Microsoft Addresses 87 CVEs in October Patch Tuesday,...

Microsoft Addresses 87 CVEs in October Patch Tuesday, including Windows TCP/IP vulnerability (CVE-2020-16898)

On October 13, Microsoft released its Patch Tuesday Update for October 2020. This month’s release marks the first time in seven months that Microsoft patched less than 100 CVEs, addressing 87 CVEs, including 11 critical-rated vulnerabilities.

For October, Microsoft released patches for a number of products including Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, Microsoft JET Database Engine, Azure Functions, Open Source Software, Microsoft Exchange Server, Visual Studio, PowerShellGet, Microsoft .NET Framework, Microsoft Dynamics, Adobe Flash Player, and Microsoft Windows Codecs Library.

The most notable vulnerability patched this month is CVE-2020-16898, a critical remote code execution vulnerability in the Windows TCP/IP Stack. This vulnerability, which researchers are calling “Bad Neighbor,” received a CVSSv3 score of 9.8 out of 10 and is rated as Exploitation More Likely according to Microsoft’s Exploitability Index.

For more information about the vulnerabilities patched this month, including information on Tenable product coverage, please visit our blog.

Cyber Exposure Alerts

Vulnerability Watch

Forum Discussion

Microsoft Addresses 87 CVEs in October Patch Tuesday,...

Recent Discussions

Frequently Asked Questions About Notepad++ Supply Chain Compromise

Ivanti Endpoint Manager Mobile Zero-Days Exploited (CVE-2026-1281, CVE-2026-1340)

Oracle January 2026 Critical Patch Update Addresses 158 CVEs

CVE-2025-64155: Exploit Code Released for Critical Fortinet FortiSIEM Vulnerability

Microsoft’s January 2026 Patch Tuesday Addresses 113 CVEs (CVE-2026-20805)

Americas

Europe

Asia / Australia