CrowdStrike Update Causes BSOD Issues Globally – Audit Available 🛡️ Learn more

TRY NOW
News

Microsoft Patch Tuesday Audit – June 2020

8 min. read
10/06/2020
By Nils Macharis
Microsoft-Patch-Tuesday-June-2021

Patch Tuesday June 2020 is here with 129 Fixes

The June 2020 Patch Tuesday security updates have arrived! Microsoft released a grand total of 129 security updates, which is the largest Patch Tuesday update ever released by Microsoft.

⚡ TL;DR | Go Straight to the June 2020 Patch Tuesday Audit Report.

Microsoft released this edition with patches for 129 vulnerabilities in Windows and other software (see our complete CVE list below). For now, non of these vulnerabilities are actively exploited in the wild but nevertheless, we recommend patching all your Windows systems.

There are 11 vulnerabilities rated as ‘critical’. This means that they can easily be exploited by attackers via malicious software to take control of vulnerable systems without actions that are being made by the user. Most of them are remote code execution vulnerabilities.

SMBleed Vulnerability within Windows SMB Protocol

Cybersecurity researchers uncovered a new critical vulnerability affecting the SMB protocol named SMBleed (CVE-2020-1206). SMBleed has a similar function to the earlier reported SMBGhost vulnerability that could expose vulnerable Windows systems to malicious software.

The SMBleed flaw impacts the Windows 10 version 1903 and 1909. There is a flaw in SMB which allows an attacker to read the uninitialized kernel memory and make modifications to that function.

Microsoft stated that: “To exploit the vulnerability against a client, an unauthenticated attacker would need to configure a malicious SMBv3 server and convince a user to connect to it.”

The other critical bugs included in the Patch Tuesday updates of June 2020 are:

  • Remote code execution in Microsoft Sharepoint
  • Remote code execution in Windows OLE
  • Remote code execution in the Windows Graphics Device Interface (GDI)
  • Remote code execution in the Windows VBScript scripting engine
  • Remote code execution in Microsoft Excel
  • Remote code execution in the Windows OS print spooler component
  • Remote code execution in processing Windows .LNK files
  • Remote code execution in Word for Android

Run Our Report

Similar to previous months, we’ve created an Audit Report that checks if the assets in your network are on the latest Microsoft patch update. It’s color-coded to give you an easy and quick overview of which assets are already on the latest Windows update, and which ones still need to be patched. All admins are advised to install these security updates as soon as possible to protect Windows from security risks.

Overview: Patch Tuesday June 2020 CVE Codes

We have compiled a list of all the security updates.

Product Name CVE Code CVE Vulnerability Description
Microsoft Bing CVE-2020-1329 Bing Search Vulnerability
Microsoft Server Message Block SMBv3 CVE-2020-1206Information Disclosure Vulnerability
Microsoft Server Message Block SMBv3 CVE-2020-1284Denial of Service Vulnerability
Microsoft Server Message Block SMBv3 CVE-2020-1301Remote Code Execution Vulnerability
Azure DevOps ServerCVE-2020-1327 HTML Injection Vulnerability
Microsoft Diagnostics HubCVE-2020-1278 Elevation of Privilege Vulnerability
Microsoft Diagnostics HubCVE-2020-1203 Elevation of Privilege Vulnerability
Microsoft Diagnostics HubCVE-2020-1202 Elevation of Privilege Vulnerability
Windows Feedback HubCVE-2020-1199 Elevation of Privilege Vulnerability
Internet Explorer 11CVE-2020-1315 Information Disclosure Vulnerability
Microsoft Internet Explorer 11 & EdgeCVE-2020-1219 Memory Corruption Vulnerability
Microsoft EdgeCVE-2020-1242 Information Disclosure Vulnerability
Microsoft EdgeCVE-2020-1220 Spoofing Vulnerability
Windows kernel-modeCVE-2020-1207 Win32k Elevation of Privilege Vulnerability
Windows kernel-modeCVE-2020-1258 DirectX Elevation of Privilege Vulnerability
Windows kernel-modeCVE-2020-1251 Win32k Elevation of Privilege Vulnerability
Microsoft GraphicsCVE-2020-1160 Microsoft Graphics Component Information Disclosure vulnerability
Windows GDICVE-2020-0915 Elevation of Privilege Vulnerability
Windows kernel-modeCVE-2020-1253 Elevation of Privilege Vulnerability
Windows kernel-modeCVE-2020-1348 Information Disclosure Vulnerability
Windows GDICVE-2020-1348 Information Disclosure Vulnerability
Windows kernel-modeCVE-2020-0986 Elevation of Privilege Vulnerability
Windows GDICVE-2020-0916 Elevation of Privilege Vulnerability
Windows Jet DatabaseCVE-2020-1236 Remote Code Execution Vulnerability
Windows Jet DatabaseCVE-2020-1208 Remote Code Execution Vulnerability
Windows DefenderCVE-2020-1163 Elevation of Privilege Vulnerability
Windows DefenderCVE-2020-1170 Elevation of Privilege Vulnerability
Microsoft ExcelCVE-2020-1226 Remote Code Execution Vulnerability
Microsoft ExcelCVE-2020-1225 Remote Code Execution Vulnerability
Microsoft OutlookCVE-2020-1229 Security Feature Bypass Vulnerability
Microsoft OfficeCVE-2020-1321 Remote Code Execution Vulnerability
Microsoft ProjectCVE-2020-1322 Information Disclosure Vulnerability
Microsoft SharePoint ServerCVE-2020-1289 Spoofing Vulnerability
Microsoft SharePoint ServerCVE-2020-1181 Remote Code Execution Vulnerability
Microsoft SharePoint ServerCVE-2020-1181 Remote Code Execution Vulnerability
Microsoft SharePoint ServerCVE-2020-1148 Spoofing Vulnerability
Microsoft SharePoint ServerCVE-2020-1183 XSS Vulnerability
Microsoft SharePoint ServerCVE-2020-1318 XSS Vulnerability
Microsoft SharePoint ServerCVE-2020-1298 XSS Vulnerability
Microsoft SharePoint ServerCVE-2020-1297 XSS Vulnerability
Microsoft SharePoint ServerCVE-2020-1178 Elevation of Privilege Vulnerability
Microsoft SharePoint ServerCVE-2020-1177 XSS Vulnerability
Microsoft SharePoint ServerCVE-2020-1320 XSS Vulnerability
Microsoft SharePointCVE-2020-1295 Elevation of Privilege Vulnerability
Microsoft SharePointCVE-2020-1323 Open Redirect Vulnerability
Microsoft VBScriptCVE-2020-1260 Remote Code Execution Vulnerability
Microsoft VBScriptCVE-2020-1215 Remote Code Execution Vulnerability
Microsoft VBScriptCVE-2020-1230 Remote Code Execution Vulnerability
Microsoft VBScriptCVE-2020-1214 Remote Code Execution Vulnerability
Microsoft VBScriptCVE-2020-1216 Remote Code Execution Vulnerability
Microsoft VBScriptCVE-2020-1213 Remote Code Execution Vulnerability
ChakraCoreCVE-2020-1073 Memory Corruption Vulnerability
Windows Security Health ServiceCVE-2020-1324 Elevation of Privilege Vulnerability
Windows Security Health ServiceCVE-2020-1162 Elevation of Privilege Vulnerability
Windows State Repository ServiceCVE-2020-1305 Elevation of Privilege Vulnerability
Windows Update Orchestrator ServiceCVE-2020-1313 Elevation of Privilege Vulnerability
Windows KernelCVE-2020-1316 Elevation of Privilege Vulnerability
Windows KernelCVE-2020-1241 Feature Bypass Vulnerability
Windows KernelCVE-2020-1246 Elevation of Privilege Vulnerability
Microsoft Store RuntimeCVE-2020-1309 Elevation of Privilege Vulnerability
Windows InstallerCVE-2020-1312 Elevation of Privilege Vulnerability
Windows RuntimeCVE-2020-1306 Elevation of Privilege Vulnerability
Windows DiagnosticsCVE-2020-1296 Information Disclosure Vulnerability
Windows WLAN ServiceCVE-2020-1270 Elevation of Privilege Vulnerability
Windows Background Intelligent ServiceCVE-2020-1255 Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1283 Denial of Service Vulnerability
Microsoft Windows CVE-2020-1268 Information Disclosure Vulnerability
Windows Error ReportingCVE-2020-1263 Elevation of Privilege Vulnerability
Windows Host Guardian ServiceCVE-2020-1259 Feature Bypass Vulnerability
Windows win32kCVE-2020-1290 Information Disclosure Vulnerability
Windows Network Connections ServiceCVE-2020-1291 Elevation of Privilege Vulnerability
OpenSSHCVE-2020-1292 Elevation of Privilege Vulnerability
Group PolicyCVE-2020-1317 Elevation of Privilege Vulnerability
Connected User Experiences and Telemetry Service CVE-2020-1317 Elevation of Privilege Vulnerability
Windows Text Service FramworkCVE-2020-1314 Elevation of Privilege Vulnerability
Windows Backup ServiceCVE-2020-1271 Elevation of Privilege Vulnerability
Microsoft Store RuntimeCVE-2020-1222 Elevation of Privilege Vulnerability
Connected User Experiences and Telemetry Service CVE-2020-1120 Denial of Service Vulnerability
Windows Now Playing Session Manager CVE-2020-1201 Elevation of Privilege Vulnerability
Windows RuntimeCVE-2020-1233 Elevation of Privilege Vulnerability
Windows RuntimeCVE-2020-1235 Elevation of Privilege Vulnerability
Windows RuntimeCVE-2020-1231 Elevation of Privilege Vulnerability
Windows RuntimeCVE-2020-1334 Elevation of Privilege Vulnerability
Windows RuntimeCVE-2020-1265 Elevation of Privilege Vulnerability
Windows RuntimeCVE-2020-1282 Elevation of Privilege Vulnerability
Windows RuntimeCVE-2020-1304 Elevation of Privilege Vulnerability
Windows RuntimeCVE-2020-1217 Information Disclosure Vulnerability
Windows Error ReportingCVE-2020-1234 Elevation of Privilege Vulnerability
Windows Error ReportingCVE-2020-1197 Elevation of Privilege Vulnerability
Windows RegistryCVE-2020-1194 Denial of Service Vulnerability
Windows Network List ServiceCVE-2020-1209 Elevation of Privilege Vulnerability
Windows Mobile Device ManagementCVE-2020-1204 Elevation of Privilege Vulnerability
Windows KernelCVE-2020-1307 Elevation of Privilege Vulnerability
Windows kernelCVE-2020-1273 Elevation of Privilege Vulnerability
Windows kernelCVE-2020-1264 Elevation of Privilege Vulnerability
Windows kernelCVE-2020-1237 Elevation of Privilege Vulnerability
Windows kernelCVE-2020-1266 Elevation of Privilege Vulnerability
Connected Devices Platform ServiceCVE-2020-1211 Elevation of Privilege Vulnerability
Windows Print ConfigurationCVE-2020-1196 Elevation of Privilege Vulnerability
Windows GDICVE-2020-1248 Remote Code Execution Vulnerability
NuGetGalleryCVE-2020-1340 Spoofing Vulnerability
System Center Operations ManagerCVE-2020-1331 Spoofing Vulnerability
Visual Studio Code Live Share ExtensionCVE-2020-1343 Information Disclosure Vulnerability
Component Object ModelCVE-2020-1311 Elevation of Privilege Vulnerability
Diagnostics Hub Standard Collector ServiceCVE-2020-1293 Elevation of Privilege Vulnerability
Diagnostics Hub Standard Collector ServiceCVE-2020-1257 Elevation of Privilege Vulnerability
Windows Error ReportingCVE-2020-1261 Information Disclosure Vulnerability
Windows InstallerCVE-2020-1272 Elevation of Privilege Vulnerability
Windows InstallerCVE-2020-1302 Elevation of Privilege Vulnerability
Windows InstallerCVE-2020-1277 Elevation of Privilege Vulnerability
Windows kernelCVE-2020-1310 Elevation of Privilege Vulnerability
Windows Bluetooth ServiceCVE-2020-1280 Elevation of Privilege Vulnerability
Windows kernelCVE-2020-1275 Elevation of Privilege Vulnerability
Windows KernelCVE-2020-1247 Elevation of Privilege Vulnerability
Windows kernelCVE-2020-1274 Elevation of Privilege Vulnerability
Windows kernelCVE-2020-1262 Elevation of Privilege Vulnerability
Windows kernelCVE-2020-1269 Elevation of Privilege Vulnerability
Windows LockscreenCVE-2020-1279 Elevation of Privilege Vulnerability
Windows Media FoundationCVE-2020-1238 Memory Corruption Vulnerability
Windows Media FoundationCVE-2020-1239 Memory Corruption Vulnerability
Windows Media FoundationCVE-2020-1232 Information Disclosure Vulnerability
Windows OLECVE-2020-1281 Remote Code Execution Vulnerability
Windows OLECVE-2020-1212 Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1300 Remote Code Execution Vulnerability
Microsoft WindowsCVE-2020-1299 Remote Code Execution Vulnerability
Windows ShellCVE-2020-1286 Remote Code Execution Vulnerability
Windows Modules Installer ServiceCVE-2020-1254 Elevation of Privilege Vulnerability
Windows WalletServiceCVE-2020-1294 Elevation of Privilege Vulnerability
Windows WalletServiceCVE-2020-1287 Elevation of Privilege Vulnerability

If you haven’t already, start your free trial of Lansweeper to run the Microsoft Patch Tuesday Report. Make sure to subscribe via the form below if you want to receive the latest Microsoft Patch reports and bonus network reports.

Receive the Latest Patch Tuesday Report for FREE Every Month

"*" indicates required fields

Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
This field is for validation purposes and should be left unchanged.
NO CREDIT CARD REQUIRED

Ready to get started?
You’ll be up and running in no time.

Explore all our features, free for 14 days.