As part of its October Patch Tuesday, Microsoft has rolled out fixes for 87 vulnerabilities affecting Microsoft Windows, Office and Office Services and Web Apps, Azure Functions, Open Source Software, Exchange Server, Visual Studio, .NET Framework, Microsoft Dynamics, and the Windows Codecs Library. Of 87 flaws 11 are listed as critical, including one potentially wormable issue, while 75 bugs are classified as important.
One of the most severe bugs is a remote code-execution issue (CVE-2020-16898) in the TCP/IP stack, which allows attackers to execute arbitrary code with elevated privileges using a specially crafted ICMPv6 router advertisement.
Another notable flaw is an RCE vulnerability (CVE-2020-16947) impacting Microsoft Outlook. An attacker could use this flaw for remote code execution by tricking a user into viewing a specially crafted e-mail. The vulnerability exists due to a boundary error in the Microsoft Outlook software.
Meanwhile, a critical Windows Hyper-V RCE bug (CVE-2020-16891) allows an attacker to run a specially crafted program on an affected guest OS to execute arbitrary code on the host OS.
Other severe bugs include the issues in Windows Camera Codec (CVE-2020-16967 and CVE-2020-16968), RCE vulnerabilities in SharePoint Server (CVE-2020-16951 and CVE-2020-16952), Media Foundation Library (CVE-2020-16915), the Base3D rendering engine (CVE-2020-17003), Graphics components (CVE-2020-16923), and the Windows Graphics Device Interface (CVE-2020-16911).
