Microsoft released a security update under patch Tuesday with the fixes of 129 vulnerabilities, and this patch is the largest patch ever released by Microsoft.
Several Microsoft software products were patched in the June security release of following:-
- Microsoft Windows
- Microsoft Edge (EdgeHTML-based)
- Microsoft Edge (Chromium-based) in IE Mode
- Microsoft ChakraCore
- Internet Explorer
- Microsoft Office and Microsoft Office Services and Web Apps
- Windows Defender
- Microsoft Dynamics
- Visual Studio
- Azure DevOps
- HoloLens
- Adobe Flash Player
- Microsoft Apps for Android
- Windows App Store
- System Center
- Android App
Out of 129 vulnerabilities, 11 vulnerabilities categorized as “Critical” 109 vulnerabilities marked as “Important”, 7 as “moderate” and 2 vulnerabilities fixed as “Low” Severity.
Critical Vulnerabilities are affected by several Microsoft products including, Browsers, Office SharePoint, Scripting Engine, Windows OLE, Print Spooler Components, and windows Shell and there is no zero-day bugs patched in this update.
Critical Vulnerabilities
A critical bug(APSB20-30) in Adobe Flash Player for Windows has patched in this update, and the successful exploitation of this vulnerability could lead an attacker to execute arbitrary code.
Another critical Memory corruption vulnerability(CVE-2020-1219 ) affected browsers let an attacker execute arbitrary code in the context of the current user. if the current users logged-in as administrator rights, an attacker can view, delete, even create a new account by hosting a malicious website and drop an exploit by tricks users to access it.
Microsoft office critical SharePoint server Remote code execution vulnerability (CVE-2020-1181) allows an authenticated attacker who successfully exploited the vulnerability could use a specially crafted page to act on the content of a specific process in the SharePoint application.
Microsoft Scripting Engine affects with 1 script engine memory corruption vulnerability(CVE-2020-1073), and 2 VBscript remote code execution vulnerabilities (CVE-2020-1216), (CVE-2020-1213) allows attackers to execute arbitrary code in the context of current users.
Another critical remote code execution vulnerability (CVE-2020-1248) Windows Graphics Device Interface (GDI) that handles objects in the memory and the successful exploitation of this vulnerability allows attackers to control the affected system.
In the rest of the 4 vulnerabilities, 1 of them (CVE-2020-1281) affected the Windows OLE, Windows Print Spooler Components (CVE-2020-1300) and the other 2 affected Windows Shell (CVE-2020-1299, CVE-2020-1286). All vulnerabilities allow attackers to execute a remote of on the vulnerable system.
Not only Microsoft But there are several vendors of the following that have released a security update.
Intel released a security update for 22 vulnerabilities in June 2020 Platform Update
Mozilla released Firefox 77.0.1 was released.
Android released their June 2020 security updates.
Adobe released security updates today for Flash Player, Experience Manager, and Framemaker.
No Zero-day
Unlike previous Patch Tuesday updates, there is no zero-day vulnerability fixed, and no active exploit has seen in the wide in this October Tuesday update.
Microsoft strongly recommended installing these security updates for all the windows users to avoid the security risk and protect your Windows.
You can refer the complete patch details for the full list of vulnerabilities resolved, advisories, in the June 2020 Patch here.
Microsoft strongly recommended installing these security updates for all the windows users to avoid the security risk and protect your Windows.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.