JPCERT-AT-2020-0038
JPCERT/CC
2020-10-14
Details on the vulnerabilities can be found at the following URL:
October 2020 Security Updates
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Oct
[Vulnerabilities addressed (Including Security Update Programs rated as "critical")]
* Listing up Microsoft Knowledge Base (KB) that are rated as "critical"
* If the same vulnerability spans multiple KBs, listing up each
CVE-2020-16891
Windows Hyper-V Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16891
- KB4577668, KB4577671, KB4579311, KB4580327, KB4580328, KB4580330
KB4580345, KB4580346, KB4580347, KB4580353, KB4580358, KB4580378
KB4580382, KB4580385, KB4580387
CVE-2020-16898
Windows TCP/IP Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16898
- KB4577668, KB4577671, KB4579311, KB4580328, KB4580330
CVE-2020-16911
GDI+ Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16911
- KB4577668, KB4577671, KB4579311, KB4580327, KB4580328, KB4580330
KB4580346, KB4580347, KB4580353, KB4580358, KB4580382
CVE-2020-16915
Media Foundation Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16915
- KB4577668, KB4577671, KB4579311, KB4580328, KB4580330, KB4580346
CVE-2020-16923
Microsoft Graphics Components Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16923
- KB4577668, KB4577671, KB4579311, KB4580327, KB4580328, KB4580330
KB4580345, KB4580346, KB4580347, KB4580353, KB4580358, KB4580378
KB4580382, KB4580385, KB4580387
CVE-2020-16947
Microsoft Outlook Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16947
- KB4486671
CVE-2020-16951
Microsoft SharePoint Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16951
- KB4486676, KB4486677, KB4486694
CVE-2020-16952
Microsoft SharePoint Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16952
- KB4486676, KB4486677, KB4486694
CVE-2020-16967
Windows Camera Codec Pack Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16967
- KB4577668, KB4577671, KB4579311, KB4580327, KB4580328, KB4580330
KB4580346
CVE-2020-16968
Windows Camera Codec Pack Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16968
- KB4577668, KB4577671, KB4579311, KB4580327, KB4580328, KB4580330
KB4580346
CVE-2020-17003
Base3D Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17003
- KB number is not assigned
As of October 13, 2020 (US time), support for Office 2010 and Office 2016 for Mac has ended. Microsoft will no longer provide technical support, bug fixes, or security fixes for products that are no longer supported. Users of these products are recommended to take actions such as upgrading.
Microsoft Corporation
Office 2010 Support has been ended on October 13 2020 (JAPANESE)
https://www.microsoft.com/ja-jp/atlife/article-office2010-eos.aspx
Microsoft Corporation
Office versions and connectivity to Office 365 services
https://docs.microsoft.com/en-us/deployoffice/endofsupport/office-365-services-connectivity
Microsoft Corporation
End of support for Office 2016 for Mac
https://support.microsoft.com/en-us/office/end-of-support-for-office-2016-for-mac-e944a907-bbc8-4be5-918d-a514068d0056
Microsoft Corporation
Exchange 2010 end of support roadmap
https://docs.microsoft.com/en-us/microsoft-365/enterprise/exchange-2010-end-of-support
Microsoft Update Catalog
https://www.catalog.update.microsoft.com/
Windows Update: FAQ
https://support.microsoft.com/en-us/help/12373/windows-update-faq
Microsoft Corporation
October 2020 Security Updates
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Oct
Microsoft Corporation
Microsoft Security Updates for October 2020 (Monthly) (Japanese)
https://msrc-blog.microsoft.com/2020/10/13/202010-security-updates/
If you have any information regarding this alert, please contact JPCERT/CC.
JPCERT Coordination Center (Early Warning Group)
MAIL: ew-info@jpcert.or.jp
https://www.jpcert.or.jp/english/
JPCERT/CC
2020-10-14
I. Overview
Microsoft has released October 2020 Security Updates. This contains updates that are rated as "Critical". Remote attackers leveraging these vulnerabilities may be able to execute arbitrary code.Details on the vulnerabilities can be found at the following URL:
October 2020 Security Updates
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Oct
[Vulnerabilities addressed (Including Security Update Programs rated as "critical")]
* Listing up Microsoft Knowledge Base (KB) that are rated as "critical"
* If the same vulnerability spans multiple KBs, listing up each
CVE-2020-16891
Windows Hyper-V Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16891
- KB4577668, KB4577671, KB4579311, KB4580327, KB4580328, KB4580330
KB4580345, KB4580346, KB4580347, KB4580353, KB4580358, KB4580378
KB4580382, KB4580385, KB4580387
CVE-2020-16898
Windows TCP/IP Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16898
- KB4577668, KB4577671, KB4579311, KB4580328, KB4580330
CVE-2020-16911
GDI+ Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16911
- KB4577668, KB4577671, KB4579311, KB4580327, KB4580328, KB4580330
KB4580346, KB4580347, KB4580353, KB4580358, KB4580382
CVE-2020-16915
Media Foundation Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16915
- KB4577668, KB4577671, KB4579311, KB4580328, KB4580330, KB4580346
CVE-2020-16923
Microsoft Graphics Components Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16923
- KB4577668, KB4577671, KB4579311, KB4580327, KB4580328, KB4580330
KB4580345, KB4580346, KB4580347, KB4580353, KB4580358, KB4580378
KB4580382, KB4580385, KB4580387
CVE-2020-16947
Microsoft Outlook Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16947
- KB4486671
CVE-2020-16951
Microsoft SharePoint Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16951
- KB4486676, KB4486677, KB4486694
CVE-2020-16952
Microsoft SharePoint Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16952
- KB4486676, KB4486677, KB4486694
CVE-2020-16967
Windows Camera Codec Pack Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16967
- KB4577668, KB4577671, KB4579311, KB4580327, KB4580328, KB4580330
KB4580346
CVE-2020-16968
Windows Camera Codec Pack Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16968
- KB4577668, KB4577671, KB4579311, KB4580327, KB4580328, KB4580330
KB4580346
CVE-2020-17003
Base3D Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17003
- KB number is not assigned
As of October 13, 2020 (US time), support for Office 2010 and Office 2016 for Mac has ended. Microsoft will no longer provide technical support, bug fixes, or security fixes for products that are no longer supported. Users of these products are recommended to take actions such as upgrading.
Microsoft Corporation
Office 2010 Support has been ended on October 13 2020 (JAPANESE)
https://www.microsoft.com/ja-jp/atlife/article-office2010-eos.aspx
Microsoft Corporation
Office versions and connectivity to Office 365 services
https://docs.microsoft.com/en-us/deployoffice/endofsupport/office-365-services-connectivity
Microsoft Corporation
End of support for Office 2016 for Mac
https://support.microsoft.com/en-us/office/end-of-support-for-office-2016-for-mac-e944a907-bbc8-4be5-918d-a514068d0056
Microsoft Corporation
Exchange 2010 end of support roadmap
https://docs.microsoft.com/en-us/microsoft-365/enterprise/exchange-2010-end-of-support
II. Solution
Please apply the security update programs through Microsoft Update,Windows Update, etc. as soon as possible.Microsoft Update Catalog
https://www.catalog.update.microsoft.com/
Windows Update: FAQ
https://support.microsoft.com/en-us/help/12373/windows-update-faq
III. References
Microsoft Corporation
October 2020 Security Updates
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Oct
Microsoft Corporation
Microsoft Security Updates for October 2020 (Monthly) (Japanese)
https://msrc-blog.microsoft.com/2020/10/13/202010-security-updates/
If you have any information regarding this alert, please contact JPCERT/CC.
JPCERT Coordination Center (Early Warning Group)
MAIL: ew-info@jpcert.or.jp
https://www.jpcert.or.jp/english/