In its biggest patch Tuesday security update ever, Microsoft released its June 2020 Patch update to fix a total of 129 newly discovered CVEs (Common Vulnerabilities and Exposures).
Despite its biggest patch release, none of the vulnerabilities have been exploited in the wild before Microsoft released patches. From 129 CVEs which affect various versions of Windows operating systems and related software products, 11 are classified critical, 109 important, 7 moderate, and 2 low in risk severity.
Microsoft security patches apply to:
- Microsoft Windows,
- Microsoft Edge,
- ChakraCore,
- Internet Explorer,
- Microsoft Office,
- Microsoft Office Services and Web Apps,
- Windows Defender,
- Microsoft Dynamics,
- Visual Studio,
- Azure DevOps,
- Adobe Flash Player, and Microsoft Apps for Android
Critical Vulnerabilities patched include:
- CVE-2020-1181 – remote code execution in Microsoft SharePoint.
- CVE-2020-1225, CVE-2020-1226 – remote code execution in Microsoft Excel.
- CVE-2020-1223 – remote code execution in Word for Android.
- CVE-2020-1248 – remote code execution in the Windows Graphics Device Interface (GDI).
- CVE-2020-1281 – remote code execution in Windows OLE.
- CVE-2020-1299 – remote code execution in processing Windows .LNK files.
- CVE-2020-1300 – remote code execution in the Windows OS print spooler component.
- CVE-2020-1301 – remote code execution in the Windows SMB (Server Message Block) protocol.
- CVE-2020-1213, CVE-2020-1214, CVE-2020-1215, CVE-2020-1216, CVE-2020-1230, CVE-2020-1260 – remote code execution in the Windows VBScript scripting engine.
Microsoft in a statement mentioned “These updates are intended to help our customers keep their computers up-to-date. We recommend that you install all updates that apply to you,”.
System administrators and users are advised to install these updates as soon as possible to be safe from privilege escalation and spoofing attacks.