• October patched security holes are getting hit hard

    Home » Forums » Newsletter and Homepage topics » October patched security holes are getting hit hard


    Here’s where the threats stand as of early Thursday morning: CVE-2020-16898: “Bad Neighbor” or “Ping of Death” has a proof of concept available, but i
    [See the full post at: October patched security holes are getting hit hard]

    2 users thanked author for this post.
    Viewing 4 reply threads
    • #2304473

      Two proofs of concept and an “exploitation less likely” doesn’t sound like “getting hit hard”.

    • #2304476


      “-       CVE-2020-16947 – Microsoft Outlook Remote Code Execution Vulnerability
      This vulnerability was reported through the ZDI program, and it could allow code execution on affected versions of Outlook just by viewing a specially crafted e-mail. The Preview Pane is an attack vector here, so you don’t even need to open the mail to be impacted. The specific flaw exists within the parsing of HTML content in an email. The issue results from the lack of proper validation of the length of user-supplied data before copying it to a fixed-length heap-based buffer. Although Microsoft gives this an XI rating of 2, we have a working proof-of-concept. Patch this one quickly.”

      Susan Bradley Patch Lady/Prudent patcher

      • This reply was modified 2 years, 11 months ago by Susan Bradley.
      • #2304510

        I’m confused.   Is the patch for this MS Outlook coming from MS Office (I have 2016 Retail C2R) or is it included in the October Windows 10 Update?

        Windows 10 Pro x64 v22H2 and Windows 7 Pro SP1 x64 (RIP)
        • #2304514
          • #2304544

            OK thanks.  This shows the Security fix for Outlook 2016 Retail C2R is in the Current Channel, version 2009, Build 13231.20390, dated October 13, 2020.

            Susan – have you cleared this Build as OK for installation?  (I keep Office auto upgrades set to off until ready to upgrade).

            Windows 10 Pro x64 v22H2 and Windows 7 Pro SP1 x64 (RIP)
            • #2304608

              Yes it’s in the click to run patches,  I’m not quite ready to give the go-ahead.  In the patchwatch that will be out this weekend I’m recommending to either patch or disable preview pane.

              Susan Bradley Patch Lady/Prudent patcher

        • #2304543

          How do us Click to run office 2016 folks patch this? Just turn on updating on the account page and then click update now to suck down everything waiting for us? Is that what Susan is suggesting we do?

          • #2304706

            This is why it is so important for Susan to be very clear when she gives advice to apply a specific patch to correct a bug in MS office. Many do not have the ability to select which patches get installed and which do not. Statements such as the one above above “Patch this one quickly” cause all sorts of confusion unless the advice to patch is accompanied by instructions on how to accomplish the goal on the various flavors of MS Office especially Click-to-run versions. In this case it appears to be better for C2R users to disable the email preview screen rather than installing all available waiting updates all at once at this point in time which is the only available option for C2R Office users.

            • This reply was modified 2 years, 11 months ago by dph853.
    • #2304495

      installed these updates and brough W10 to W10Pro 1909-18363.1139
      still rather good and alive here

      * _ the metaverse is poisonous _ *
      1 user thanked author for this post.
    • #2304911

      Venkat over on Techdows is reporting that there are issues with Octobers kb4579311 alongside the known MSFT published issues with this update.

      Windows Update fails to install KB4579311 with an error for some users
      Manual download and install from Microsoft Catalog update, also triggering an error
      The update is causing sign-in and freezing issues. Desktop turns to black after startup. USB network printer problems also reported.
      Explorer crashes in a loop after login and becomes unresponsive, sometimes.

      No problem can be solved from the same level of consciousness that created IT- AE
      1 user thanked author for this post.
    • #2304993

      I installed all updates today using MS Update Catalog. KB 4577671 took forever to download and install. I had to turn off my antivirus because the install got stuck about a quarter of the way into the install.

      Windows update only offered me KB 4020357 which I hid using wsushowhide. A special “thank you” to Woody for the warning not to install it

      I ran Belarc Advisor and it indicated that all necessary patches are now installed. Winver shows Version 1909 (OS Build 18363.1139). Just finished running Macrium Reflect. I’m tired but pleased to be done with this month’s ordeal.


      1 user thanked author for this post.
    Viewing 4 reply threads
    Reply To: October patched security holes are getting hit hard

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: