Patch Tuesday June 2020 is here with 129 Fixes
The June 2020 Patch Tuesday security updates have arrived! Microsoft released a grand total of 129 security updates, which is the largest Patch Tuesday update ever released by Microsoft.
⚡ TL;DR | Go Straight to the June 2020 Patch Tuesday Audit Report.
Microsoft released this edition with patches for 129 vulnerabilities in Windows and other software (see our complete CVE list below). For now, non of these vulnerabilities are actively exploited in the wild but nevertheless, we recommend patching all your Windows systems.
There are 11 vulnerabilities rated as 'critical'. This means that they can easily be exploited by attackers via malicious software to take control of vulnerable systems without actions that are being made by the user. Most of them are remote code execution vulnerabilities.
SMBleed Vulnerability within Windows SMB Protocol
Cybersecurity researchers uncovered a new critical vulnerability affecting the SMB protocol named SMBleed (CVE-2020-1206). SMBleed has a similar function to the earlier reported SMBGhost vulnerability that could expose vulnerable Windows systems to malicious software.
The SMBleed flaw impacts the Windows 10 version 1903 and 1909. There is a flaw in SMB which allows an attacker to read the uninitialized kernel memory and make modifications to that function.
Microsoft stated that: "To exploit the vulnerability against a client, an unauthenticated attacker would need to configure a malicious SMBv3 server and convince a user to connect to it."
The other critical bugs included in the Patch Tuesday updates of June 2020 are:
- Remote code execution in Microsoft Sharepoint
- Remote code execution in Windows OLE
- Remote code execution in the Windows Graphics Device Interface (GDI)
- Remote code execution in the Windows VBScript scripting engine
- Remote code execution in Microsoft Excel
- Remote code execution in the Windows OS print spooler component
- Remote code execution in processing Windows .LNK files
- Remote code execution in Word for Android
Run Our Report
Similar to previous months, we've created an Audit Report that checks if the assets in your network are on the latest Microsoft patch update. It's color-coded to give you an easy and quick overview of which assets are already on the latest Windows update, and which ones still need to be patched. All admins are advised to install these security updates as soon as possible to protect Windows from security risks.
Overview: Patch Tuesday June 2020 CVE Codes
We have compiled a list of all the security updates.
| Product Name | CVE Code | CVE Vulnerability Description |
|---|---|---|
| Microsoft Bing | CVE-2020-1329 | Bing Search Vulnerability |
| Microsoft Server Message Block SMBv3 | CVE-2020-1206 | Information Disclosure Vulnerability |
| Microsoft Server Message Block SMBv3 | CVE-2020-1284 | Denial of Service Vulnerability |
| Microsoft Server Message Block SMBv3 | CVE-2020-1301 | Remote Code Execution Vulnerability |
| Azure DevOps Server | CVE-2020-1327 | HTML Injection Vulnerability |
| Microsoft Diagnostics Hub | CVE-2020-1278 | Elevation of Privilege Vulnerability |
| Microsoft Diagnostics Hub | CVE-2020-1203 | Elevation of Privilege Vulnerability |
| Microsoft Diagnostics Hub | CVE-2020-1202 | Elevation of Privilege Vulnerability |
| Windows Feedback Hub | CVE-2020-1199 | Elevation of Privilege Vulnerability |
| Internet Explorer 11 | CVE-2020-1315 | Information Disclosure Vulnerability |
| Microsoft Internet Explorer 11 & Edge | CVE-2020-1219 | Memory Corruption Vulnerability |
| Microsoft Edge | CVE-2020-1242 | Information Disclosure Vulnerability |
| Microsoft Edge | CVE-2020-1220 | Spoofing Vulnerability |
| Windows kernel-mode | CVE-2020-1207 | Win32k Elevation of Privilege Vulnerability |
| Windows kernel-mode | CVE-2020-1258 | DirectX Elevation of Privilege Vulnerability |
| Windows kernel-mode | CVE-2020-1251 | Win32k Elevation of Privilege Vulnerability |
| Microsoft Graphics | CVE-2020-1160 | Microsoft Graphics Component Information Disclosure vulnerability |
| Windows GDI | CVE-2020-0915 | Elevation of Privilege Vulnerability |
| Windows kernel-mode | CVE-2020-1253 | Elevation of Privilege Vulnerability |
| Windows kernel-mode | CVE-2020-1348 | Information Disclosure Vulnerability |
| Windows GDI | CVE-2020-1348 | Information Disclosure Vulnerability |
| Windows kernel-mode | CVE-2020-0986 | Elevation of Privilege Vulnerability |
| Windows GDI | CVE-2020-0916 | Elevation of Privilege Vulnerability |
| Windows Jet Database | CVE-2020-1236 | Remote Code Execution Vulnerability |
| Windows Jet Database | CVE-2020-1208 | Remote Code Execution Vulnerability |
| Windows Defender | CVE-2020-1163 | Elevation of Privilege Vulnerability |
| Windows Defender | CVE-2020-1170 | Elevation of Privilege Vulnerability |
| Microsoft Excel | CVE-2020-1226 | Remote Code Execution Vulnerability |
| Microsoft Excel | CVE-2020-1225 | Remote Code Execution Vulnerability |
| Microsoft Outlook | CVE-2020-1229 | Security Feature Bypass Vulnerability |
| Microsoft Office | CVE-2020-1321 | Remote Code Execution Vulnerability |
| Microsoft Project | CVE-2020-1322 | Information Disclosure Vulnerability |
| Microsoft SharePoint Server | CVE-2020-1289 | Spoofing Vulnerability |
| Microsoft SharePoint Server | CVE-2020-1181 | Remote Code Execution Vulnerability |
| Microsoft SharePoint Server | CVE-2020-1181 | Remote Code Execution Vulnerability |
| Microsoft SharePoint Server | CVE-2020-1148 | Spoofing Vulnerability |
| Microsoft SharePoint Server | CVE-2020-1183 | XSS Vulnerability |
| Microsoft SharePoint Server | CVE-2020-1318 | XSS Vulnerability |
| Microsoft SharePoint Server | CVE-2020-1298 | XSS Vulnerability |
| Microsoft SharePoint Server | CVE-2020-1297 | XSS Vulnerability |
| Microsoft SharePoint Server | CVE-2020-1178 | Elevation of Privilege Vulnerability |
| Microsoft SharePoint Server | CVE-2020-1177 | XSS Vulnerability |
| Microsoft SharePoint Server | CVE-2020-1320 | XSS Vulnerability |
| Microsoft SharePoint | CVE-2020-1295 | Elevation of Privilege Vulnerability |
| Microsoft SharePoint | CVE-2020-1323 | Open Redirect Vulnerability |
| Microsoft VBScript | CVE-2020-1260 | Remote Code Execution Vulnerability |
| Microsoft VBScript | CVE-2020-1215 | Remote Code Execution Vulnerability |
| Microsoft VBScript | CVE-2020-1230 | Remote Code Execution Vulnerability |
| Microsoft VBScript | CVE-2020-1214 | Remote Code Execution Vulnerability |
| Microsoft VBScript | CVE-2020-1216 | Remote Code Execution Vulnerability |
| Microsoft VBScript | CVE-2020-1213 | Remote Code Execution Vulnerability |
| ChakraCore | CVE-2020-1073 | Memory Corruption Vulnerability |
| Windows Security Health Service | CVE-2020-1324 | Elevation of Privilege Vulnerability |
| Windows Security Health Service | CVE-2020-1162 | Elevation of Privilege Vulnerability |
| Windows State Repository Service | CVE-2020-1305 | Elevation of Privilege Vulnerability |
| Windows Update Orchestrator Service | CVE-2020-1313 | Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2020-1316 | Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2020-1241 | Feature Bypass Vulnerability |
| Windows Kernel | CVE-2020-1246 | Elevation of Privilege Vulnerability |
| Microsoft Store Runtime | CVE-2020-1309 | Elevation of Privilege Vulnerability |
| Windows Installer | CVE-2020-1312 | Elevation of Privilege Vulnerability |
| Windows Runtime | CVE-2020-1306 | Elevation of Privilege Vulnerability |
| Windows Diagnostics | CVE-2020-1296 | Information Disclosure Vulnerability |
| Windows WLAN Service | CVE-2020-1270 | Elevation of Privilege Vulnerability |
| Windows Background Intelligent Service | CVE-2020-1255 | Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1283 | Denial of Service Vulnerability |
| Microsoft Windows | CVE-2020-1268 | Information Disclosure Vulnerability |
| Windows Error Reporting | CVE-2020-1263 | Elevation of Privilege Vulnerability |
| Windows Host Guardian Service | CVE-2020-1259 | Feature Bypass Vulnerability |
| Windows win32k | CVE-2020-1290 | Information Disclosure Vulnerability |
| Windows Network Connections Service | CVE-2020-1291 | Elevation of Privilege Vulnerability |
| OpenSSH | CVE-2020-1292 | Elevation of Privilege Vulnerability |
| Group Policy | CVE-2020-1317 | Elevation of Privilege Vulnerability |
| Connected User Experiences and Telemetry Service | CVE-2020-1317 | Elevation of Privilege Vulnerability |
| Windows Text Service Framwork | CVE-2020-1314 | Elevation of Privilege Vulnerability |
| Windows Backup Service | CVE-2020-1271 | Elevation of Privilege Vulnerability |
| Microsoft Store Runtime | CVE-2020-1222 | Elevation of Privilege Vulnerability |
| Connected User Experiences and Telemetry Service | CVE-2020-1120 | Denial of Service Vulnerability |
| Windows Now Playing Session Manager | CVE-2020-1201 | Elevation of Privilege Vulnerability |
| Windows Runtime | CVE-2020-1233 | Elevation of Privilege Vulnerability |
| Windows Runtime | CVE-2020-1235 | Elevation of Privilege Vulnerability |
| Windows Runtime | CVE-2020-1231 | Elevation of Privilege Vulnerability |
| Windows Runtime | CVE-2020-1334 | Elevation of Privilege Vulnerability |
| Windows Runtime | CVE-2020-1265 | Elevation of Privilege Vulnerability |
| Windows Runtime | CVE-2020-1282 | Elevation of Privilege Vulnerability |
| Windows Runtime | CVE-2020-1304 | Elevation of Privilege Vulnerability |
| Windows Runtime | CVE-2020-1217 | Information Disclosure Vulnerability |
| Windows Error Reporting | CVE-2020-1234 | Elevation of Privilege Vulnerability |
| Windows Error Reporting | CVE-2020-1197 | Elevation of Privilege Vulnerability |
| Windows Registry | CVE-2020-1194 | Denial of Service Vulnerability |
| Windows Network List Service | CVE-2020-1209 | Elevation of Privilege Vulnerability |
| Windows Mobile Device Management | CVE-2020-1204 | Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2020-1307 | Elevation of Privilege Vulnerability |
| Windows kernel | CVE-2020-1273 | Elevation of Privilege Vulnerability |
| Windows kernel | CVE-2020-1264 | Elevation of Privilege Vulnerability |
| Windows kernel | CVE-2020-1237 | Elevation of Privilege Vulnerability |
| Windows kernel | CVE-2020-1266 | Elevation of Privilege Vulnerability |
| Connected Devices Platform Service | CVE-2020-1211 | Elevation of Privilege Vulnerability |
| Windows Print Configuration | CVE-2020-1196 | Elevation of Privilege Vulnerability |
| Windows GDI | CVE-2020-1248 | Remote Code Execution Vulnerability |
| NuGetGallery | CVE-2020-1340 | Spoofing Vulnerability |
| System Center Operations Manager | CVE-2020-1331 | Spoofing Vulnerability |
| Visual Studio Code Live Share Extension | CVE-2020-1343 | Information Disclosure Vulnerability |
| Component Object Model | CVE-2020-1311 | Elevation of Privilege Vulnerability |
| Diagnostics Hub Standard Collector Service | CVE-2020-1293 | Elevation of Privilege Vulnerability |
| Diagnostics Hub Standard Collector Service | CVE-2020-1257 | Elevation of Privilege Vulnerability |
| Windows Error Reporting | CVE-2020-1261 | Information Disclosure Vulnerability |
| Windows Installer | CVE-2020-1272 | Elevation of Privilege Vulnerability |
| Windows Installer | CVE-2020-1302 | Elevation of Privilege Vulnerability |
| Windows Installer | CVE-2020-1277 | Elevation of Privilege Vulnerability |
| Windows kernel | CVE-2020-1310 | Elevation of Privilege Vulnerability |
| Windows Bluetooth Service | CVE-2020-1280 | Elevation of Privilege Vulnerability |
| Windows kernel | CVE-2020-1275 | Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2020-1247 | Elevation of Privilege Vulnerability |
| Windows kernel | CVE-2020-1274 | Elevation of Privilege Vulnerability |
| Windows kernel | CVE-2020-1262 | Elevation of Privilege Vulnerability |
| Windows kernel | CVE-2020-1269 | Elevation of Privilege Vulnerability |
| Windows Lockscreen | CVE-2020-1279 | Elevation of Privilege Vulnerability |
| Windows Media Foundation | CVE-2020-1238 | Memory Corruption Vulnerability |
| Windows Media Foundation | CVE-2020-1239 | Memory Corruption Vulnerability |
| Windows Media Foundation | CVE-2020-1232 | Information Disclosure Vulnerability |
| Windows OLE | CVE-2020-1281 | Remote Code Execution Vulnerability |
| Windows OLE | CVE-2020-1212 | Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1300 | Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2020-1299 | Remote Code Execution Vulnerability |
| Windows Shell | CVE-2020-1286 | Remote Code Execution Vulnerability |
| Windows Modules Installer Service | CVE-2020-1254 | Elevation of Privilege Vulnerability |
| Windows WalletService | CVE-2020-1294 | Elevation of Privilege Vulnerability |
| Windows WalletService | CVE-2020-1287 | Elevation of Privilege Vulnerability |
If you haven't already, start your free trial of Lansweeper to run the Microsoft Patch Tuesday Report. Make sure to subscribe via the form below if you want to receive the latest Microsoft Patch reports and bonus network reports.
