Microsoft October 2020 Security Updates

Release Notes

October 2020 Security Updates
Release Date: October 13, 2020


The October security release consists of security updates for the following software:

Microsoft Windows
Microsoft Office and Microsoft Office Services and Web Apps
Microsoft JET Database Engine
Azure Functions
Azure Sphere
Open Source Software
Microsoft Exchange Server
Visual Studio
PowerShellGet
Microsoft .NET Framework
Microsoft Dynamics
Adobe Flash Player
Microsoft Windows Codecs Library
Please note the following information regarding the security updates:

Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
For information regarding enabling Windows 10, version 1909 features, please see Windows 10, version 1909 delivery options. Note that Windows 10, versions 1903 and 1909 share a common core operating system with an identical set of system files. They will also share the same security update KBs.
Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.
The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates. Please note that this is not a complete list of CVEs for this release.

ADV200012 *
CVE-2020-16889
CVE-2020-16896 *
CVE-2020-16897
CVE-2020-16901
CVE-2020-16904
CVE-2020-16914
CVE-2020-16918
CVE-2020-16919
CVE-2020-16921
CVE-2020-16928
CVE-2020-16929
CVE-2020-16930
CVE-2020-16931
CVE-2020-16932
CVE-2020-16933 *
CVE-2020-16934
CVE-2020-16937
CVE-2020-16938
CVE-2020-16941
CVE-2020-16942
CVE-2020-16947 *
CVE-2020-16949 *
CVE-2020-16954
CVE-2020-16955
CVE-2020-16957
CVE-2020-16969
CVE-2020-16970
CVE-2020-16981
CVE-2020-16982
CVE-2020-16983
CVE-2020-16984
CVE-2020-16985
CVE-2020-16986
CVE-2020-16987
CVE-2020-16988
CVE-2020-16989
CVE-2020-16990
CVE-2020-16991
CVE-2020-16992
CVE-2020-16993
CVE-2020-16994
CVE-2020-16995
Known Issues

The following KBs contain information about known issues with the security updates. For a complete list of security update KBs, please see 20201013. For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To
4577668 Windows 10 Version 1809, Windows Server 2019
4577671 Windows 10, version 1903, Windows Server version 1903, Windows 10, version 1909, Windows Server version 1909
4579311 Windows 10, version 2004
4580345 Windows 7, Windows Server 2008 R2 (Monthly Rollup)
4580346 Windows 10, version 1607, Windows Server 2016
4580347 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
4580353 Windows Server 2012 (Security-only update)
4580358 Windows 8.1, Windows Server 2012 R2 (Security-only update)
4580378 Windows Server 2008 Service Pack 2 (Monthly Rollup)
4580382 Windows Server 2012 (Monthly Rollup)
4580385 Windows Server 2008 Service Pack 2 (Security-only update)
4580387 Windows 7, Windows Server 2008 R2 (Security-only update)
4581424 Exchange Server 2019, Exchange Server 2016, Exchange Server 2013

https://portal.msrc.microsoft.com/en-us/security-gui...