Skip to main content
Patch ManagementPatch Tuesday

Microsoft June Patch Tuesday Fixes 129 Vulnerabilities

By June 9, 2020June 22nd, 2022No Comments
||

Microsoft June Patch Tuesday Fixes 129 Vulnerabilities

As the biggest Patch Tuesday to date, Microsoft has issued 129 fixes for vulnerabilities in this month's massive update.

[vc_empty_space]
[vc_single_image image=”38814″ img_size=”full”]

June Patch Tuesday Has Arrived with a Bang

Microsoft have released an astonishing 129 patches today, breaking all known records for the number of fixes released in a single month.

There are 11 Critical patches with the remaining 118 marked Important. Support for Windows 7 and Windows Server 2008 (including R2) was officially ended after January, but there are plenty of updates released this month for customers who have purchased an extension agreement.

Robert Brown, Director of Services for Syxsense said, “This brings the number of patches released this year to over 600, if July carries the same cadence we may reach the total number released for the entire of last year. In addition, there has been 10 Adobe updates released today making this deployment one of the largest we have ever seen. There could be close to 2.3GB of data being delivered to each device – you must prioritize your deployment to reduce the burden on your wide area networks and VPNs.

Patches of Interest

  1. CVE-2020-1281 – Windows OLE Remote Code Execution – This is the second highest vendor severity and CVSS score & impacts every Microsoft Operating System.
  2. CVE-2020-1238 & CVE-2020-1239 – Media Foundation Memory Corruption – This vulnerability impacts Windows 10 from feature update 1709 through 2004, plus Windows Server 2019 & has no countermeasure. We have seen other Media Foundation Memory vulnerabilities already this year and some have become zero day already.
  3. CVE-2020-1292 – OpenSSH is the open source ‘Secure Shell’ (SSH) which was added to Windows 10 and Windows 2019 OS, and is frequently used by Linux Admins and is the beginning of Microsoft cross-platform capability. This vulnerability exposes the “security settings” configuration which could be replaced with malicious code. Although this only impacts Microsoft and NOT Linux, this is still a patch to prioritize this month.
[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Experience the Power of Syxsense

Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1586908107967{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Syxsense Recommendations

Based on the vendor severity and CVSS score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are Publicly Aware and / or Weaponized.

 

CVE Ref. Description Vendor Severity CVSS Score Publicly Aware Weaponized Countermeasure Syxsense Recommended
CVE-2020-1238 Media Foundation Memory Corruption Vulnerability Important 8.8 No No No Yes
CVE-2020-1239 Media Foundation Memory Corruption Vulnerability Important 8.8 No No No Yes
CVE-2020-1292 OpenSSH for Windows Elevation of Privilege Vulnerability Important 8.8 No No No Yes
CVE-2020-1206 Windows SMBv3 Client/Server Information Disclosure Vulnerability Important 8.6 No No Yes Yes
CVE-2020-1255 Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability Important 8.5 No No No Yes
CVE-2020-1248 GDI+ Remote Code Execution Vulnerability Critical 8.4 No No No Yes
CVE-2020-1281 Windows OLE Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2020-1300 Windows Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2020-1286 Windows Shell Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2020-1260 VBScript Remote Code Execution Vulnerability Critical 7.5 No No No Yes
CVE-2020-1299 LNK Remote Code Execution Vulnerability Critical 6.8 No No No Yes
CVE-2020-1073 Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-1219 Microsoft Browser Memory Corruption Vulnerability Critical TBC No No No Yes
CVE-2020-1181 Microsoft SharePoint Server Remote Code Execution Vulnerability Critical TBC No No No Yes
CVE-2020-1213 VBScript Remote Code Execution Vulnerability Critical TBC No No No Yes
CVE-2020-1216 VBScript Remote Code Execution Vulnerability Critical TBC No No No Yes
CVE-2020-1311 Component Object Model Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1211 Connected Devices Platform Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1203 Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1257 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1278 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1293 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1317 Group Policy Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1208 Jet Database Engine Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2020-1236 Jet Database Engine Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2020-1222 Microsoft Store Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1309 Microsoft Store Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1212 OLE Automation Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1271 Windows Backup Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1280 Windows Bluetooth Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1162 Windows Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1324 Windows Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1234 Windows Error Reporting Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1199 Windows Feedback Hub Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-0915 Windows GDI Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-0916 Windows GDI Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1272 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1277 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1302 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1237 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1246 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1262 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1264 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1266 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1269 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1273 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1274 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1275 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1276 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1307 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1316 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1279 Windows Lockscreen Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1254 Windows Modules Installer Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1201 Windows Now Playing Session Manager Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1231 Windows Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1233 Windows Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1235 Windows Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1265 Windows Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1282 Windows Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1304 Windows Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1306 Windows Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1334 Windows Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1305 Windows State Repository Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1287 Windows Wallet Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1294 Windows Wallet Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1270 Windows WLAN Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1230 VBScript Remote Code Execution Vulnerability Important 7.5 No No No
CVE-2020-1301 Windows SMB Remote Code Execution Vulnerability Important 7.5 No No Yes
CVE-2020-1284 Windows SMBv3 Client/Server Denial of Service Vulnerability Important 7.5 No No Yes
CVE-2020-1120 Connected User Experiences and Telemetry Service Denial of Service Vulnerability Important 7.1 No No No
CVE-2020-1202 Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-1247 Win32k Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-1251 Win32k Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-1291 Windows Network Connections Service Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-1209 Windows Network List Service Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-1196 Windows Print Configuration Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-1217 Windows Runtime Information Disclosure Vulnerability Important 7 No No No
CVE-2020-1314 Windows Text Service Framework Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-1232 Media Foundation Information Disclosure Vulnerability Important 6.5 No No No
CVE-2020-1207 Win32k Elevation of Privilege Vulnerability Important 6.4 No No No
CVE-2020-1253 Win32k Elevation of Privilege Vulnerability Important 6.4 No No No
CVE-2020-1258 Win32k Elevation of Privilege Vulnerability Important 6.4 No No No
CVE-2020-1310 Win32k Elevation of Privilege Vulnerability Important 6.4 No No No
CVE-2020-1244 Connected User Experiences and Telemetry Service Denial of Service Vulnerability Important 6.3 No No No
CVE-2020-1197 Windows Error Reporting Manager Elevation of Privilege Vulnerability Important 6.3 No No No
CVE-2020-1204 Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability Important 6.3 No No No
CVE-2020-1160 Microsoft Graphics Component Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-1290 Win32k Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-1283 Windows Denial of Service Vulnerability Important 5.5 No No No
CVE-2020-1261 Windows Error Reporting Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-1263 Windows Error Reporting Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-1348 Windows GDI Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-1194 Windows Registry Denial of Service Vulnerability Important 5.5 No No No
CVE-2020-1268 Windows Service Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-1220 Microsoft Edge (Chromium-based) in IE Mode Spoofing Vulnerability Important 5.4 No No No
CVE-2020-1241 Windows Kernel Security Feature Bypass Vulnerability Important 5.3 No No No
CVE-2020-1296 Windows Diagnostics & feedback Information Disclosure Vulnerability Important 5 No No No
CVE-2020-1315 Internet Explorer Information Disclosure Vulnerability Important 4.3 No No No
CVE-2020-1242 Microsoft Edge Information Disclosure Vulnerability Important 4.3 No No No
CVE-2020-1259 Windows Host Guardian Service Security Feature Bypass Vulnerability Important 4.3 No No No
CVE-2020-1329 Microsoft Bing Search Spoofing Vulnerability Important TBC No No No
CVE-2020-1225 Microsoft Excel Remote Code Execution Vulnerability Important TBC No No No
CVE-2020-1226 Microsoft Excel Remote Code Execution Vulnerability Important TBC No No No
CVE-2020-1321 Microsoft Office Remote Code Execution Vulnerability

Leave a Reply