is a Microsoft Exchange memory corruption issue.
It allows remote code execution (RCE) that lets hackers take over your Microsoft exchange with a simple email.
22 of the other bugs are rated critical, 105 are important and just one is moderate in severity.
Are you vulnerable? If so, what should you do?
Read on to find out more.
What is Microsoft Patch Tuesday?
Microsoft regularly releases updates for its users in an event known as Patch Tuesday.
Patch Tuesday is a tradition that started in October 2003 and occurs on the second or fourth Tuesday of every month.
One unusual fact is that Microsoft releases more patches during even months and fewer during odd months.
Of course, sometimes they don’t wait for Tuesday to patch open vulnerabilities. Other times, several weeks can pass by before releasing it to the public.
Funny enough, this is not the case for Windows 10. Now they just move to fix what must be fixed any day that is required.
Why Does Patch Tuesday Matter?
The updates released by Microsoft are vital.
They can prevent fatal zero-day attacks and save millions to millions of Windows users.
If Hackers get into the core of the Operative System, they practically can get access to individual’s systems and devices. But that’s just a topic for another day.
Since almost every organization uses Microsoft Products, your staff should keep an eye on Patch Tuesday and implement changes as necessary.
What Patches Were Released in September 2020?
The most important patches released include CVE-2020-16875.
According to Trend Micro researcher Justin Childs, “The patch corrected a vulnerability that lets attackers execute code at SYSTEM using special emails to the Exchange Server.”
He also stated that “Such a situation was a worst-case scenario for Microsoft Exchange. There were previous examples of similar bugs that were eventually exploited and this bug should be a top priority.”
There was also a patch released for a SharePoint bug that rated 9.9 on the CVSS scale.
A third RCE vulnerability (8.4 CVSS) was patched in the Windows Graphic Device Interface. It could lead to web-based and file-sharing cyberattacks.
CVSS or the Common Vulnerability Scoring System is an industry-standard scale for rating vulnerabilities.
Are You At Risk?
The dangerous Microsoft Exchange vulnerability which was patched by CVE-2020-16875 affected only versions 2016 and 2019.
Exchange is used by several organizations, and the vulnerability should be high on your organization’s list of priorities.
September’s patches fix many RCE vulnerabilities such as one in Microsoft Windows Codecs Library.
Such dangerous Remote Code Vulnerabilities (RCE), may prompt a target device to execute codes that let hackers run their programs.
What to Do Now?
Patching your software and keeping it up-to-date is vital.
However, Microsoft has been releasing an increasingly large number of patches recently.
The volume of patches has increased to such an extent that traditional teams are being overwhelmed.
In such a scenario, you should entrust your security in the hands of dedicated experts.
Only security experts can keep up with the rapid changes and guarantee your organization’s safety from all manners of threats.
Contact our team at My IT Guy for managed IT services to prevent attacks from harming your business.