๐ The June 2020 Security Update Review
๐ก Newskategorie: Hacking
๐ Quelle: thezdi.com
June is here, and it brings with it a record number of security patches from Microsoft, and a few from Adobe as well. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month.
Adobe Patches for June 2020
Adobeโs release for June is on the small side with three bulletins correcting 10 CVEs in Adobe Flash, Experience Manager, and Framemaker. Two of the Framemaker CVEs came through the ZDI program. The update for Flash corrects a single, Critical-rated use-after-free bug that could allow remote code execution. The update for Framemaker is also rated Critical. It corrects a single memory corruption and two Out-Of-Bounds write bugs. The update for Experience Manager is rated Important and addresses six different bugs. Most of these bugs fall into the cross-site scripting category while two are Server-side request forgery (SSRF) bugs. None of the bugs patched by Adobe this month are listed as publicly known or under active attack at the time of release.
Microsoft Patches for June 2020
For June, Microsoft released patches for 129 CVEs covering Microsoft Windows, Internet Explorer (IE), Microsoft Edge (EdgeHTML-based and Chromium-based in IE Mode), ChakraCore, Office and Microsoft Office Services and Web Apps, Windows Defender, Microsoft Dynamics, Visual Studio, Azure DevOps, and Microsoft Apps for Android. This is the fourth month in a row that Microsoft has released patches for more than 110 CVEs, and this is the highest number of CVEs ever released by Microsoft in a single month. This brings the total number of Microsoft patches released this year to 616 โ just 49 shy of the total number of CVEs they addressed in all of 2017.
Of these 129 patches, 11 are rated Critical while 118 are rated Important in severity. Nine of these CVEs came through the ZDI program. None of the bugs being patched are listed by Microsoft as being publicly known or under active attack at the time of release. However, the ZDI did publish some details on CVE-2020-0915, CVE-2020-0916, and CVE-2020-0986 prior to today as they had exceeded our disclosure timeline.
Letโs take a closer look at some of the more interesting updates for this month, starting with an all too familiar bug type:
-ย ย ย ย ย ย CVE-2020-1299 โ LNK Remote Code Execution Vulnerability
This is the third LNK bug fixed this year, and the description reads just like the previous bugs. An attacker could use this vulnerability to get code execution by having an affected system process a specially crafted .LNK file. These types of files are often put on a USB drive in an attempt to bridge an air-gapped network. If youโre interested in how these types of bugs work, you can check out this blog, which details one of the previous bugs.
-ย ย ย ย ย ย CVE-2020-1229 โ Microsoft Outlook Security Feature Bypass Vulnerability
This bug could allow attackers to automatically load remote images โ even from within the Preview Pane. While this bypass alone could just disclose the IP address of a target system, itโs not unheard of to get code execution through the processing of specially crafted images (see any GDI+ bug). Patches are available for Windows-based versions of Office, but the patches for Office 2016 for Mac and Office 2019 for Mac are not yet available.
-ย ย ย ย ย ย CVE-2020-1300 โ Windows Remote Code Execution Vulnerability
This patch corrects a vulnerability in the processing of cabinet files. An attacker could get code execution by convincing a user to open a specially crafted CAB file. They could also spoof a network printer and dupe a user into installing the specially crafted CAB file disguised as a printer driver. Users are often conditioned into trusting printer drivers when offered one, so it would not be surprising to see this get exploited.
-ย ย ย ย ย ย CVE-2020-1281 โ Windows OLE Remote Code Execution Vulnerability
This bug allows an attacker to exploit code on a target system if they can convince a user to open a specially crafted file or program. Since this involves OLE data structures, multiple file types could be used by the attacker. Considering this impacts every supported version of Windows put this one near the top of your test and deploy list.
Hereโs the full list of CVEs released by Microsoft for June 2020.
CVE | Title | Severity | Public | Exploited | XI - Latest | XI - Older | Type |
CVE-2020-1248 | GDI+ Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-1299 | LNK Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-1219 | Microsoft Browser Memory Corruption Vulnerability | Critical | No | No | 1 | 1 | RCE |
CVE-2020-1181 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-1073 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-1213 | VBScript Remote Code Execution Vulnerability | Critical | No | No | 1 | 1 | RCE |
CVE-2020-1216 | VBScript Remote Code Execution Vulnerability | Critical | No | No | 1 | 1 | RCE |
CVE-2020-1260 | VBScript Remote Code Execution Vulnerability | Critical | No | No | 1 | 1 | RCE |
CVE-2020-1281 | Windows OLE Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-1300 | Windows Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-1286 | Windows Shell Remote Code Execution Vulnerability | Critical | No | No | 2 | 2 | RCE |
CVE-2020-1311 | Component Object Model Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1211 | Connected Devices Platform Service Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1120 | Connected User Experiences and Telemetry Service Denial of Service Vulnerability | Important | No | No | 2 | 2 | DoS |
CVE-2020-1244 | Connected User Experiences and Telemetry Service Denial of Service Vulnerability | Important | No | No | 2 | 2 | DoS |
CVE-2020-1202 | Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1203 | Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1257 | Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1278 | Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1293 | Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1317 | Group Policy Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1315 | Internet Explorer Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2020-1208 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-1236 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-1232 | Media Foundation Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2020-1238 | Media Foundation Memory Corruption Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-1239 | Media Foundation Memory Corruption Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-1329 | Microsoft Bing Search Spoofing Vulnerability | Important | No | No | 2 | 2 | Spoof |
CVE-2020-1220 | Microsoft Edge (Chromium-based) in IE Mode Spoofing Vulnerability | Important | No | No | 2 | 2 | Spoof |
CVE-2020-1242 | Microsoft Edge Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2020-1225 | Microsoft Excel Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-1226 | Microsoft Excel Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-1160 | Microsoft Graphics Component Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2020-1321 | Microsoft Office Remote Code Execution Vulnerability | Important | No | No | 2 | 2 | RCE |
CVE-2020-1177 | Microsoft Office SharePoint XSS Vulnerability | Important | No | No | 2 | 2 | XSS |
CVE-2020-1183 | Microsoft Office SharePoint XSS Vulnerability | Important | No | No | 2 | 2 | XSS |
CVE-2020-1297 | Microsoft Office SharePoint XSS Vulnerability | Important | No | No | 2 | 2 | XSS |
CVE-2020-1298 | Microsoft Office SharePoint XSS Vulnerability | Important | No | No | 2 | 2 | XSS |
CVE-2020-1318 | Microsoft Office SharePoint XSS Vulnerability | Important | No | No | 2 | 2 | XSS |
CVE-2020-1320 | Microsoft Office SharePoint XSS Vulnerability | Important | No | No | 2 | 2 | XSS |
CVE-2020-1229 | Microsoft Outlook Security Feature Bypass Vulnerability | Important | No | No | 2 | 2 | SFB |
CVE-2020-1322 | Microsoft Project Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2020-1295 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1178 | Microsoft SharePoint Server Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1148 | Microsoft SharePoint Spoofing Vulnerability | Important | No | No | 2 | 2 | Spoof |
CVE-2020-1289 | Microsoft SharePoint Spoofing Vulnerability | Important | No | No | 2 | 2 | Spoof |
CVE-2020-1222 | Microsoft Store Runtime Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1309 | Microsoft Store Runtime Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1163 | Microsoft Windows Defender Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1170 | Microsoft Windows Defender Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1340 | NuGetGallery Spoofing Vulnerability | Important | No | No | 2 | 2 | Spoof |
CVE-2020-1212 | OLE Automation Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1292 | OpenSSH for Windows Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1323 | SharePoint Open Redirect Vulnerability | Important | No | No | 2 | 2 | Spoof |
CVE-2020-1331 | System Center Spoofing Vulnerability | Important | No | No | 2 | 2 | Spoof |
CVE-2020-1327 | Team Foundation Server HTML Injection Vulnerability | Important | No | No | 2 | 2 | Spoof |
CVE-2020-1214 | VBScript Remote Code Execution Vulnerability | Important | No | No | 1 | 1 | RCE |
CVE-2020-1215 | VBScript Remote Code Execution Vulnerability | Important | No | No | 1 | 1 | RCE |
CVE-2020-1230 | VBScript Remote Code Execution Vulnerability | Important | No | No | 1 | 1 | RCE |
CVE-2020-1343 | Visual Studio Code Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2020-1207 | Win32k Elevation of Privilege Vulnerability | Important | No | No | 1 | 1 | EoP |
CVE-2020-1247 | Win32k Elevation of Privilege Vulnerability | Important | No | No | 1 | 1 | EoP |
CVE-2020-1251 | Win32k Elevation of Privilege Vulnerability | Important | No | No | 1 | 1 | EoP |
CVE-2020-1253 | Win32k Elevation of Privilege Vulnerability | Important | No | No | 1 | 1 | EoP |
CVE-2020-1258 | Win32k Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1310 | Win32k Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1290 | Win32k Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2020-1255 | Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1271 | Windows Backup Service Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1280 | Windows Bluetooth Service Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1283 | Windows Denial of Service Vulnerability | Important | No | No | 2 | 2 | DoS |
CVE-2020-1296 | Windows Diagnostics & feedback Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2020-1162 | Windows Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1324 | Windows Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1234 | Windows Error Reporting Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1261 | Windows Error Reporting Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2020-1263 | Windows Error Reporting Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2020-1197 | Windows Error Reporting Manager Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1199 | Windows Feedback Hub Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-0915 | Windows GDI Elevation of Privilege Vulnerability | Important | No* | No | 2 | 2 | EoP |
CVE-2020-0916 | Windows GDI Elevation of Privilege Vulnerability | Important | No* | No | 2 | 2 | EoP |
CVE-2020-1348 | Windows GDI Information Disclosure Vulnerability | Important | No | No | 2 | 2 | Info |
CVE-2020-1259 | Windows Host Guardian Service Security Feature Bypass Vulnerability | Important | No | No | 2 | 2 | SFB |
CVE-2020-1272 | Windows Installer Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1277 | Windows Installer Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1302 | Windows Installer Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1312 | Windows Installer Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-0986 | Windows Kernel Elevation of Privilege Vulnerability | Important | No* | No | 2 | 2 | EoP |
CVE-2020-1237 | Windows Kernel Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1246 | Windows Kernel Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1262 | Windows Kernel Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1264 | Windows Kernel Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1266 | Windows Kernel Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1269 | Windows Kernel Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1273 | Windows Kernel Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1274 | Windows Kernel Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1275 | Windows Kernel Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1276 | Windows Kernel Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
CVE-2020-1307 | Windows Kernel Elevation of Privilege Vulnerability | Important | No | No | 2 | 2 | EoP |
...
|