Of course, with new updates, everyone is looking for the new features and improvements but the central point of the Patch Tuesday updates is the list of CVEs that accompany it. With the current pandemy, 2020 was a hard year for security. Unfortunately, the numbers detected until now exceeded the entirety of last year. Here’s a little rundown on the number of CVEs that have been tracked down this year:

February: 99 CVEs March: 115 CVEs April: 118 CVEs May: 147 CVEs June: 139 CVEs July: 136 CVEs August: 146 CVEs September: 147 CVEs

There is, however, a little spark at the end of the tunnel as the October Patch Tuesday delivers only 88 vulnerabilities that have been detected and dealt with. It’s the second month of this year with less than 100 flagged vulnerabilities and the smallest number this year. As usual, these affect both Microsoft and Adobe products, ranging in severity from Important to Critical.

Only 88 vulnerabilities were identified this month

As it was expected, the Microsoft products were found the most vulnerable, with 87 out of the total of 88, the remaining vulnerability attributed to Adobe products.

Vulnerabilities found in Adobe Products

This month vulnerabilities were found for one Adobe product, and that is Flash. It’s imperative to note that Flash will reach the end of life at the end of this year. Also, the patch is meant to fix a NULL pointer Deference bug.

Vulnerabilities found in Microsoft Products

There were a lot more Microsoft products affected by vulnerabilities according to the new discoveries. These include products like Microsoft Windows, Office, Exchange Server, Microsoft Dynamics, Visual Studio, .NET Framework, Windows Codecs Library, and more. Of the 87 total vulnerabilities discovered, 11 were rated as Critical, 75 were listed as Important, and one was labeled as Moderate. As mentioned above, vulnerabilities suffered an abrupt fall, and while October does boast only 88 vulnerabilities, this is just a reminder that only last month there were 147 vulnerabilities found.

CVE-2020-16898 Windows TCP/IP Remote Code Execution Vulnerability CVE-2020-16947  Microsoft Outlook Remote Code Execution Vulnerability CVE-2020-16891 Windows Hyper-V Remote Code Execution Vulnerability CVE-2020-16909 Windows Error Reporting Elevation of Privilege Vulnerability

If you want to read the complete list of all identified CVEs for the October Patch Tuesday updates, check this dedicated article, and you’ll find all the information there. For download links and more information, this comprehensive article will give you all the details. If you have any knowledge of any other vulnerabilities that were not covered this month, then it will probably be fixed by the next Patch Tuesday updates. Speaking of which, the next round of updates will be available starting with November 10.

Name * Email * Commenting as . Not you? Save information for future comments
Comment

Δ