News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • The September 2020 Microsoft patches

    Posted on September 8th, 2020 at 12:09 woody Comment on the AskWoody Lounge

    The patches are out.

    I see 189 new entries in the Microsoft Update Catalog, plus 23 Intel microcode updates that were released last week.

    Win10 version 2004 cumulative update KB 4571756 appears to contain the fix that updates the defrag date, but it doesn’t fix the TRIM command running on hard drives. Lawrence Abrams on BleepingComputer has details. Hey, it only took Microsoft eight months to fix the defrag bug.

    Win10 version 1903 and 1909 cumulative update KB 4574727 is the same for both versions (as usual).

    There are new .NET patches, including KB 4576478, the September 8, 2020 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 2004.

    There are also new Servicing Stack Updates, including KB 4577266 for Win10 version 2004. If you use Windows Update, you don’t have to worry about Servicing Stack Updates – they come along for the ride.

    Dustin Childs just posted his usual in-depth analysis on the Zero Day Initiative blog:

    • 139 separately identified security holes
    • None are marked as “Public” (i.e., with detailed descriptions widely available) or “Exploited” (i.e., zero-days).

    If you’re running an Exchange Server (as opposed to just using one), there’s a heads-up for  CVE-2020-16875 , which Microsoft lists as “2 – Exploitation Less Likely.” There’s yet another security hole in the Windows HEVC video stream processor.

    The SANS Internet Storm Center list adds a warning about CVE-2020-1210, a SharePoint application package vulnerability. That’s another “2 – Exploitation Less Likely,” although its CVSS rating of 9.9 makes it notable.

    Martin Brinkmann has his usual thorough list on Ghacks.net.

    Looks like a big, but dull, crop. You can go back to panic scrolling.

    UPDATE: Great catch from Catalin Cimpanu, via @tx_drewdad. The description of CVE-2020-1252 includes this gem:

    To exploit the vulnerability, an attacker would first have to log on to the target system and then run a specially crafted application.

    Which is hardly a “Remote Code Execution” vulnerability. It’s listed as “Critical.”