Friday, March 29, 2024

Microsoft Released a Largest-Ever Security Patch with the Fixes For 129 Vulnerabilities – Update Now

Microsoft released a security update under patch Tuesday with the fixes of 129 vulnerabilities, and this patch is the largest patch ever released by Microsoft.

Several Microsoft software products were patched in the June security release of following:-

  • Microsoft Windows
  • Microsoft Edge (EdgeHTML-based)
  • Microsoft Edge (Chromium-based) in IE Mode
  • Microsoft ChakraCore
  • Internet Explorer
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Windows Defender
  • Microsoft Dynamics
  • Visual Studio
  • Azure DevOps
  • HoloLens
  • Adobe Flash Player
  • Microsoft Apps for Android
  • Windows App Store
  • System Center
  • Android App

Out of 129 vulnerabilities, 11 vulnerabilities categorized as “Critical” 109 vulnerabilities marked as “Important”, 7 as “moderate” and 2 vulnerabilities fixed as “Low” Severity.

Critical Vulnerabilities are affected by several Microsoft products including, Browsers, Office SharePoint, Scripting Engine, Windows OLE, Print Spooler Components, and windows Shell and there is no zero-day bugs patched in this update.

Critical Vulnerabilities

A critical bug(APSB20-30) in Adobe Flash Player for Windows has patched in this update, and the successful exploitation of this vulnerability could lead an attacker to execute arbitrary code.

Another critical Memory corruption vulnerability(CVE-2020-1219 ) affected browsers let an attacker execute arbitrary code in the context of the current user. if the current users logged-in as administrator rights, an attacker can view, delete, even create a new account by hosting a malicious website and drop an exploit by tricks users to access it.

Microsoft office critical SharePoint server Remote code execution vulnerability (CVE-2020-1181) allows an authenticated attacker who successfully exploited the vulnerability could use a specially crafted page to act on the content of a specific process in the SharePoint application.

Microsoft Scripting Engine affects with 1 script engine memory corruption vulnerability(CVE-2020-1073), and 2 VBscript remote code execution vulnerabilities (CVE-2020-1216), (CVE-2020-1213) allows attackers to execute arbitrary code in the context of current users.

Another critical remote code execution vulnerability (CVE-2020-1248) Windows Graphics Device Interface (GDI) that handles objects in the memory and the successful exploitation of this vulnerability allows attackers to control the affected system.

In the rest of the 4 vulnerabilities, 1 of them (CVE-2020-1281) affected the Windows OLE, Windows Print Spooler Components (CVE-2020-1300) and the other 2 affected Windows Shell (CVE-2020-1299, CVE-2020-1286). All vulnerabilities allow attackers to execute a remote of on the vulnerable system.

Not only Microsoft But there are several vendors of the following that have released a security update.

Intel released a security update for 22 vulnerabilities in June 2020 Platform Update
Mozilla released Firefox 77.0.1 was released.
Android released their June 2020 security updates.
Adobe released security updates today for Flash Player, Experience Manager, and Framemaker.

No Zero-day

Unlike previous Patch Tuesday updates, there is no zero-day vulnerability fixed, and no active exploit has seen in the wide in this October Tuesday update.

Microsoft strongly recommended installing these security updates for all the windows users to avoid the security risk and protect your Windows.

You can refer the complete patch details for the full list of vulnerabilities resolved, advisories, in the June 2020 Patch here.

Microsoft strongly recommended installing these security updates for all the windows users to avoid the security risk and protect your Windows.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Website

Latest articles

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles