Microsoft June Patch Tuesday Fixes 129 Vulnerabilities
June Patch Tuesday Has Arrived with a Bang
Microsoft have released an astonishing 129 patches today, breaking all known records for the number of fixes released in a single month.
There are 11 Critical patches with the remaining 118 marked Important. Support for Windows 7 and Windows Server 2008 (including R2) was officially ended after January, but there are plenty of updates released this month for customers who have purchased an extension agreement.
Robert Brown, Director of Services for Syxsense said, “This brings the number of patches released this year to over 600, if July carries the same cadence we may reach the total number released for the entire of last year. In addition, there has been 10 Adobe updates released today making this deployment one of the largest we have ever seen. There could be close to 2.3GB of data being delivered to each device – you must prioritize your deployment to reduce the burden on your wide area networks and VPNs.
Patches of Interest
- CVE-2020-1281 – Windows OLE Remote Code Execution – This is the second highest vendor severity and CVSS score & impacts every Microsoft Operating System.
- CVE-2020-1238 & CVE-2020-1239 – Media Foundation Memory Corruption – This vulnerability impacts Windows 10 from feature update 1709 through 2004, plus Windows Server 2019 & has no countermeasure. We have seen other Media Foundation Memory vulnerabilities already this year and some have become zero day already.
- CVE-2020-1292 – OpenSSH is the open source ‘Secure Shell’ (SSH) which was added to Windows 10 and Windows 2019 OS, and is frequently used by Linux Admins and is the beginning of Microsoft cross-platform capability. This vulnerability exposes the “security settings” configuration which could be replaced with malicious code. Although this only impacts Microsoft and NOT Linux, this is still a patch to prioritize this month.
Experience the Power of Syxsense
SYXSENSE IS A CLOUD-BASED SOLUTION THAT HELPS ORGANIZATIONS MANAGE AND SECURE THEIR ENDPOINTS WITH EASE. AUTOMATICALLY DEPLOY OS AND THIRD-PARTY PATCHES AS WELL AS WINDOWS 10 FEATURE UPDATES FOR MICROSOFT, MAC, AND LINUX DEVICES.
Syxsense Recommendations
Based on the vendor severity and CVSS score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are Publicly Aware and / or Weaponized.
| CVE Ref. | Description | Vendor Severity | CVSS Score | Publicly Aware | Weaponized | Countermeasure | Syxsense Recommended |
| CVE-2020-1238 | Media Foundation Memory Corruption Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2020-1239 | Media Foundation Memory Corruption Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2020-1292 | OpenSSH for Windows Elevation of Privilege Vulnerability | Important | 8.8 | No | No | No | Yes |
| CVE-2020-1206 | Windows SMBv3 Client/Server Information Disclosure Vulnerability | Important | 8.6 | No | No | Yes | Yes |
| CVE-2020-1255 | Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability | Important | 8.5 | No | No | No | Yes |
| CVE-2020-1248 | GDI+ Remote Code Execution Vulnerability | Critical | 8.4 | No | No | No | Yes |
| CVE-2020-1281 | Windows OLE Remote Code Execution Vulnerability | Critical | 7.8 | No | No | No | Yes |
| CVE-2020-1300 | Windows Remote Code Execution Vulnerability | Critical | 7.8 | No | No | No | Yes |
| CVE-2020-1286 | Windows Shell Remote Code Execution Vulnerability | Critical | 7.8 | No | No | No | Yes |
| CVE-2020-1260 | VBScript Remote Code Execution Vulnerability | Critical | 7.5 | No | No | No | Yes |
| CVE-2020-1299 | LNK Remote Code Execution Vulnerability | Critical | 6.8 | No | No | No | Yes |
| CVE-2020-1073 | Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 | No | No | No | Yes |
| CVE-2020-1219 | Microsoft Browser Memory Corruption Vulnerability | Critical | TBC | No | No | No | Yes |
| CVE-2020-1181 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Critical | TBC | No | No | No | Yes |
| CVE-2020-1213 | VBScript Remote Code Execution Vulnerability | Critical | TBC | No | No | No | Yes |
| CVE-2020-1216 | VBScript Remote Code Execution Vulnerability | Critical | TBC | No | No | No | Yes |
| CVE-2020-1311 | Component Object Model Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1211 | Connected Devices Platform Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1203 | Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1257 | Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1278 | Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1293 | Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1317 | Group Policy Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1208 | Jet Database Engine Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1236 | Jet Database Engine Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1222 | Microsoft Store Runtime Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1309 | Microsoft Store Runtime Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1212 | OLE Automation Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1271 | Windows Backup Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1280 | Windows Bluetooth Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1162 | Windows Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1324 | Windows Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1234 | Windows Error Reporting Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1199 | Windows Feedback Hub Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-0915 | Windows GDI Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-0916 | Windows GDI Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1272 | Windows Installer Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1277 | Windows Installer Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1302 | Windows Installer Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1237 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1246 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1262 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1264 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1266 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1269 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1273 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1274 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1275 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1276 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1307 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1316 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1279 | Windows Lockscreen Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1254 | Windows Modules Installer Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1201 | Windows Now Playing Session Manager Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1231 | Windows Runtime Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1233 | Windows Runtime Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1235 | Windows Runtime Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1265 | Windows Runtime Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1282 | Windows Runtime Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1304 | Windows Runtime Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1306 | Windows Runtime Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1334 | Windows Runtime Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1305 | Windows State Repository Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1287 | Windows Wallet Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1294 | Windows Wallet Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1270 | Windows WLAN Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
| CVE-2020-1230 | VBScript Remote Code Execution Vulnerability | Important | 7.5 | No | No | No | |
| CVE-2020-1301 | Windows SMB Remote Code Execution Vulnerability | Important | 7.5 | No | No | Yes | |
| CVE-2020-1284 | Windows SMBv3 Client/Server Denial of Service Vulnerability | Important | 7.5 | No | No | Yes | |
| CVE-2020-1120 | Connected User Experiences and Telemetry Service Denial of Service Vulnerability | Important | 7.1 | No | No | No | |
| CVE-2020-1202 | Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability | Important | 7 | No | No | No | |
| CVE-2020-1247 | Win32k Elevation of Privilege Vulnerability | Important | 7 | No | No | No | |
| CVE-2020-1251 | Win32k Elevation of Privilege Vulnerability | Important | 7 | No | No | No | |
| CVE-2020-1291 | Windows Network Connections Service Elevation of Privilege Vulnerability | Important | 7 | No | No | No | |
| CVE-2020-1209 | Windows Network List Service Elevation of Privilege Vulnerability | Important | 7 | No | No | No | |
| CVE-2020-1196 | Windows Print Configuration Elevation of Privilege Vulnerability | Important | 7 | No | No | No | |
| CVE-2020-1217 | Windows Runtime Information Disclosure Vulnerability | Important | 7 | No | No | No | |
| CVE-2020-1314 | Windows Text Service Framework Elevation of Privilege Vulnerability | Important | 7 | No | No | No | |
| CVE-2020-1232 | Media Foundation Information Disclosure Vulnerability | Important | 6.5 | No | No | No | |
| CVE-2020-1207 | Win32k Elevation of Privilege Vulnerability | Important | 6.4 | No | No | No | |
| CVE-2020-1253 | Win32k Elevation of Privilege Vulnerability | Important | 6.4 | No | No | No | |
| CVE-2020-1258 | Win32k Elevation of Privilege Vulnerability | Important | 6.4 | No | No | No | |
| CVE-2020-1310 | Win32k Elevation of Privilege Vulnerability | Important | 6.4 | No | No | No | |
| CVE-2020-1244 | Connected User Experiences and Telemetry Service Denial of Service Vulnerability | Important | 6.3 | No | No | No | |
| CVE-2020-1197 | Windows Error Reporting Manager Elevation of Privilege Vulnerability | Important | 6.3 | No | No | No | |
| CVE-2020-1204 | Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability | Important | 6.3 | No | No | No | |
| CVE-2020-1160 | Microsoft Graphics Component Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2020-1290 | Win32k Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2020-1283 | Windows Denial of Service Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2020-1261 | Windows Error Reporting Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2020-1263 | Windows Error Reporting Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2020-1348 | Windows GDI Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2020-1194 | Windows Registry Denial of Service Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2020-1268 | Windows Service Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
| CVE-2020-1220 | Microsoft Edge (Chromium-based) in IE Mode Spoofing Vulnerability | Important | 5.4 | No | No | No | |
| CVE-2020-1241 | Windows Kernel Security Feature Bypass Vulnerability | Important | 5.3 | No | No | No | |
| CVE-2020-1296 | Windows Diagnostics & feedback Information Disclosure Vulnerability | Important | 5 | No | No | No | |
| CVE-2020-1315 | Internet Explorer Information Disclosure Vulnerability | Important | 4.3 | No | No | No | |
| CVE-2020-1242 | Microsoft Edge Information Disclosure Vulnerability | Important | 4.3 | No | No | No | |
| CVE-2020-1259 | Windows Host Guardian Service Security Feature Bypass Vulnerability | Important | 4.3 | No | No | No | |
| CVE-2020-1329 | Microsoft Bing Search Spoofing Vulnerability | Important | TBC | No | No | No | |
| CVE-2020-1225 | Microsoft Excel Remote Code Execution Vulnerability | Important | TBC | No | No | No | |
| CVE-2020-1226 | Microsoft Excel Remote Code Execution Vulnerability | Important | TBC | No | No | No | |
| CVE-2020-1321 | Microsoft Office Remote Code Execution Vulnerability |
