Windows 10: Microsoft Windows Security Updates September 2020 overview

Welcome to the Microsoft Windows Patch Day overview for September 2020. Microsoft released security updates and non-security updates for all supported client and server operating systems. Other company products have received security updates as well on this Patch Day.

The Windows updates that Microsoft releases on the second Tuesday of a month are cumulative in nature. Administrators may get them via Windows Update, WSUS, as direct downloads, or via other update management systems.

Our monthly overview provides you with details on the released patches. It includes an overview of all security patches that Microsoft released, an Excel spreadsheet with all the patches, an overview of the operating system distribution and severeness, direct download links, links to support pages, security advisories, known issues, and more.

Check out the August 2020 Patch Day in case you missed it.

Microsoft Windows Security Updates September 2020


You may download an Excel spreadsheet with detailed information about the September 2020 Patch Day. Click on the following link to download the archive to your system. All that is left to do is to extract the zip file and open it in a spreadsheet application such as Excel or LibreOffice Calc: windows-security-updates-september-2020

Executive Summary

• Microsoft released security updates for all supported client and server versions of Windows.
• Security updates were also released for other company products including Microsoft Edge (old and new), Internet Explorer, Visual Studio, Microsoft Office, Microsoft OneDrive, SQL Server, and Azure DevOps.

Operating System Distribution

• Windows 7 (extended support only): 33 vulnerabilities: 4 critical and 48 important
  • CVE-2020-0922 | Microsoft COM for Windows Remote Code Execution Vulnerability
  • CVE-2020-1252 | Windows Remote Code Execution Vulnerability
  • CVE-2020-1285 | GDI+ Remote Code Execution Vulnerability
  • CVE-2020-1319 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability
  • CVE-2020-1508 | Windows Media Audio Decoder Remote Code Execution Vulnerability
  • CVE-2020-1593 | Windows Media Audio Decoder Remote Code Execution Vulnerability
• Windows 8.1: 41 vulnerabilities: 5 rated critical and 51 rated important
  • same as Windows 7
• Windows 10 version 1803: 63 vulnerabilities: 9 critical and 54 important
  • CVE-2020-0908 | Windows Text Service Module Remote Code Execution Vulnerability
  • CVE-2020-0922 | Microsoft COM for Windows Remote Code Execution Vulnerability
  • CVE-2020-0997 | Windows Camera Codec Pack Remote Code Execution Vulnerability
  • CVE-2020-1129 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability
  • CVE-2020-1252 | Windows Remote Code Execution Vulnerability
  • CVE-2020-1285 | GDI+ Remote Code Execution Vulnerability
  • CVE-2020-1319 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability
  • CVE-2020-1508 | Windows Media Audio Decoder Remote Code Execution Vulnerability
  • CVE-2020-1593 | Windows Media Audio Decoder Remote Code Execution Vulnerability
• Windows 10 version 1809: 70 vulnerabilities: 9 critical and 56 important
  • same as Windows 10 version 1803
• Windows 10 version 1903: 70 vulnerabilities: 9 critical and 61 important
  • same as Windows 10 version 1803
• Windows 10 version 1909:
  • same as Windows 10 version 1803
• Windows 10 version 2004:

Windows Server products

• Windows Server 2008 R2 (extended support only): 39 vulnerabilities: 6 critical and 33 important
  • CVE-2020-0922 | Microsoft COM for Windows Remote Code Execution Vulnerability
  • CVE-2020-1252 | Windows Remote Code Execution Vulnerability
  • CVE-2020-1285 | GDI+ Remote Code Execution Vulnerability
  • CVE-2020-1319 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability
  • CVE-2020-1508 | Windows Media Audio Decoder Remote Code Execution Vulnerability
  • CVE-2020-1593 | Windows Media Audio Decoder Remote Code Execution Vulnerability
• Windows Server 2012 R2: 47 vulnerabilities: 6 critical and 41 important.
  • same as Windows Server 2008 R2
• Windows Server 2016: 62 vulnerabilities: 9 critical and 56 important.
  • same as Windows Server 2008 R2, plus
  • CVE-2020-0908 | Windows Text Service Module Remote Code Execution Vulnerability
  • CVE-2020-1129 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability
  • CVE-2020-0997 | Windows Camera Codec Pack Remote Code Execution Vulnerability
• Windows Server 2019: 73 vulnerabilities: 9 critical and 64 are important
  • same as Windows Server 2016.

Other Microsoft Products

• Internet Explorer 11: 3 vulnerability: 1 critical, 2 important
  • CVE-2020-0878 | Microsoft Browser Memory Corruption Vulnerability
• Microsoft Edge: 4 vulnerabilities: 3 critical, 1 important
  • CVE-2020-0878 | Microsoft Browser Memory Corruption Vulnerability
  • CVE-2020-1057 | Scripting Engine Memory Corruption Vulnerability
  • CVE-2020-1172 | Scripting Engine Memory Corruption Vulnerability
• Microsoft Edge on Chromium:
  • see here (latest security patches from the Chromium project)

Windows Security Updates


Windows 7 SP1 and Windows Server 2008 R2

• Monthly Rollup: KB4577051
• Security-only Update: KB4577053

Fixes and improvements:

• Yukon, Canada time zone information update (monthly rollup).
• Fixes a security vulnerability issue with user proxies and HTTP-based Intranet servers. HTTP-based Intranet servers cannot leverage user proxies to detect updates by default anymore. Check this support page for additional information (monthly rollup).
• Security Updates

Windows 8.1 and Server 2012 R2

• Monthly Rollup: KB4577066
• Security-only Update: KB4577071

Fixes and improvements:

• Yukon, Canada time zone information update (monthly rollup).
• Fixes a security vulnerability issue with user proxies and HTTP-based Intranet servers. HTTP-based Intranet servers cannot leverage user proxies to detect updates by default anymore. Check this support page for additional information (monthly rollup).
• Fixed an unnamed issue when evaluating the compatibility status of the Windows system (monthly rollup).
• Security updates.

Windows 10 version 1803

• Support page: KB4577032

Fixes and improvements:

• Ability to sync Microsoft Edge IE Mode unidirectional session cookies when configured by an admin.
• Fixed an issue related to unexpected notifications.
• Updated Yukon, Canada time zone information.
• Fixed an Ever Viewer issue that prevented it from saving filtered events correctly.
• Fixed a delayed shutdown issue caused by Microsoft Keyboard Filter Service.
• Fixes a security vulnerability issue with user proxies and HTTP-based Intranet servers. HTTP-based Intranet servers cannot leverage user proxies to detect updates by default anymore. Check this support page for additional information (monthly rollup).
• Security Updates

Windows 10 version 1809

• Support page: KB4570333

Fixes and improvements:

• Fixes a security vulnerability issue with user proxies and HTTP-based Intranet servers. HTTP-based Intranet servers cannot leverage user proxies to detect updates by default anymore. Check this support page for additional information (monthly rollup).
• Security Updates

Windows 10 version 1903 and 1909

• Support page: KB4574727

Fixes and improvements:

• Fixes a security vulnerability issue with user proxies and HTTP-based Intranet servers. HTTP-based Intranet servers cannot leverage user proxies to detect updates by default anymore. Check this support page for additional information (monthly rollup).
• Security Updates

Windows 10 version 2004

• Support page: KB4571756

Fixes and improvements:

• Addressed a potential elevation of privilege issue in windowmanagement.dll.
• Fixes a security vulnerability issue with user proxies and HTTP-based Intranet servers. HTTP-based Intranet servers cannot leverage user proxies to detect updates by default anymore. Check this support page for additional information (monthly rollup).
• Security Updates

Other security updates


KB4577010 -- Cumulative security update for Internet Explorer: September 8, 2020

KB4577038 -- 2020-09 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012

KB4577048 -- 2020-09 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012

KB4577064 -- 2020-09 Security Monthly Quality Rollup for Windows Server 2008

KB4577070 -- 2020-09 Security Only Quality Update for Windows Server 2008

KB4577015 -- 2020-09 Cumulative Update for Windows Server 2016 and Windows 10 Version 1607

KB4577021 -- 2020-09 Cumulative Update for Windows 10 Version 1703

KB4577041 -- 2020-09 Cumulative Update for Windows 10 Version 1709

KB4577049 -- 2020-09 Cumulative Update for Windows 10 Version 1507

Microsoft .NET Framework updates:

KB4576485 -- 2020-09 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded 8 Standard and Windows Server 2012

KB4576486 -- 2020-09 Security and Quality Rollup for .NET Framework 4.8 for Windows 8.1 and Windows Server 2012 R2

KB4576487 -- 2020-09 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4576488 -- 2020-09 Security Only Update for .NET Framework 4.8 for Windows Embedded 8 Standard and Windows Server 2012

KB4576489 -- 2020-09 Security Only Update for .NET Framework 4.8 for Windows 8.1 and Windows Server 2012 R2

KB4576490 -- 2020-09 Security Only Update for .NET Framework 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4576612 -- 2020-09 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008

KB4576613 -- 2020-09 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012

KB4576614 -- 2020-09 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Windows Server 2012 R2

KB4576628 -- 2020-09 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4576629 -- 2020-09 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded 8 Standard and Windows Server 2012

KB4576630 -- 2020-09 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 and Windows Server 2012 R2

KB4576631 -- 2020-09 Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 for Windows Server 2008

KB4576478 -- 2020-09 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server, version 2004 and Windows 10 Version 2004

KB4576479 --2020-09 Cumulative Update for .NET Framework 4.8 for Windows Server 2016 and Windows 10 Version 1607

KB4576480 -- 2020-09 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1703

KB4576481 -- 2020-09 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1709

KB4576482 -- 2020-09 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1803 and Windows Server 2016 (1803)

KB4576483 -- 2020-09 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server 2019 and Windows 10 Version 1809

KB4576484 -- 2020-09 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server, version 1909, Windows 10 Version 1909, Windows Server 2019 (1903), and Windows 10 Version 1903

KB4576627 -- 2020-09 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows Server 2019 and Windows 10 Version 1809

Servicing Stack updates:

KB4577266 -- 2020-09 Servicing Stack Update for Windows Server, version 2004 and Windows 10 Version 2004

KB4570332 -- 2020-09 Servicing Stack Update for Windows Server 2019 and Windows 10 Version 1809

KB4576750 -- 2020-09 Servicing Stack Update for Windows Server 2016 and Windows 10 Version 1607

KB4576751 -- 2020-09 Servicing Stack Update for Windows Server 2019 (1903), and Windows 10 Version 1903

Known Issues


Windows 7 SP1 and Windows Server 2008 R2

• Updates may fail to install if the system is not supported by ESU.
• Certain operations may fail on cluster shared volumes. See workarounds on the support page.

Windows 8.1 and Server 2012 R2

• Certain operations may fail on cluster shared volumes. See workarounds on the support page.

Windows 10 version 1809

• Error "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND." on systems with certain Asian language packs. Microsoft suggests to uninstall and reinstall the language packs, or to reset the PC.
• Microsoft Edge legacy error "0x80704006. Hmmmm…can’t reach this page" when trying to access sites on non-standard ports. Suggestions include using the new Edge or IE 11.

Windows 10 version 2004

• Users of the Microsoft Input Method Editor for Chinese and Japanese may experience various issues. Check this support page for additional details.

Security advisories and updates

Non-security related updates


KB4566371 -- 2020-09 Update for Windows 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, Windows Server 2012, Windows 7, Windows Server 2008 R2, and Windows Server 2008

KB4574726 -- 2020-09 Dynamic Update for Dynamic Update for Windows 10 Version 1903, and Windows 10 Version 1909

KB4578847 -- 2020-09 Update for Windows Server 2008 R2 for x64-based Systems

KB890830 -- Windows Malicious Software Removal Tool

KB4574728 -- 2020-09 Dynamic Update for Windows 10 Version 2004

Microsoft Office Updates


You find Office update information here.

How to download and install the September 2020 security updates




Security updates are released via Microsoft's Windows Update service and update management services such as WSUS. The main cumulative updates may also be downloaded from the company's Microsoft Update Catalog website.

It is recommended to back up the system before updates are installed as the installation of updates may cause numerous issues including boot issues, data loss or loss of functionality.

Windows administrators may run a manual update check at any time on home devices. Here are the instructions on how to do that:

1. Select Start and select Settings.
2. Select Update & Security in the Settings application.
3. Click on the "check for updates" button to run a manual check for updates. Windows checks if important updates are available to download and install these on the device.

Direct update downloads


Below are resource pages with direct download links, if you prefer to download the updates to install them manually.

Windows 7 and Server 2008 R2

• KB4577051 -- 2020-09 Security Monthly Quality Rollup for Windows 7
• KB4577053 -- 2020-09 Security Only Quality Update for Windows 7

Windows 8.1 and Windows Server 2012 R2

• KB4577066 -- 2020-09 Security Monthly Quality Rollup for Windows 8.1
• KB4577071 -- 2020-09 Security Only Quality Update for Windows 8.1

Windows 10 (version 1803)

• KB4577032 -- 2020-09 Cumulative Update for Windows 10 Version 1803

Windows 10 (version 1809)

• KB4570333 -- 2020-09 Cumulative Update for Windows 10 Version 1809

Windows 10 (version 1903)

• KB4574727 -- 2020-09 Cumulative Update for Windows 10 Version 1903

Windows 10 (version 1909)

• KB4574727 -- 2020-09 Cumulative Update for Windows 10 Version 1909

Windows 10 (version 2004)

• KB4571756 -- 2020-09 Cumulative Update for Windows 10 Version 2004

Additional resources

• September 2020 Security Updates release notes
• List of software updates for Microsoft products
• List of the latest Windows Updates and Services Packs
• Security Updates Guide
• Microsoft Update Catalog site
• Our in-depth Windows update guide
• How to install optional updates on Windows 10
• Windows 10 Update History
• Windows 8.1 Update History
• Windows 7 Update History

Thank you for being a Ghacks reader. The post Microsoft Windows Security Updates September 2020 overview appeared first on gHacks Technology News.

read more...

 

Microsoft Security Bulletin for September 2007

Microsoft released yesterday the September Security Bulletin for Windows operating system, as part of its monthly security cycle. This bulletin summary lists one critical and three important updates. For more information, see Microsoft Security Bulletin Summary for September 2007.

Source: Microsoft

 

Microsoft May 2020 Security Updates

Release Notes
May 2020 Security Updates
Release Date: May 12, 2020




The May 2020 security release consists of security updates for the following software:

• Microsoft Windows
• Microsoft Edge (EdgeHTML-based)
• Microsoft Edge (Chromium-based)
• ChakraCore
• Internet Explorer
• Microsoft Office and Microsoft Office Services and Web Apps
• Windows Defender
• Visual Studio
• Microsoft Dynamics
• .NET Framework
• .NET Core
• Power BI

Please note the following information regarding the security updates:

• For information regarding enabling Windows 10, version 1909 features, please see Windows 10, version 1909 delivery options. Note that Windows 10, versions 1903 and 1909 share a common core operating system with an identical set of system files. They will also share the same security update KBs.
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
• For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates. Please note that this is not a complete list of CVEs for this release.

• CVE-2020-0901
• CVE-2020-0963
• CVE-2020-1072
• CVE-2020-1075
• CVE-2020-1103
• CVE-2020-1116
• CVE-2020-1141
• CVE-2020-1145
• CVE-2020-1173
• CVE-2020-1179

Known Issues


The following KBs contain information about known issues with the security updates. For a complete list of security update KBs, please see 20200512. For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).


KB Article Applies To
4551853 Windows 10 Version 1809, Windows Server 2019
4556813 Windows 10, version 1607, Windows Server 2016
4556836 Windows 7, Windows Server 2008 R2 (Monthly Rollup)
4556843 Windows 7, Windows Server 2008 R2 (Security-only update)
4556854 Windows Server 2008 Service Pack 2 (Security-only update)
4556860 Windows Server 2008 Service Pack 2 (Monthly Rollup)


https://portal.msrc.microsoft.com/en...etail/2020-May

 

Microsoft January 2020 Security Updates

Release Notes

January 2020 Security Updates

Release Date: January 14, 2020

The January security release consists of security updates for the following software:

• Microsoft Windows
• Internet Explorer
• Microsoft Office and Microsoft Office Services and Web Apps
• ASP.NET Core
• .NET Core
• .NET Framework
• OneDrive for Android
• Microsoft Dynamics

Please note the following information regarding the security updates:

• For information regarding enabling Windows 10, version 1909 features, please see
  
  Microsoft Update Catalog.
• For information on lifecycle and support dates for Windows 10 operating systems, please see
  
  Windows Lifecycle Facts Sheet.
• A list of the latest servicing stack updates for each operating system can be found in
  
  ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• Starting in May 2019, Internet Explorer 11 is available on Windows Server 2012. This configuration is present only in the IE Cumulative package.
• Updates for Windows RT 8.1 and Microsoft Office RT software are only available via
  
  Windows Update.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Note: Support for Windows 7, Windows Server 2008 R2, and Windows Server 2008 ends January 14, 2020. For more information please see
  
  Lifecycle FAQ-Extended Security Updates.

The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates. Please note that this is not a complete list of CVEs for this release.

• CVE-2020-0601 *
• CVE-2020-0607
• CVE-2020-0608
• CVE-2020-0615
• CVE-2020-0622
• CVE-2020-0637
• CVE-2020-0639
• CVE-2020-0643
• CVE-2020-0647
• CVE-2020-0650
• CVE-2020-0651
• CVE-2020-0652
• CVE-2020-0653
• CVE-2020-0654 *

Known Issues

The f****ssues with the security updates. For a complete list of security update KBs, please see

2****ssues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

[table][tr][td]4534271[/td][td]Windows 10, version 1607, Windows Server 2016[/td][/tr][tr][td]4534273[/td][td]Windows 1****809[/td][/tr][tr][td]4534276[/td][td]Windows 10, version 1709[/td][/tr][tr][td]4534283[/td][td]Windows Server 2012 (Monthly Rollup)[/td][/tr][tr][td]4534288[/td][td]Windows Server 2012 (Security-only update)[/td][/tr][tr][td]4534293[/td][td]Windows 10, version 1803, Windows Server version 1803[/td][/tr][tr][td]4534297[/td][td]Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)[/td][/tr][tr][td]4534306[/td][td]Windows 10[/td][/tr][tr][td]4534309[/td][td]Windows 8.1, Windows Server 2012 R2 (Security-only update[/td][/tr][/table]