Microsoft released information on 129 vulnerabilities this September. 23 of them are classified as critical. It seems that months with over 100 vulnerabilities is a new normal. Nevertheless, this patch Tuesday is not very special one. Which is a good thing.

There are two vulnerabilities CVE-2020-1210 and CVE-2020-1595 with as high as 9.9 CVSS-rating. Both of the vulnerabilities are targeted to Sharepoint Server products. In order to exploit them the user is required to either access API with special conditions or upload a special package to the server. Even though the vulnerabilities are very highly rated it can be said that neither of them are already exploited or publicly disclosed. In addition to that there is one vulnerability with 9.1 CVSS-rating targeted to Microsoft Exchange Server: CVE-2020-16875.

The impact and scoring of these and other vulnerabilities can be explored with Common Vulnerability Scoring System Calculator. Microsoft posts CVSS-calculator (maintained by National Vulnerability Database) links for all the vulnerabilities in their vulnerability articles. More thorough information of the vulnerabilities can be found from Microsoft’s MSRC-portal.

What comes to known issues it seems that the numbers are very moderate and there is nothing very alarming. Based on that information the administrators can continue deploying the monthly patches following normal procedures.

Operating system

Known issues (last month)

Windows 10, version 2004 and Windows Server, version 2004

1 (1)

Windows 10, version 1909 ja 1903* and Windows Server, version 1903

0 (0)

Windows 10, version 1809 and Windows Server 2019

2 (2)

Windows 10, version 1803**

0 (0)

Windows 10, version 1709** and Windows Server, version 1709

0 (0)

Windows 10, version 1703***

Reached end of service

Windows 10, version 1607 LTSC*** and Windows Server 2016

1 (1)

Windows 8.1**** and Windows Server 2012 R2

1 (1)

Windows Server 2012

1 (1)

Windows 7**** and Windows Server 2008 R2 SP1

2 (2)

* 1909 shares the same core and system files with the predecessor 1903.

** The support for the specific feature update for version Home and Pro has ended.

*** The support for the specific feature update for all the version has ended.

**** Mainstream support for the operating system has ended: Windows 8.1 1/10/2023 and Windows 7 1/14/2020.

If there are either Sharepoint Server or Microsoft Exchange Server products in use, the mentioned updates should be deployed without a delay. Otherwise, the monthly security updates can follow the regular processes. However, Centero recommends to test the updates thoroughly before deploying them to production endpoints. In addition to this, all the known issues should be read through and reflected to own environment.

Microsoft maintains a list of Windows updates and their known issues on the following pages.

With Centero Software Manager Cloud and CSM Cloud for Servers it’s possible to deploy these updates into your environment and even on remote computers by the configuration you have defined.

Read more on this topic:

CSM for Intune in Production Usage Starting on December 1

At the beginning of November 2019, we released CSM for Intune for the preview phase, after which our customers could activate the service for themselves. The product has been officially in the production phase since December 1. During the preview phase, we received a lot of good feedback from customers who had used the service, […]

Comparing Patch Management solutions – Part 12/12 – Results

Our blog series, giving background on our Patch Management comparison, has now arrived to its last post, where we’ll look at the result summary.