Cybersecurity Briefing: September 9, 2020 - Major Vulnerabilities and Threats

Lead Story: Microsoft Vulnerabilities Update

On September 8, 2020, Microsoft announced a staggering total of 129 vulnerabilities in its September Patch Tuesday release, the largest of the year. Among these, 23 were classified as critical, with the potential for remote code execution. Notably, CVE-2020-16875 was highlighted, allowing arbitrary code execution through malicious emails directed at Microsoft Exchange servers, carrying a CVSS score of 8.2. Fortunately, at the time of the release, there were no known exploits of these vulnerabilities. The urgency of patching these flaws cannot be overstated as they pose significant risks to organizations globally. Source

Secondary Item 1: Emerging Threats from Remote Work

The COVID-19 pandemic has accelerated the shift to remote work, leading to increased exposure to cyber threats. Reports indicate that up to 20% of cybersecurity incidents during this period can be traced back to vulnerabilities associated with remote work setups. Organizations must remain vigilant as they adapt to these new work environments. Source

Secondary Item 2: Healthcare Sector Vulnerabilities

September also highlighted vulnerabilities within the healthcare sector, with critical flaws found in widely used information systems. The importance of patching these vulnerabilities became urgent, given the potential risks posed to patient data and safety during a time of heightened healthcare demand. Source

Analyst Perspective

The events of September 9, 2020, underscore the ongoing challenges facing cybersecurity as organizations navigate the complexities of remote work and critical vulnerabilities. With Microsoft’s extensive patch release, the cybersecurity community must prioritize immediate updates while also addressing the vulnerabilities that have emerged in response to the pandemic. This period serves as a stark reminder of the need for proactive security measures and the importance of a robust incident response plan. As we adapt to a constantly evolving threat landscape, the stakes for cybersecurity professionals have never been higher.