Ivanti will inform you about September Patch Tuesday with important Microsoft updates and give update recommendations for Windows operating systems and browsers, Exchange Server and SharePoint Server.
Microsoft fixed 129 Common Vulnerabilities and Exposures (CVEs) on Patch Tuesday in September. Even if there are no exploited or publicly disclosed vulnerabilities this month, 23 CVEs are classified as critical. Most critical CVEs affect the Windows operating system and browsers. There are also seven critical CVEs on SharePoint this month.
Critical vulnerabilities in Microsoft SharePoint and Google Chrome
Even if there are no public announcements or exploited CVEs this month, some points are definitely relevant for IT security from the point of view of the experts at Ivanti. Microsoft SharePoint has a number of critical vulnerabilities, including CVE-2020-1210 with a CVSS score of 9,9. Microsoft Exchange has a CVE with a CVSS score of 9,1 (CVE-2020-16875). This vulnerability allows remote code execution if an attacker sends specially crafted email to the affected Exchange server. CVE-2020-0761 is another remote code execution vulnerability that affects Active Directory when integrated with DNS (ADIDNS). This vulnerability has a CVSS score of 8,8.
Google Chrome has released a security update that fixes five vulnerabilities. The severity is rated as "high" for all five. This is the second highest rating for Google vulnerabilities.
The end of Adobe Flash is casting its shadow
Adobe Flash is releasing a non-security update that is therefore not urgently required. Rather, with Adobe Flash Player support coming to an end, Ivanti recommends adding Adobe Flash to its IT environment. A frequently asked question is when and how can Flash be completely removed from environments. Microsoft published an EoS statement last September that Microsoft Edge will disable Chromium Flash by default. For Edge and Internet Explorer, however, Flash will not be disabled by default before December 2020. Windows Update will completely remove Flash Player from all Microsoft browsers by December 31, 2020. Expect some sort of removal tool and a new version of Microsoft's browser that will automatically remove Flash over the next few months.
Ivanti recommends these update priorities in September:
- Windows operating systems and browsers (Microsoft and Google)
- Exchange Server
- SharePoint Server
More on this at Ivanti.de
About Ivanti The strength of unified IT. Ivanti connects IT with security operations in the company in order to better control and secure the digital workplace. We identify IT assets on PCs, mobile devices, virtualized infrastructures or in the data center - regardless of whether they are hidden on-premise or in the cloud. Ivanti improves the provision of IT services and reduces risks in the company on the basis of specialist knowledge and automated processes. By using modern technologies in the warehouse and across the entire supply chain, Ivanti helps companies improve their ability to deliver - without changing the backend systems.