Patch Tuesday October 2020: Update Highlights and Known Issues
Patch Tuesday October 2020 Edition
Microsoft rolled out the October 2020 Patch Tuesday updates on October 13, 2020. As always, with this batch of updates, the Redmond giant focuses on improving the overall functionality of the OS and fixing existing bugs.
This month’s updates are all about improving the security of most Windows components and apps. If you want to install the latest updates, you can check out this guide where you’ll also find the direct download links.
We already covered the key changes in these posts. Do check them out to learn what’s new:
- Get the Windows 10 October Patch Tuesday updates today
- Windows 10 October Patch Tuesday [DIRECT DOWNLOAD LINKS]
- Users may face drivers issues after Patch Tuesday updates
- CVEs found in October finally dropped to just 88
- KB4577671 causes update errors with Windows 10 1903/1909
Microsoft rolls out different Patch Tuesday updates for all the Windows 10 versions currently supported. For more information on the latest updates, check out our Windows 10 Patch Tuesday update history page.
What are the main changes?
Microsoft Products and services updates
Across all major versions of Windows 10 that have received cumulative updates, ranging from Windows 10 v1507 to Windows 10 v2004.
Here are the main highlights brought by the October Patch Tuesday updates according to Microsoft:
- Adds a notification to Internet Explorer 11 that informs users about the end of support for Adobe Flash in December 2020.
- For more information, see KB4581051.
- Updates to improve security when Windows performs basic operations.
- Updates to improve security when using Microsoft Office products.
- Updates for verifying usernames and passwords.
- Updates 2021 time zone information for Fiji.
- Updates for storing and managing files.
Patch Tuesday list of CVEs
For the first time in the year 2020, the number of total CVEs discovered has finally dropped under 100.
In fact, this month only 88 CVEs were found in total.
- Adobe Products
Just one vulnerability was found this month, and that was affecting Flash.
- Microsoft product vulnerabilities
The rest of this month’s vulnerabilities were found affecting Microsoft products, 11 of which were rated Critical, and 75 were rated as Important.
If you want to learn more about this month’s list of common vulnerabilities and exposures, you can check out the table below:
Title |
CVE |
Severity |
| .NET Framework Information Disclosure Vulnerability | CVE-2020-16937 | Important |
| Windows Error Reporting Elevation of Privilege Vulnerability | CVE-2020-16909 | Important |
| Windows Kernel Information Disclosure Vulnerability | CVE-2020-16901 | Important |
| Windows Kernel Information Disclosure Vulnerability | CVE-2020-16938 | Important |
| Windows Setup Elevation of Privilege Vulnerability | CVE-2020-16908 | Important |
| Windows Storage VSP Driver Elevation of Privilege Vulnerability | CVE-2020-16885 | Important |
| Base3D Remote Code Execution Vulnerability | CVE-2020-17003 | Critical |
| GDI+ Remote Code Execution Vulnerability | CVE-2020-16911 | Critical |
| Media Foundation Memory Corruption Vulnerability | CVE-2020-16915 | Critical |
| Microsoft Graphics Components Remote Code Execution Vulnerability | CVE-2020-16923 | Critical |
| Microsoft Outlook Remote Code Execution Vulnerability | CVE-2020-16947 | Critical |
| Microsoft SharePoint Remote Code Execution Vulnerability | CVE-2020-16951 | Critical |
| Microsoft SharePoint Remote Code Execution Vulnerability | CVE-2020-16952 | Critical |
| Windows Camera Codec Pack Remote Code Execution Vulnerability | CVE-2020-16967 | Critical |
| Windows Camera Codec Pack Remote Code Execution Vulnerability | CVE-2020-16968 | Critical |
| Windows Hyper-V Remote Code Execution Vulnerability | CVE-2020-16891 | Critical |
| Windows TCP/IP Remote Code Execution Vulnerability | CVE-2020-16898 | Critical |
| Azure Functions Elevation of Privilege Vulnerability | CVE-2020-16904 | Important |
| Base3D Remote Code Execution Vulnerability | CVE-2020-16918 | Important |
| Dynamics 365 Commerce Elevation of Privilege Vulnerability | CVE-2020-16943 | Important |
| Group Policy Elevation of Privilege Vulnerability | CVE-2020-16939 | Important |
| Jet Database Engine Remote Code Execution Vulnerability | CVE-2020-16924 | Important |
| Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability | CVE-2020-16956 | Important |
| Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability | CVE-2020-16978 | Important |
| Microsoft Excel Remote Code Execution Vulnerability | CVE-2020-16929 | Important |
| Microsoft Excel Remote Code Execution Vulnerability | CVE-2020-16930 | Important |
| Microsoft Excel Remote Code Execution Vulnerability | CVE-2020-16931 | Important |
| Microsoft Excel Remote Code Execution Vulnerability | CVE-2020-16932 | Important |
| Microsoft Exchange Information Disclosure Vulnerability | CVE-2020-16969 | Important |
| Microsoft Graphics Components Remote Code Execution Vulnerability | CVE-2020-1167 | Important |
| Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | CVE-2020-16957 | Important |
| Microsoft Office Click-to-Run Elevation of Privilege Vulnerability | CVE-2020-16928 | Important |
| Microsoft Office Click-to-Run Elevation of Privilege Vulnerability | CVE-2020-16934 | Important |
| Microsoft Office Click-to-Run Elevation of Privilege Vulnerability | CVE-2020-16955 | Important |
| Microsoft Office Remote Code Execution Vulnerability | CVE-2020-16954 | Important |
| Microsoft Office SharePoint XSS Vulnerability | CVE-2020-16945 | Important |
| Microsoft Office SharePoint XSS Vulnerability | CVE-2020-16946 | Important |
| Microsoft SharePoint Information Disclosure Vulnerability | CVE-2020-16941 | Important |
| Microsoft SharePoint Information Disclosure Vulnerability | CVE-2020-16942 | Important |
| Microsoft SharePoint Information Disclosure Vulnerability | CVE-2020-16948 | Important |
| Microsoft SharePoint Information Disclosure Vulnerability | CVE-2020-16950 | Important |
| Microsoft SharePoint Information Disclosure Vulnerability | CVE-2020-16953 | Important |
| Microsoft SharePoint Reflective XSS Vulnerability | CVE-2020-16944 | Important |
| Microsoft Word Security Feature Bypass Vulnerability | CVE-2020-16933 | Important |
| NetBT Information Disclosure Vulnerability | CVE-2020-16897 | Important |
| Network Watcher Agent virtual machine extension for Linux Elevation of Privilege Vulnerability | CVE-2020-16995 | Important |
| PowerShellGet Module WDAC Security Feature Bypass Vulnerability | CVE-2020-16886 | Important |
| Visual Studio Code Python Extension Remote Code Execution Vulnerability | CVE-2020-16977 | Important |
| Win32k Elevation of Privilege Vulnerability | CVE-2020-16907 | Important |
| Win32k Elevation of Privilege Vulnerability | CVE-2020-16913 | Important |
| Windows – User Profile Service Elevation of Privilege Vulnerability | CVE-2020-16940 | Important |
| Windows Application Compatibility Client Library Elevation of Privilege Vulnerability | CVE-2020-16876 | Important |
| Windows Application Compatibility Client Library Elevation of Privilege Vulnerability | CVE-2020-16920 | Important |
| Windows Backup Service Elevation of Privilege Vulnerability | CVE-2020-16912 | Important |
| Windows Backup Service Elevation of Privilege Vulnerability | CVE-2020-16936 | Important |
| Windows Backup Service Elevation of Privilege Vulnerability | CVE-2020-16972 | Important |
| Windows Backup Service Elevation of Privilege Vulnerability | CVE-2020-16973 | Important |
| Windows Backup Service Elevation of Privilege Vulnerability | CVE-2020-16974 | Important |
| Windows Backup Service Elevation of Privilege Vulnerability | CVE-2020-16975 | Important |
| Windows Backup Service Elevation of Privilege Vulnerability | CVE-2020-16976 | Important |
| Windows COM Server Elevation of Privilege Vulnerability | CVE-2020-16916 | Important |
| Windows COM Server Elevation of Privilege Vulnerability | CVE-2020-16935 | Important |
| Windows Elevation of Privilege Vulnerability | CVE-2020-16877 | Important |
| Windows Enterprise App Management Service Information Disclosure Vulnerability | CVE-2020-16919 | Important |
| Windows Error Reporting Elevation of Privilege Vulnerability | CVE-2020-16905 | Important |
| Windows Error Reporting Manager Elevation of Privilege Vulnerability | CVE-2020-16895 | Important |
| Windows Event System Elevation of Privilege Vulnerability | CVE-2020-16900 | Important |
| Windows GDI+ Information Disclosure Vulnerability | CVE-2020-16914 | Important |
| Windows Hyper-V Denial of Service Vulnerability | CVE-2020-1243 | Important |
| Windows Hyper-V Elevation of Privilege Vulnerability | CVE-2020-1047 | Important |
| Windows Hyper-V Elevation of Privilege Vulnerability | CVE-2020-1080 | Important |
| Windows Image Elevation of Privilege Vulnerability | CVE-2020-16892 | Important |
| Windows Installer Elevation of Privilege Vulnerability | CVE-2020-16902 | Important |
| Windows iSCSI Target Service Elevation of Privilege Vulnerability | CVE-2020-16980 | Important |
| Windows Kernel Elevation of Privilege Vulnerability | CVE-2020-16890 | Important |
| Windows KernelStream Information Disclosure Vulnerability | CVE-2020-16889 | Important |
| Windows NAT Remote Code Execution Vulnerability | CVE-2020-16894 | Important |
| Windows Network Connections Service Elevation of Privilege Vulnerability | CVE-2020-16887 | Important |
| Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability | CVE-2020-16927 | Important |
| Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | CVE-2020-16896 | Important |
| Windows Remote Desktop Service Denial of Service Vulnerability | CVE-2020-16863 | Important |
| Windows Security Feature Bypass Vulnerability | CVE-2020-16910 | Important |
| Windows Spoofing Vulnerability | CVE-2020-16922 | Important |
| Windows Storage Services Elevation of Privilege Vulnerability | CVE-2020-0764 | Important |
| Windows TCP/IP Denial of Service Vulnerability | CVE-2020-16899 | Important |
| Windows Text Services Framework Information Disclosure Vulnerability | CVE-2020-16921 | Important |
| Microsoft Outlook Denial of Service Vulnerability | CVE-2020-16949 | Moderate |
Note: Regardless of the service affected, or the severity level of the CVE, Microsoft advises that all users install the latest patches as soon as they become available in their region.
What are the best practices for Patch Tuesday?
There are a few things that you can do in order to make sure that your computer installs the latest Patch Tuesday updates without any issues. We all know that Windows updates often trigger errors.
In extreme cases, they may even render your PC completely unusable. Follow these tips to make sure the update install process goes as smoothly as possible.
How to download the latest PT updates
While the Patch Tuesday updates are indeed of greater significance compared to other patches that Microsoft regularly releases, installing them is done in pretty much the same way.
This means that you can perform the actions by following these steps:
- Make sure that no other apps are running in the background.
- Go to one of these sources to get the updates:
- The Windows Update menu
- The Windows Update Catalog (This allows for individual updates to be downloaded one by one manually)
- The Windows Server Update Service (WSUS)
- A Group Policy created by a network administrator
- After downloading the updates, make sure nothing interrupts the update process until it is finished.
- Reboot your PC once the updates are complete to finalize the installation.
Exploit Wednesday & Uninstall Thursday
Right after Patch Tuesday, hackers try to exploit the vulnerabilities left unpatched by Microsoft. This leads to an increase in the number of cyber-attacks.
On the other hand, many users often decide to uninstall the Patch Tuesday updates a few hours after install due to the large number of issues they triggered — hence the name Uninstall Thursday.
Check out this guide to learn more about how to stay safe after Patch Tuesday and make sure the updates don’t brick your computer.
Patch Tuesday: All your Questions Answered
- When is Patch Tuesday released?
Microsoft rolls out new Patch Tuesday updates on the second Tuesday of each month. The next Patch Tuesday Update is expected to arrive on October 13, 2020.
- How does Patch Tuesday work?
We already answered this question in this quick guide. Do check it out to learn more on the mechanisms behind Patch Tuesday.
- What is the bandwidth impact of Patch Tuesday?
When actively downloading updates, you may experience slow connection issues on your Windows 10 computer. This happens especially when updating multiple PCs at the same time.
The solution is to distribute the updates locally via WSUS. This means downloading the updates from Microsoft Servers.
Then, your Windows 10 computers can share the updates in a peer-to-peer manner over the local network resulting in a faster update process.
Patch Tuesday Troubleshooting
Oftentimes, Patch Tuesday updates trigger various errors on Windows computers. These may range from minor glitches to technical issues that may render your computer unusable.
We covered extensively Patch Tuesday issues we compiled hundreds of troubleshooting guides to help you solve these problems quickly.