Microsoft Patch Tuesday – July 2020

Microsoft-Patch-Tuesday-august-2020

17-Year Old 'Wormable' RCE Vulnerability Affecting DNS Servers Fixed

Microsoft released their July 2020 Patch Tuesday updates, fixing 123 CVE-numbered vulnerabilities across 13 products. None of the flaws are being actively exploited, but there are a few critical vulnerabilities like the Remote Code Execution flaw in Windows DNS Servers that require your full attention.

⚡ TL;DR | Go Straight to the July 2020 Patch Tuesday Audit Report.

The most important fix is for a Critical 10.0 rated vulnerability in Windows DNS Servers. This flaw - tracked as CVE-2020-1350 - allows attackers to perform Remote Code Execution and has been named SigRed.

The SigRed vulnerability is wormable, meaning it holds the same risks as EternalBlue in Server Message Block (SMB) and BlueKeep in the Remote Desktop Protocol (RDP).

Microsoft also patched open-source software that contains Denial-of-Service (DoS) and Cross-Site Scripting bugs like the .NET implementation of Bond. There is also a security advisory ADV200008 that enables Request Smuggling Filter on IIS server, which could allow the attacker to modify responses and retrieve info from that user.

Critical CVE Codes Fixed in the July 2020 Patch Tuesday Updates

We compiled a list of the most critical vulnerabilities in the July 2020 Microsoft updates.

CVE-CodeProduct NameCVE Vulnerability Description
CVE-2020-1421 Windows LNK RCE Remote Code Execution Vulnerability
CVE-2020-1329 RCE bug .NET Framework, SharePoint Server, Visual Studio Remote Code Execution Vulnerability
CVE-2020-1349 RCE Vulnerability Outlook Remote Code Execution Vulnerability
CVE-2020-1374 Remote Desktop Client RCE Flaw Remote Code Execution Vulnerability
CVE-2020-1240 Microsoft Excel Vulnerability Remote Code Execution Vulnerability
CVE-2020-1041 Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
CVE-2020-1040 Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
CVE-2020-1032 Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
CVE-2020-1036 Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
CVE-2020-1042 Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
CVE-2020-1043 Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability

Run the July 2020 Patch Tuesday Audit Report

Similar to previous months, we've created an Audit Report that checks if the assets in your network are on the latest Microsoft patch update. It's color-coded to give you an easy and quick overview of which assets are already on the latest Windows update, and which ones still need to be patched. As always, all admins are advised to install these security updates as soon as possible to protect Windows from security risks.

If you haven't already, start your free trial of Lansweeper to run the Microsoft Patch Tuesday Report. Make sure to subscribe via the form below if you want to receive the latest Microsoft Patch reports and bonus network reports.

Receive the Latest Patch Tuesday Report for FREE Every Month

Share

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

Try Lansweeper for Free

Learn why Lansweeper is used by thousands of enterprises worldwide.​
FREE WHITE PAPER
Why centralized IT Asset Discovery is more crucial than ever.