Image
Today’s VERT Alert addresses Microsoft’s September 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-903 on Wednesday, September 9th.
In-The-Wild & Disclosed CVEs
There were no in-the-wild or disclosed CVEs included in this month’s security guidance.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.
| Tag | CVE Count | CVEs |
| Windows Hyper-V | 2 | CVE-2020-0890, CVE-2020-0904 |
| Microsoft NTFS | 1 | CVE-2020-0838 |
| Open Source Software | 1 | CVE-2020-16873 |
| Microsoft Windows | 37 | CVE-2020-1532, CVE-2020-16879, CVE-2020-1376, CVE-2020-1471, CVE-2020-1491, CVE-2020-1507, CVE-2020-1508, CVE-2020-1559, CVE-2020-1590, CVE-2020-1593, CVE-2020-1596, CVE-2020-1598, CVE-2020-0648, CVE-2020-0766, CVE-2020-0782, CVE-2020-0790, CVE-2020-0805, CVE-2020-0875, CVE-2020-0886, CVE-2020-0908, CVE-2020-0911, CVE-2020-0912, CVE-2020-0914, CVE-2020-0922, CVE-2020-0951, CVE-2020-0989, CVE-2020-1013, CVE-2020-1038, CVE-2020-1052, CVE-2020-1098, CVE-2020-1119, CVE-2020-1122, CVE-2020-1146, CVE-2020-1159, CVE-2020-1169, CVE-2020-1252, CVE-2020-1303 |
| Visual Studio | 3 | CVE-2020-16856, CVE-2020-16881, CVE-2020-16874 |
| Microsoft Dynamics | 10 | CVE-2020-16857, CVE-2020-16858, CVE-2020-16859, CVE-2020-16860, CVE-2020-16861, CVE-2020-16862, CVE-2020-16864, CVE-2020-16872, CVE-2020-16878, CVE-2020-16871 |
| Internet Explorer | 3 | CVE-2020-1506, CVE-2020-1012, CVE-2020-16884 |
| Microsoft Scripting Engine | 3 | CVE-2020-1057, CVE-2020-1172, CVE-2020-1180 |
| Microsoft Office SharePoint | 16 | CVE-2020-1345, CVE-2020-1460, CVE-2020-1452, CVE-2020-1453, CVE-2020-1575, CVE-2020-1576, CVE-2020-1198, CVE-2020-1200, CVE-2020-1205, CVE-2020-1210, CVE-2020-1227, CVE-2020-1440, CVE-2020-1482, CVE-2020-1514, CVE-2020-1523, CVE-2020-1595 |
| Microsoft Windows Codecs Library | 3 | CVE-2020-0997, CVE-2020-1129, CVE-2020-1319 |
| SQL Server | 1 | CVE-2020-1044 |
| Windows Diagnostic Hub | 2 | CVE-2020-1130, CVE-2020-1133 |
| Microsoft Graphics Component | 12 | CVE-2020-0921, CVE-2020-0998, CVE-2020-1053, CVE-2020-1083, CVE-2020-1091, CVE-2020-1097, CVE-2020-1152, CVE-2020-1245, CVE-2020-1250, CVE-2020-1256, CVE-2020-1285, CVE-2020-1308 |
| Microsoft Browsers | 1 | CVE-2020-0878 |
| Windows Kernel | 7 | CVE-2020-1589, CVE-2020-1592, CVE-2020-0928, CVE-2020-0941, CVE-2020-1033, CVE-2020-1034, CVE-2020-16854 |
| Windows Shell | 1 | CVE-2020-0870 |
| Microsoft Office | 8 | CVE-2020-1193, CVE-2020-1218, CVE-2020-1224, CVE-2020-1332, CVE-2020-1335, CVE-2020-1338, CVE-2020-1594, CVE-2020-16855 |
| Active Directory Federation Services | 1 | CVE-2020-0837 |
| Active Directory | 4 | CVE-2020-0664, CVE-2020-0718, CVE-2020-0761, CVE-2020-0856 |
| Microsoft OneDrive | 3 | CVE-2020-16851, CVE-2020-16852, CVE-2020-16853 |
| Microsoft Exchange Server | 1 | CVE-2020-16875 |
| Windows Print Spooler Components | 1 | CVE-2020-1030 |
| Microsoft Windows DNS | 3 | CVE-2020-0836, CVE-2020-0839, CVE-2020-1228 |
| ASP.NET | 1 | CVE-2020-1045 |
| Windows DHCP Server | 1 | CVE-2020-1031 |
| Microsoft JET Database Engine | 2 | CVE-2020-1039, CVE-2020-1074 |
| Common Log File System Driver | 1 | CVE-2020-1115 |
Other Information
No advisories were released alongside the September Security Guidance. To learn more about Tripwire VERT, click here.
