Microsoft Patch Tuesday Audit – June 2020

Microsoft-Patch-Tuesday

Patch Tuesday June 2020 is here with 129 Fixes

The June 2020 Patch Tuesday security updates have arrived! Microsoft released a grand total of 129 security updates, which is the largest Patch Tuesday update ever released by Microsoft.

⚡ TL;DR | Go Straight to the June 2020 Patch Tuesday Audit Report.

Microsoft released this edition with patches for 129 vulnerabilities in Windows and other software (see our complete CVE list below). For now, non of these vulnerabilities are actively exploited in the wild but nevertheless, we recommend patching all your Windows systems.

There are 11 vulnerabilities rated as 'critical'. This means that they can easily be exploited by attackers via malicious software to take control of vulnerable systems without actions that are being made by the user. Most of them are remote code execution vulnerabilities.

SMBleed Vulnerability within Windows SMB Protocol

Cybersecurity researchers uncovered a new critical vulnerability affecting the SMB protocol named SMBleed (CVE-2020-1206). SMBleed has a similar function to the earlier reported SMBGhost vulnerability that could expose vulnerable Windows systems to malicious software.

The SMBleed flaw impacts the Windows 10 version 1903 and 1909. There is a flaw in SMB which allows an attacker to read the uninitialized kernel memory and make modifications to that function.

Microsoft stated that: "To exploit the vulnerability against a client, an unauthenticated attacker would need to configure a malicious SMBv3 server and convince a user to connect to it."

The other critical bugs included in the Patch Tuesday updates of June 2020 are:

  • Remote code execution in Microsoft Sharepoint
  • Remote code execution in Windows OLE
  • Remote code execution in the Windows Graphics Device Interface (GDI)
  • Remote code execution in the Windows VBScript scripting engine
  • Remote code execution in Microsoft Excel
  • Remote code execution in the Windows OS print spooler component
  • Remote code execution in processing Windows .LNK files
  • Remote code execution in Word for Android

Run Our Report

Similar to previous months, we've created an Audit Report that checks if the assets in your network are on the latest Microsoft patch update. It's color-coded to give you an easy and quick overview of which assets are already on the latest Windows update, and which ones still need to be patched. All admins are advised to install these security updates as soon as possible to protect Windows from security risks.

Overview: Patch Tuesday June 2020 CVE Codes

We have compiled a list of all the security updates.

Product NameCVE CodeCVE Vulnerability Description
Microsoft Bing CVE-2020-1329 Bing Search Vulnerability
Microsoft Server Message Block SMBv3 CVE-2020-1206Information Disclosure Vulnerability
Microsoft Server Message Block SMBv3 CVE-2020-1284Denial of Service Vulnerability
Microsoft Server Message Block SMBv3 CVE-2020-1301Remote Code Execution Vulnerability
Azure DevOps ServerCVE-2020-1327HTML Injection Vulnerability
Microsoft Diagnostics HubCVE-2020-1278Elevation of Privilege Vulnerability
Microsoft Diagnostics HubCVE-2020-1203Elevation of Privilege Vulnerability
Microsoft Diagnostics HubCVE-2020-1202Elevation of Privilege Vulnerability
Windows Feedback HubCVE-2020-1199Elevation of Privilege Vulnerability
Internet Explorer 11CVE-2020-1315Information Disclosure Vulnerability
Microsoft Internet Explorer 11 & EdgeCVE-2020-1219Memory Corruption Vulnerability
Microsoft EdgeCVE-2020-1242Information Disclosure Vulnerability
Microsoft EdgeCVE-2020-1220Spoofing Vulnerability
Windows kernel-modeCVE-2020-1207Win32k Elevation of Privilege Vulnerability
Windows kernel-modeCVE-2020-1258DirectX Elevation of Privilege Vulnerability
Windows kernel-modeCVE-2020-1251Win32k Elevation of Privilege Vulnerability
Microsoft GraphicsCVE-2020-1160Microsoft Graphics Component Information Disclosure vulnerability
Windows GDICVE-2020-0915Elevation of Privilege Vulnerability
Windows kernel-modeCVE-2020-1253Elevation of Privilege Vulnerability
Windows kernel-modeCVE-2020-1348Information Disclosure Vulnerability
Windows GDICVE-2020-1348Information Disclosure Vulnerability
Windows kernel-modeCVE-2020-0986Elevation of Privilege Vulnerability
Windows GDICVE-2020-0916Elevation of Privilege Vulnerability
Windows Jet DatabaseCVE-2020-1236Remote Code Execution Vulnerability
Windows Jet DatabaseCVE-2020-1208Remote Code Execution Vulnerability
Windows DefenderCVE-2020-1163Elevation of Privilege Vulnerability
Windows DefenderCVE-2020-1170Elevation of Privilege Vulnerability
Microsoft ExcelCVE-2020-1226Remote Code Execution Vulnerability
Microsoft ExcelCVE-2020-1225Remote Code Execution Vulnerability
Microsoft OutlookCVE-2020-1229Security Feature Bypass Vulnerability
Microsoft OfficeCVE-2020-1321Remote Code Execution Vulnerability
Microsoft ProjectCVE-2020-1322Information Disclosure Vulnerability
Microsoft SharePoint ServerCVE-2020-1289Spoofing Vulnerability
Microsoft SharePoint ServerCVE-2020-1181Remote Code Execution Vulnerability
Microsoft SharePoint ServerCVE-2020-1181Remote Code Execution Vulnerability
Microsoft SharePoint ServerCVE-2020-1148Spoofing Vulnerability
Microsoft SharePoint ServerCVE-2020-1183XSS Vulnerability
Microsoft SharePoint ServerCVE-2020-1318XSS Vulnerability
Microsoft SharePoint ServerCVE-2020-1298XSS Vulnerability
Microsoft SharePoint ServerCVE-2020-1297XSS Vulnerability
Microsoft SharePoint ServerCVE-2020-1178Elevation of Privilege Vulnerability
Microsoft SharePoint ServerCVE-2020-1177XSS Vulnerability
Microsoft SharePoint ServerCVE-2020-1320XSS Vulnerability
Microsoft SharePointCVE-2020-1295Elevation of Privilege Vulnerability
Microsoft SharePointCVE-2020-1323Open Redirect Vulnerability
Microsoft VBScriptCVE-2020-1260Remote Code Execution Vulnerability
Microsoft VBScriptCVE-2020-1215Remote Code Execution Vulnerability
Microsoft VBScriptCVE-2020-1230Remote Code Execution Vulnerability
Microsoft VBScriptCVE-2020-1214Remote Code Execution Vulnerability
Microsoft VBScriptCVE-2020-1216Remote Code Execution Vulnerability
Microsoft VBScriptCVE-2020-1213Remote Code Execution Vulnerability
ChakraCoreCVE-2020-1073Memory Corruption Vulnerability
Windows Security Health ServiceCVE-2020-1324Elevation of Privilege Vulnerability
Windows Security Health ServiceCVE-2020-1162Elevation of Privilege Vulnerability
Windows State Repository ServiceCVE-2020-1305Elevation of Privilege Vulnerability
Windows Update Orchestrator ServiceCVE-2020-1313Elevation of Privilege Vulnerability
Windows KernelCVE-2020-1316Elevation of Privilege Vulnerability
Windows KernelCVE-2020-1241Feature Bypass Vulnerability
Windows KernelCVE-2020-1246Elevation of Privilege Vulnerability
Microsoft Store RuntimeCVE-2020-1309Elevation of Privilege Vulnerability
Windows InstallerCVE-2020-1312Elevation of Privilege Vulnerability
Windows RuntimeCVE-2020-1306Elevation of Privilege Vulnerability
Windows DiagnosticsCVE-2020-1296Information Disclosure Vulnerability
Windows WLAN ServiceCVE-2020-1270Elevation of Privilege Vulnerability
Windows Background Intelligent ServiceCVE-2020-1255Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1283Denial of Service Vulnerability
Microsoft WindowsCVE-2020-1268Information Disclosure Vulnerability
Windows Error ReportingCVE-2020-1263Elevation of Privilege Vulnerability
Windows Host Guardian ServiceCVE-2020-1259Feature Bypass Vulnerability
Windows win32kCVE-2020-1290Information Disclosure Vulnerability
Windows Network Connections ServiceCVE-2020-1291Elevation of Privilege Vulnerability
OpenSSHCVE-2020-1292Elevation of Privilege Vulnerability
Group PolicyCVE-2020-1317Elevation of Privilege Vulnerability
Connected User Experiences and Telemetry ServiceCVE-2020-1317Elevation of Privilege Vulnerability
Windows Text Service FramworkCVE-2020-1314Elevation of Privilege Vulnerability
Windows Backup ServiceCVE-2020-1271Elevation of Privilege Vulnerability
Microsoft Store RuntimeCVE-2020-1222Elevation of Privilege Vulnerability
Connected User Experiences and Telemetry ServiceCVE-2020-1120Denial of Service Vulnerability
Windows Now Playing Session ManagerCVE-2020-1201Elevation of Privilege Vulnerability
Windows RuntimeCVE-2020-1233Elevation of Privilege Vulnerability
Windows RuntimeCVE-2020-1235Elevation of Privilege Vulnerability
Windows RuntimeCVE-2020-1231Elevation of Privilege Vulnerability
Windows RuntimeCVE-2020-1334Elevation of Privilege Vulnerability
Windows RuntimeCVE-2020-1265Elevation of Privilege Vulnerability
Windows RuntimeCVE-2020-1282Elevation of Privilege Vulnerability
Windows RuntimeCVE-2020-1304Elevation of Privilege Vulnerability
Windows RuntimeCVE-2020-1217Information Disclosure Vulnerability
Windows Error ReportingCVE-2020-1234Elevation of Privilege Vulnerability
Windows Error ReportingCVE-2020-1197Elevation of Privilege Vulnerability
Windows RegistryCVE-2020-1194Denial of Service Vulnerability
Windows Network List ServiceCVE-2020-1209Elevation of Privilege Vulnerability
Windows Mobile Device ManagementCVE-2020-1204Elevation of Privilege Vulnerability
Windows KernelCVE-2020-1307Elevation of Privilege Vulnerability
Windows kernelCVE-2020-1273Elevation of Privilege Vulnerability
Windows kernelCVE-2020-1264Elevation of Privilege Vulnerability
Windows kernelCVE-2020-1237Elevation of Privilege Vulnerability
Windows kernelCVE-2020-1266Elevation of Privilege Vulnerability
Connected Devices Platform ServiceCVE-2020-1211Elevation of Privilege Vulnerability
Windows Print ConfigurationCVE-2020-1196Elevation of Privilege Vulnerability
Windows GDICVE-2020-1248Remote Code Execution Vulnerability
NuGetGalleryCVE-2020-1340Spoofing Vulnerability
System Center Operations ManagerCVE-2020-1331Spoofing Vulnerability
Visual Studio Code Live Share ExtensionCVE-2020-1343Information Disclosure Vulnerability
Component Object ModelCVE-2020-1311Elevation of Privilege Vulnerability
Diagnostics Hub Standard Collector ServiceCVE-2020-1293Elevation of Privilege Vulnerability
Diagnostics Hub Standard Collector ServiceCVE-2020-1257Elevation of Privilege Vulnerability
Windows Error ReportingCVE-2020-1261Information Disclosure Vulnerability
Windows InstallerCVE-2020-1272Elevation of Privilege Vulnerability
Windows InstallerCVE-2020-1302Elevation of Privilege Vulnerability
Windows InstallerCVE-2020-1277Elevation of Privilege Vulnerability
Windows kernelCVE-2020-1310Elevation of Privilege Vulnerability
Windows Bluetooth ServiceCVE-2020-1280Elevation of Privilege Vulnerability
Windows kernelCVE-2020-1275Elevation of Privilege Vulnerability
Windows KernelCVE-2020-1247Elevation of Privilege Vulnerability
Windows kernelCVE-2020-1274Elevation of Privilege Vulnerability
Windows kernelCVE-2020-1262Elevation of Privilege Vulnerability
Windows kernelCVE-2020-1269Elevation of Privilege Vulnerability
Windows LockscreenCVE-2020-1279Elevation of Privilege Vulnerability
Windows Media FoundationCVE-2020-1238Memory Corruption Vulnerability
Windows Media FoundationCVE-2020-1239Memory Corruption Vulnerability
Windows Media FoundationCVE-2020-1232Information Disclosure Vulnerability
Windows OLECVE-2020-1281Remote Code Execution Vulnerability
Windows OLECVE-2020-1212Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1300Remote Code Execution Vulnerability
Microsoft WindowsCVE-2020-1299Remote Code Execution Vulnerability
Windows ShellCVE-2020-1286Remote Code Execution Vulnerability
Windows Modules Installer ServiceCVE-2020-1254Elevation of Privilege Vulnerability
Windows WalletServiceCVE-2020-1294Elevation of Privilege Vulnerability
Windows WalletServiceCVE-2020-1287Elevation of Privilege Vulnerability

If you haven't already, start your free trial of Lansweeper to run the Microsoft Patch Tuesday Report. Make sure to subscribe via the form below if you want to receive the latest Microsoft Patch reports and bonus network reports.

Receive the Latest Patch Tuesday Report for FREE Every Month

Share

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

Try Lansweeper for Free

Learn why Lansweeper is used by thousands of enterprises worldwide.​
FREE WHITE PAPER
Why centralized IT Asset Discovery is more crucial than ever.