Patch Tuesday October 2020: Update Highlights and Known Issues

windows 10 patch tuesday

Patch Tuesday October 2020 Edition

Microsoft rolled out the October 2020 Patch Tuesday updates on October 13, 2020. As always, with this batch of updates, the Redmond giant focuses on improving the overall functionality of the OS and fixing existing bugs.

This month’s updates are all about improving the security of most Windows components and apps. If you want to install the latest updates, you can check out this guide where you’ll also find the direct download links.

We already covered the key changes in these posts. Do check them out to learn what’s new:

Microsoft rolls out different Patch Tuesday updates for all the Windows 10 versions currently supported. For more information on the latest updates, check out our Windows 10 Patch Tuesday update history page.


What are the main changes?

Microsoft Products and services updates

Across all major versions of Windows 10 that have received cumulative updates, ranging from Windows 10 v1507 to Windows 10 v2004.

Here are the main highlights brought by the October Patch Tuesday updates according to Microsoft:

  • Adds a notification to Internet Explorer 11 that informs users about the end of support for Adobe Flash in December 2020.
  • Updates to improve security when Windows performs basic operations.
  • Updates to improve security when using Microsoft Office products.
  • Updates for verifying usernames and passwords.
  • Updates 2021 time zone information for Fiji.
  • Updates for storing and managing files.

Patch Tuesday list of CVEs

For the first time in the year 2020, the number of total CVEs discovered has finally dropped under 100.

In fact, this month only 88 CVEs were found in total.

  • Adobe Products

Just one vulnerability was found this month, and that was affecting Flash.

  • Microsoft product vulnerabilities

The rest of this month’s vulnerabilities were found affecting Microsoft products, 11 of which were rated Critical, and 75 were rated as Important.

If you want to learn more about this month’s list of common vulnerabilities and exposures, you can check out the table below:

Title

CVE

Severity

.NET Framework Information Disclosure Vulnerability CVE-2020-16937 Important
Windows Error Reporting Elevation of Privilege Vulnerability CVE-2020-16909 Important
Windows Kernel Information Disclosure Vulnerability CVE-2020-16901 Important
Windows Kernel Information Disclosure Vulnerability CVE-2020-16938 Important
Windows Setup Elevation of Privilege Vulnerability CVE-2020-16908 Important
Windows Storage VSP Driver Elevation of Privilege Vulnerability CVE-2020-16885 Important
Base3D Remote Code Execution Vulnerability CVE-2020-17003 Critical
GDI+ Remote Code Execution Vulnerability CVE-2020-16911 Critical
Media Foundation Memory Corruption Vulnerability CVE-2020-16915 Critical
Microsoft Graphics Components Remote Code Execution Vulnerability CVE-2020-16923 Critical
Microsoft Outlook Remote Code Execution Vulnerability CVE-2020-16947 Critical
Microsoft SharePoint Remote Code Execution Vulnerability CVE-2020-16951 Critical
Microsoft SharePoint Remote Code Execution Vulnerability CVE-2020-16952 Critical
Windows Camera Codec Pack Remote Code Execution Vulnerability CVE-2020-16967 Critical
Windows Camera Codec Pack Remote Code Execution Vulnerability CVE-2020-16968 Critical
Windows Hyper-V Remote Code Execution Vulnerability CVE-2020-16891 Critical
Windows TCP/IP Remote Code Execution Vulnerability CVE-2020-16898 Critical
Azure Functions Elevation of Privilege Vulnerability CVE-2020-16904 Important
Base3D Remote Code Execution Vulnerability CVE-2020-16918 Important
Dynamics 365 Commerce Elevation of Privilege Vulnerability CVE-2020-16943 Important
Group Policy Elevation of Privilege Vulnerability CVE-2020-16939 Important
Jet Database Engine Remote Code Execution Vulnerability CVE-2020-16924 Important
Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability CVE-2020-16956 Important
Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability CVE-2020-16978 Important
Microsoft Excel Remote Code Execution Vulnerability CVE-2020-16929 Important
Microsoft Excel Remote Code Execution Vulnerability CVE-2020-16930 Important
Microsoft Excel Remote Code Execution Vulnerability CVE-2020-16931 Important
Microsoft Excel Remote Code Execution Vulnerability CVE-2020-16932 Important
Microsoft Exchange Information Disclosure Vulnerability CVE-2020-16969 Important
Microsoft Graphics Components Remote Code Execution Vulnerability CVE-2020-1167 Important
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability CVE-2020-16957 Important
Microsoft Office Click-to-Run Elevation of Privilege Vulnerability CVE-2020-16928 Important
Microsoft Office Click-to-Run Elevation of Privilege Vulnerability CVE-2020-16934 Important
Microsoft Office Click-to-Run Elevation of Privilege Vulnerability CVE-2020-16955 Important
Microsoft Office Remote Code Execution Vulnerability CVE-2020-16954 Important
Microsoft Office SharePoint XSS Vulnerability CVE-2020-16945 Important
Microsoft Office SharePoint XSS Vulnerability CVE-2020-16946 Important
Microsoft SharePoint Information Disclosure Vulnerability CVE-2020-16941 Important
Microsoft SharePoint Information Disclosure Vulnerability CVE-2020-16942 Important
Microsoft SharePoint Information Disclosure Vulnerability CVE-2020-16948 Important
Microsoft SharePoint Information Disclosure Vulnerability CVE-2020-16950 Important
Microsoft SharePoint Information Disclosure Vulnerability CVE-2020-16953 Important
Microsoft SharePoint Reflective XSS Vulnerability CVE-2020-16944 Important
Microsoft Word Security Feature Bypass Vulnerability CVE-2020-16933 Important
NetBT Information Disclosure Vulnerability CVE-2020-16897 Important
Network Watcher Agent virtual machine extension for Linux Elevation of Privilege Vulnerability CVE-2020-16995 Important
PowerShellGet Module WDAC Security Feature Bypass Vulnerability CVE-2020-16886 Important
Visual Studio Code Python Extension Remote Code Execution Vulnerability CVE-2020-16977 Important
Win32k Elevation of Privilege Vulnerability CVE-2020-16907 Important
Win32k Elevation of Privilege Vulnerability CVE-2020-16913 Important
Windows – User Profile Service Elevation of Privilege Vulnerability CVE-2020-16940 Important
Windows Application Compatibility Client Library Elevation of Privilege Vulnerability CVE-2020-16876 Important
Windows Application Compatibility Client Library Elevation of Privilege Vulnerability CVE-2020-16920 Important
Windows Backup Service Elevation of Privilege Vulnerability CVE-2020-16912 Important
Windows Backup Service Elevation of Privilege Vulnerability CVE-2020-16936 Important
Windows Backup Service Elevation of Privilege Vulnerability CVE-2020-16972 Important
Windows Backup Service Elevation of Privilege Vulnerability CVE-2020-16973 Important
Windows Backup Service Elevation of Privilege Vulnerability CVE-2020-16974 Important
Windows Backup Service Elevation of Privilege Vulnerability CVE-2020-16975 Important
Windows Backup Service Elevation of Privilege Vulnerability CVE-2020-16976 Important
Windows COM Server Elevation of Privilege Vulnerability CVE-2020-16916 Important
Windows COM Server Elevation of Privilege Vulnerability CVE-2020-16935 Important
Windows Elevation of Privilege Vulnerability CVE-2020-16877 Important
Windows Enterprise App Management Service Information Disclosure Vulnerability CVE-2020-16919 Important
Windows Error Reporting Elevation of Privilege Vulnerability CVE-2020-16905 Important
Windows Error Reporting Manager Elevation of Privilege Vulnerability CVE-2020-16895 Important
Windows Event System Elevation of Privilege Vulnerability CVE-2020-16900 Important
Windows GDI+ Information Disclosure Vulnerability CVE-2020-16914 Important
Windows Hyper-V Denial of Service Vulnerability CVE-2020-1243 Important
Windows Hyper-V Elevation of Privilege Vulnerability CVE-2020-1047 Important
Windows Hyper-V Elevation of Privilege Vulnerability CVE-2020-1080 Important
Windows Image Elevation of Privilege Vulnerability CVE-2020-16892 Important
Windows Installer Elevation of Privilege Vulnerability CVE-2020-16902 Important
Windows iSCSI Target Service Elevation of Privilege Vulnerability CVE-2020-16980 Important
Windows Kernel Elevation of Privilege Vulnerability CVE-2020-16890 Important
Windows KernelStream Information Disclosure Vulnerability CVE-2020-16889 Important
Windows NAT Remote Code Execution Vulnerability CVE-2020-16894 Important
Windows Network Connections Service Elevation of Privilege Vulnerability CVE-2020-16887 Important
Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability CVE-2020-16927 Important
Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability CVE-2020-16896 Important
Windows Remote Desktop Service Denial of Service Vulnerability CVE-2020-16863 Important
Windows Security Feature Bypass Vulnerability CVE-2020-16910 Important
Windows Spoofing Vulnerability CVE-2020-16922 Important
Windows Storage Services Elevation of Privilege Vulnerability CVE-2020-0764 Important
Windows TCP/IP Denial of Service Vulnerability CVE-2020-16899 Important
Windows Text Services Framework Information Disclosure Vulnerability CVE-2020-16921 Important
Microsoft Outlook Denial of Service Vulnerability CVE-2020-16949 Moderate

Note: Regardless of the service affected, or the severity level of the CVE, Microsoft advises that all users install the latest patches as soon as they become available in their region.


What are the best practices for Patch Tuesday?

There are a few things that you can do in order to make sure that your computer installs the latest Patch Tuesday updates without any issues. We all know that Windows updates often trigger errors.

In extreme cases, they may even render your PC completely unusable. Follow these tips to make sure the update install process goes as smoothly as possible.


How to download the latest PT updates

While the Patch Tuesday updates are indeed of greater significance compared to other patches that Microsoft regularly releases, installing them is done in pretty much the same way.

This means that you can perform the actions by following these steps:

  1. Make sure that no other apps are running in the background.
  2. Go to one of these sources to get the updates:
    • The Windows Update menu
    • The Windows Update Catalog (This allows for individual updates to be downloaded one by one manually)
    • The Windows Server Update Service (WSUS)
    • A Group Policy created by a network administrator
  3. After downloading the updates, make sure nothing interrupts the update process until it is finished.
  4. Reboot your PC once the updates are complete to finalize the installation.

Exploit Wednesday & Uninstall Thursday

Right after Patch Tuesday, hackers try to exploit the vulnerabilities left unpatched by Microsoft. This leads to an increase in the number of cyber-attacks.

On the other hand, many users often decide to uninstall the Patch Tuesday updates a few hours after install due to the large number of issues they triggered — hence the name Uninstall Thursday.

Check out this guide to learn more about how to stay safe after Patch Tuesday and make sure the updates don’t brick your computer.


Patch Tuesday: All your Questions Answered

  • When is Patch Tuesday released? 

Microsoft rolls out new Patch Tuesday updates on the second Tuesday of each month. The next Patch Tuesday Update is expected to arrive on October 13, 2020.

  • How does Patch Tuesday work?

We already answered this question in this quick guide. Do check it out to learn more on the mechanisms behind Patch Tuesday.

  • What is the bandwidth impact of Patch Tuesday?

When actively downloading updates, you may experience slow connection issues on your Windows 10 computer. This happens especially when updating multiple PCs at the same time.

The solution is to distribute the updates locally via WSUS. This means downloading the updates from Microsoft Servers.

Then, your Windows 10 computers can share the updates in a peer-to-peer manner over the local network resulting in a faster update process.


Patch Tuesday Troubleshooting

Oftentimes, Patch Tuesday updates trigger various errors on Windows computers. These may range from minor glitches to technical issues that may render your computer unusable.

We covered extensively Patch Tuesday issues we compiled hundreds of troubleshooting guides to help you solve these problems quickly.