On September 8, 2020, Microsoft officially released Patch Tuesday, September. The security update patches for 129 vulnerabilities (23 serious vulnerabilities, 105 high-risk vulnerabilities), mainly covering Windows operating system, IE/Edge browser, ChakraCore, SQL Server, Office components and Web Apps, Exchange server, OneDrive, .Net Framework, Azure DevOps, Visual Studio, Windows Defender. In this security update, Microsoft has not yet discovered exploits of vulnerabilities in the real world.
A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.
An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. Exploitation of the vulnerability requires an authenticated user in a certain Exchange role to be compromised.
CVE-2020-1319 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Exploitation of the vulnerability requires that a program process a specially crafted image file.
CVE-2020-0922 | Microsoft COM for Windows Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the way that Microsoft COM for Windows handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system.
CVE-2020-1200, CVE-2020-1210, CVE-2020-1452, CVE-2020-1453, CVE-2020-1576, CVE-2020-1595, CVE-2020-1460 |Microsoft SharePoint Remote Code Execution Vulnerability