Monday, February 10, 2025
HomeMicrosoftMicrosoft Released a Largest-Ever Security Patch with the Fixes For 129 Vulnerabilities...

Microsoft Released a Largest-Ever Security Patch with the Fixes For 129 Vulnerabilities – Update Now

Published on

SIEM as a Service

Follow Us on Google News

Microsoft released a security update under patch Tuesday with the fixes of 129 vulnerabilities, and this patch is the largest patch ever released by Microsoft.

Several Microsoft software products were patched in the June security release of following:-

  • Microsoft Windows
  • Microsoft Edge (EdgeHTML-based)
  • Microsoft Edge (Chromium-based) in IE Mode
  • Microsoft ChakraCore
  • Internet Explorer
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Windows Defender
  • Microsoft Dynamics
  • Visual Studio
  • Azure DevOps
  • HoloLens
  • Adobe Flash Player
  • Microsoft Apps for Android
  • Windows App Store
  • System Center
  • Android App

Out of 129 vulnerabilities, 11 vulnerabilities categorized as “Critical” 109 vulnerabilities marked as “Important”, 7 as “moderate” and 2 vulnerabilities fixed as “Low” Severity.

Critical Vulnerabilities are affected by several Microsoft products including, Browsers, Office SharePoint, Scripting Engine, Windows OLE, Print Spooler Components, and windows Shell and there is no zero-day bugs patched in this update.

Critical Vulnerabilities

A critical bug(APSB20-30) in Adobe Flash Player for Windows has patched in this update, and the successful exploitation of this vulnerability could lead an attacker to execute arbitrary code.

Another critical Memory corruption vulnerability(CVE-2020-1219 ) affected browsers let an attacker execute arbitrary code in the context of the current user. if the current users logged-in as administrator rights, an attacker can view, delete, even create a new account by hosting a malicious website and drop an exploit by tricks users to access it.

Microsoft office critical SharePoint server Remote code execution vulnerability (CVE-2020-1181) allows an authenticated attacker who successfully exploited the vulnerability could use a specially crafted page to act on the content of a specific process in the SharePoint application.

Microsoft Scripting Engine affects with 1 script engine memory corruption vulnerability(CVE-2020-1073), and 2 VBscript remote code execution vulnerabilities (CVE-2020-1216), (CVE-2020-1213) allows attackers to execute arbitrary code in the context of current users.

Another critical remote code execution vulnerability (CVE-2020-1248) Windows Graphics Device Interface (GDI) that handles objects in the memory and the successful exploitation of this vulnerability allows attackers to control the affected system.

In the rest of the 4 vulnerabilities, 1 of them (CVE-2020-1281) affected the Windows OLE, Windows Print Spooler Components (CVE-2020-1300) and the other 2 affected Windows Shell (CVE-2020-1299, CVE-2020-1286). All vulnerabilities allow attackers to execute a remote of on the vulnerable system.

Not only Microsoft But there are several vendors of the following that have released a security update.

Intel released a security update for 22 vulnerabilities in June 2020 Platform Update
Mozilla released Firefox 77.0.1 was released.
Android released their June 2020 security updates.
Adobe released security updates today for Flash Player, Experience Manager, and Framemaker.

No Zero-day

Unlike previous Patch Tuesday updates, there is no zero-day vulnerability fixed, and no active exploit has seen in the wide in this October Tuesday update.

Microsoft strongly recommended installing these security updates for all the windows users to avoid the security risk and protect your Windows.

You can refer the complete patch details for the full list of vulnerabilities resolved, advisories, in the June 2020 Patch here.

Microsoft strongly recommended installing these security updates for all the windows users to avoid the security risk and protect your Windows.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

SHA256 Hash Calculation from Data Chunks

The SHA256 algorithm, a cryptographic hash function, is widely used for securing data integrity...

New Report of of 1M+ Malware Samples Show Application Layer Abused for Stealthy C2

A recent analysis of over one million malware samples by Picus Security has revealed...

Seven-Year-Old Linux Kernel Bug Opens Door to Remote Code Execution

Researchers have uncovered a critical vulnerability in the Linux kernel, dating back seven years,...

Ransomware Payments Plunge 35% as More Victims Refuse to Pay

In a significant shift within the ransomware landscape, global ransom payments plummeted by 35%...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Zero-Day Vulnerabilities in Microsoft Sysinternals Tools Enable DLL Injection Attacks on Windows

A significant zero-day vulnerability has been uncovered in Microsoft Sysinternals tools, posing a severe...

Chinese CDN Exploiting AWS & Microsoft Cloud to Host Malicious Websites

A recent investigation by cybersecurity firm Silent Push has revealed how a China-linked Content...