Microsoft has patched several remote code vulnerabilities in its products.
As part of October Patch Tuesday, 87 vulnerabilities were fixed.
On Tuesday, October 13, Microsoft released planned monthly security updates for its products. In total, the updates fix 87 vulnerabilities in various Microsoft products.
The most dangerous vulnerability patched this month is CVE-2020-16898, a remote code execution vulnerability in the Windows TCP / IP stack. The vulnerability allows an attacker to take control of Windows by sending malicious ICMPv6 Router Advertisement packets over a network connection.
The vulnerability was discovered by Microsoft engineers during internal testing and affects, in particular, Windows 10 and Windows Server 2019. On a severity scale, the problem received a 9.8 out of a maximum of 10. Therefore, it is highly recommended to install the update. Alternatively, you can also disable ICMPv6 RDNSS support. This will be a temporary solution for system administrators and give them additional time to test the update.
Another remote code execution vulnerability patched by Microsoft in October Patch Tuesday is CVE-2020-16947 in Outlook. An attacker can exploit it by forcing a victim to open a specially configured file in Outlook.