It should be noted that 32 out of 129 patched vulnerabilities are related to remote code execution, i.e. their exploitation opens up the possibility for remote attacks. Of the 32 vulnerabilities related to remote code execution, 20 were assigned the status of critical, i.e. they are the most dangerous according to Microsoft’s classification system.

Severe vulnerabilities have been addressed in products such as Windows (vulnerability CVE-2020-1252), Microsoft Dynamics 365 (CVE-2020-16857, CVE-2020-16862), Visual Studio (CVE-2020-16874), Windows Graphics Device Interface ( CVE-2020-1285), Microsoft SharePoint (CVE-2020-1200, CVE-2020-1210, CVE-2020-1452, CVE-2020-1453, CVE-2020-1276, CVE-2020-1595), Microsoft SharePoint Server (CVE-2020-1460) and others. For a complete list of fixed vulnerabilities, visit the official Security Update Guide page.

Remote code execution vulnerabilities pose a big threat, especially in Windows (due to the large scope for attacks), as well as SharePoint and Dynamics 365, as they are often used in large corporate networks. It is known that hackers keep track of the updates released by Microsoft in order to have time to carry out attacks on systems where the current security patch has not yet been installed. For administrators who maintain corporate networks, Microsoft recommends that they pre-test the service pack for compatibility with their computers to avoid any problems after installing the patch.

As usual, Microsoft has posted links to updates that can be used to download the September security patch. For Windows 10 (2004), the KB4571756 package is offered, which will change the build number to 19041.508. For Windows 10 (1909) and Windows 10 (1903), the KB4574727 package is provided, which changes the build number to 18363.1082. You can use the Microsoft Update Web Catalog to find the latest updates for older versions of the software platform.