September Patch Tuesday 2020
Microsoft has resolved 129 Common Vulnerabilities and Exposers (CVEs) as part of this month's Patch Tuesday update. While there are no exploited or publicly disclosed vulnerabilities this month, there are twenty critical CVEs. Most of the critical CVEs affect the Windows OS and the browsers. There are seven critical CVEs on Sharepoint this month as well.
Google Chrome released a security update resolving five security vulnerabilities. These are all rated as high severity, which is the second highest severity rating for Google vulnerabilities.
Adobe Flash had a non-security update today, so no urgency on this month’s update. As we approach the impending end of support for Adobe Flash Player, you will want to consider how you will remove Adobe Flash across your environment. A common question that has been coming up is when and how will Flash be able to be removed completely from environments. Microsoft published an EoS statement last September stating that Microsoft Edge Chromium would disable Flash by default. For Edge and Internet Explorer, it would not be disabled by default prior to the removal in December of 2020. By December 31, 2020 Flash Player will be completely removed from all Microsoft browsers via Windows update. Expect some sort of removal tools to become available over the next few months and likely a version of the Microsoft browsers that remove Flash.