Microsoft yesterday released its monthly security update package, commonly known as Patch Tuesday, which in October 2020 fixes 87 vulnerabilities across a wide range of Microsoft products.
By far the most dangerous bug, which luckily was fixed this month, is CVE-2020-16898. It is described as a remote code execution (RCE) vulnerability in Windows TCP / IP stack, this bug could allow attackers to take control of Windows systems by sending malicious ICMPv6 router advertisement packets to a computer without patch, via a network connection. This bug was discovered internally by engineers at Microsoft, and versions of the operating system vulnerable to CVE-2020-16898 include Windows 10 and Windows Server 2019.
With a severity score of 9.8 out of 10, Microsoft views the bug as dangerous and potentially a weapon, and with good reason.
Microsoft releases Patch Tuesday for October 2020
Fixing the bug is recommended, but workarounds such as disabling ICMPv6 RDNSS support also exist, which would allow system administrators to implement temporary mitigations until they perform a Quality testing this month’s security updates for any operating system bugs.
Another bug that deserved special mention was CVE-2020-16947, a remote code execution issue in Outlook. Microsoft claims that this bug can be exploited by tricking the user “to open a specially crafted file with an affected version of Microsoft Outlook software”.
All fixed vulnerabilities have been listed by Microsoft here.
Help us grow, visit our Facebook page and leave your taste, to have access to all the information first hand. And if you liked the article, don’t forget to share it with your friends. Also follow us on Google News, select us among your favorites by clicking on the star.
Founder of Noticias e Tecnologia, and this is his second online project, after several years connected to a portal focused on the Android system, of which he was also one of its founders.
IT professional and passionate about new technologies, motorsports and mountain biking