Saturday, October 12, 2024
HomeMicrosoftMicrosoft Released a Largest-Ever Security Patch with the Fixes For 129 Vulnerabilities...

Microsoft Released a Largest-Ever Security Patch with the Fixes For 129 Vulnerabilities – Update Now

Published on

Malware protection

Microsoft released a security update under patch Tuesday with the fixes of 129 vulnerabilities, and this patch is the largest patch ever released by Microsoft.

Several Microsoft software products were patched in the June security release of following:-

  • Microsoft Windows
  • Microsoft Edge (EdgeHTML-based)
  • Microsoft Edge (Chromium-based) in IE Mode
  • Microsoft ChakraCore
  • Internet Explorer
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Windows Defender
  • Microsoft Dynamics
  • Visual Studio
  • Azure DevOps
  • HoloLens
  • Adobe Flash Player
  • Microsoft Apps for Android
  • Windows App Store
  • System Center
  • Android App

Out of 129 vulnerabilities, 11 vulnerabilities categorized as “Critical” 109 vulnerabilities marked as “Important”, 7 as “moderate” and 2 vulnerabilities fixed as “Low” Severity.

- Advertisement - SIEM as a Service

Critical Vulnerabilities are affected by several Microsoft products including, Browsers, Office SharePoint, Scripting Engine, Windows OLE, Print Spooler Components, and windows Shell and there is no zero-day bugs patched in this update.

Critical Vulnerabilities

A critical bug(APSB20-30) in Adobe Flash Player for Windows has patched in this update, and the successful exploitation of this vulnerability could lead an attacker to execute arbitrary code.

Another critical Memory corruption vulnerability(CVE-2020-1219 ) affected browsers let an attacker execute arbitrary code in the context of the current user. if the current users logged-in as administrator rights, an attacker can view, delete, even create a new account by hosting a malicious website and drop an exploit by tricks users to access it.

Microsoft office critical SharePoint server Remote code execution vulnerability (CVE-2020-1181) allows an authenticated attacker who successfully exploited the vulnerability could use a specially crafted page to act on the content of a specific process in the SharePoint application.

Microsoft Scripting Engine affects with 1 script engine memory corruption vulnerability(CVE-2020-1073), and 2 VBscript remote code execution vulnerabilities (CVE-2020-1216), (CVE-2020-1213) allows attackers to execute arbitrary code in the context of current users.

Another critical remote code execution vulnerability (CVE-2020-1248) Windows Graphics Device Interface (GDI) that handles objects in the memory and the successful exploitation of this vulnerability allows attackers to control the affected system.

In the rest of the 4 vulnerabilities, 1 of them (CVE-2020-1281) affected the Windows OLE, Windows Print Spooler Components (CVE-2020-1300) and the other 2 affected Windows Shell (CVE-2020-1299, CVE-2020-1286). All vulnerabilities allow attackers to execute a remote of on the vulnerable system.

Not only Microsoft But there are several vendors of the following that have released a security update.

Intel released a security update for 22 vulnerabilities in June 2020 Platform Update
Mozilla released Firefox 77.0.1 was released.
Android released their June 2020 security updates.
Adobe released security updates today for Flash Player, Experience Manager, and Framemaker.

No Zero-day

Unlike previous Patch Tuesday updates, there is no zero-day vulnerability fixed, and no active exploit has seen in the wide in this October Tuesday update.

Microsoft strongly recommended installing these security updates for all the windows users to avoid the security risk and protect your Windows.

You can refer the complete patch details for the full list of vulnerabilities resolved, advisories, in the June 2020 Patch here.

Microsoft strongly recommended installing these security updates for all the windows users to avoid the security risk and protect your Windows.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Threat Actor ProKYC Selling Tools To Bypass Two-Factor Authentication

Threat actors are leveraging a newly discovered deepfake tool, ProKYC, to bypass two-factor authentication...

Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being...

SpyCloud Embeds Identity Analytics in Cybercrime Investigations Solution to Accelerate Insider and Supply Chain Risk Analysis & Threat Actor Attribution

IDLink, SpyCloud’s new automated digital identity correlation capability, is now core to its industry-leading...

Abusix and Red Sift Form New Partnership, Leveraging Automation to Mitigate Cyber Attacks

The agreement has marked over 600,000 fraudulent domains for takedown in just two months...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Microsoft & DOJ Dismantles Hundreds of Websites Used by Russian Hackers

Microsoft and the U.S. Department of Justice (DOJ) have disrupted the operations of Star...

Microsoft Warns Of Vanilla Tempest Hackers Attacking Healthcare Sector

Microsoft has identified a new attack vector employed by the financially motivated threat actor...

Hackers Mimic Google, Microsoft & Amazon Domains for Phishing Attacks

Phishing remains a significant concern for both individuals and organizations. Recent findings from ThreatLabz...