Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ The June 2020 Security Update Review

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š The June 2020 Security Update Review


๐Ÿ’ก Newskategorie: Hacking
๐Ÿ”— Quelle: thezdi.com

June is here, and it brings with it a record number of security patches from Microsoft, and a few from Adobe as well. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month.

Adobe Patches for June 2020

Adobeโ€™s release for June is on the small side with three bulletins correcting 10 CVEs in Adobe Flash, Experience Manager, and Framemaker. Two of the Framemaker CVEs came through the ZDI program. The update for Flash corrects a single, Critical-rated use-after-free bug that could allow remote code execution. The update for Framemaker is also rated Critical. It corrects a single memory corruption and two Out-Of-Bounds write bugs. The update for Experience Manager is rated Important and addresses six different bugs. Most of these bugs fall into the cross-site scripting category while two are Server-side request forgery (SSRF) bugs. None of the bugs patched by Adobe this month are listed as publicly known or under active attack at the time of release.

Microsoft Patches for June 2020

For June, Microsoft released patches for 129 CVEs covering Microsoft Windows, Internet Explorer (IE), Microsoft Edge (EdgeHTML-based and Chromium-based in IE Mode), ChakraCore, Office and Microsoft Office Services and Web Apps, Windows Defender, Microsoft Dynamics, Visual Studio, Azure DevOps, and Microsoft Apps for Android. This is the fourth month in a row that Microsoft has released patches for more than 110 CVEs, and this is the highest number of CVEs ever released by Microsoft in a single month. This brings the total number of Microsoft patches released this year to 616 โ€“ just 49 shy of the total number of CVEs they addressed in all of 2017.

Of these 129 patches, 11 are rated Critical while 118 are rated Important in severity. Nine of these CVEs came through the ZDI program. None of the bugs being patched are listed by Microsoft as being publicly known or under active attack at the time of release. However, the ZDI did publish some details on CVE-2020-0915, CVE-2020-0916, and CVE-2020-0986 prior to today as they had exceeded our disclosure timeline.

Letโ€™s take a closer look at some of the more interesting updates for this month, starting with an all too familiar bug type:

-ย ย ย ย ย ย  CVE-2020-1299 โ€“ LNK Remote Code Execution Vulnerability
This is the third LNK bug fixed this year, and the description reads just like the previous bugs. An attacker could use this vulnerability to get code execution by having an affected system process a specially crafted .LNK file. These types of files are often put on a USB drive in an attempt to bridge an air-gapped network. If youโ€™re interested in how these types of bugs work, you can check out this blog, which details one of the previous bugs.

-ย ย ย ย ย ย  CVE-2020-1229 โ€“ Microsoft Outlook Security Feature Bypass Vulnerability
This bug could allow attackers to automatically load remote images โ€“ even from within the Preview Pane. While this bypass alone could just disclose the IP address of a target system, itโ€™s not unheard of to get code execution through the processing of specially crafted images (see any GDI+ bug). Patches are available for Windows-based versions of Office, but the patches for Office 2016 for Mac and Office 2019 for Mac are not yet available.

-ย ย ย ย ย ย  CVE-2020-1300 โ€“ Windows Remote Code Execution Vulnerability
This patch corrects a vulnerability in the processing of cabinet files. An attacker could get code execution by convincing a user to open a specially crafted CAB file. They could also spoof a network printer and dupe a user into installing the specially crafted CAB file disguised as a printer driver. Users are often conditioned into trusting printer drivers when offered one, so it would not be surprising to see this get exploited.

-ย ย ย ย ย ย  CVE-2020-1281 โ€“ Windows OLE Remote Code Execution Vulnerability
This bug allows an attacker to exploit code on a target system if they can convince a user to open a specially crafted file or program. Since this involves OLE data structures, multiple file types could be used by the attacker. Considering this impacts every supported version of Windows put this one near the top of your test and deploy list.

Hereโ€™s the full list of CVEs released by Microsoft for June 2020.

CVE Title Severity Public Exploited XI - Latest XI - Older Type
CVE-2020-1248 GDI+ Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-1299 LNK Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-1219 Microsoft Browser Memory Corruption Vulnerability Critical No No 1 1 RCE
CVE-2020-1181 Microsoft SharePoint Server Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-1073 Scripting Engine Memory Corruption Vulnerability Critical No No 2 2 RCE
CVE-2020-1213 VBScript Remote Code Execution Vulnerability Critical No No 1 1 RCE
CVE-2020-1216 VBScript Remote Code Execution Vulnerability Critical No No 1 1 RCE
CVE-2020-1260 VBScript Remote Code Execution Vulnerability Critical No No 1 1 RCE
CVE-2020-1281 Windows OLE Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-1300 Windows Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-1286 Windows Shell Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-1311 Component Object Model Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1211 Connected Devices Platform Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1120 Connected User Experiences and Telemetry Service Denial of Service Vulnerability Important No No 2 2 DoS
CVE-2020-1244 Connected User Experiences and Telemetry Service Denial of Service Vulnerability Important No No 2 2 DoS
CVE-2020-1202 Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1203 Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1257 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1278 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1293 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1317 Group Policy Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1315 Internet Explorer Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1208 Jet Database Engine Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1236 Jet Database Engine Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1232 Media Foundation Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1238 Media Foundation Memory Corruption Vulnerability Important No No 2 2 RCE
CVE-2020-1239 Media Foundation Memory Corruption Vulnerability Important No No 2 2 RCE
CVE-2020-1329 Microsoft Bing Search Spoofing Vulnerability Important No No 2 2 Spoof
CVE-2020-1220 Microsoft Edge (Chromium-based) in IE Mode Spoofing Vulnerability Important No No 2 2 Spoof
CVE-2020-1242 Microsoft Edge Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1225 Microsoft Excel Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1226 Microsoft Excel Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1160 Microsoft Graphics Component Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1321 Microsoft Office Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1177 Microsoft Office SharePoint XSS Vulnerability Important No No 2 2 XSS
CVE-2020-1183 Microsoft Office SharePoint XSS Vulnerability Important No No 2 2 XSS
CVE-2020-1297 Microsoft Office SharePoint XSS Vulnerability Important No No 2 2 XSS
CVE-2020-1298 Microsoft Office SharePoint XSS Vulnerability Important No No 2 2 XSS
CVE-2020-1318 Microsoft Office SharePoint XSS Vulnerability Important No No 2 2 XSS
CVE-2020-1320 Microsoft Office SharePoint XSS Vulnerability Important No No 2 2 XSS
CVE-2020-1229 Microsoft Outlook Security Feature Bypass Vulnerability Important No No 2 2 SFB
CVE-2020-1322 Microsoft Project Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1295 Microsoft SharePoint Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1178 Microsoft SharePoint Server Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1148 Microsoft SharePoint Spoofing Vulnerability Important No No 2 2 Spoof
CVE-2020-1289 Microsoft SharePoint Spoofing Vulnerability Important No No 2 2 Spoof
CVE-2020-1222 Microsoft Store Runtime Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1309 Microsoft Store Runtime Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1163 Microsoft Windows Defender Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1170 Microsoft Windows Defender Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1340 NuGetGallery Spoofing Vulnerability Important No No 2 2 Spoof
CVE-2020-1212 OLE Automation Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1292 OpenSSH for Windows Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1323 SharePoint Open Redirect Vulnerability Important No No 2 2 Spoof
CVE-2020-1331 System Center Spoofing Vulnerability Important No No 2 2 Spoof
CVE-2020-1327 Team Foundation Server HTML Injection Vulnerability Important No No 2 2 Spoof
CVE-2020-1214 VBScript Remote Code Execution Vulnerability Important No No 1 1 RCE
CVE-2020-1215 VBScript Remote Code Execution Vulnerability Important No No 1 1 RCE
CVE-2020-1230 VBScript Remote Code Execution Vulnerability Important No No 1 1 RCE
CVE-2020-1343 Visual Studio Code Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1207 Win32k Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2020-1247 Win32k Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2020-1251 Win32k Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2020-1253 Win32k Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2020-1258 Win32k Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1310 Win32k Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1290 Win32k Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1255 Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1271 Windows Backup Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1280 Windows Bluetooth Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1283 Windows Denial of Service Vulnerability Important No No 2 2 DoS
CVE-2020-1296 Windows Diagnostics & feedback Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1162 Windows Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1324 Windows Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1234 Windows Error Reporting Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1261 Windows Error Reporting Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1263 Windows Error Reporting Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1197 Windows Error Reporting Manager Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1199 Windows Feedback Hub Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0915 Windows GDI Elevation of Privilege Vulnerability Important No* No 2 2 EoP
CVE-2020-0916 Windows GDI Elevation of Privilege Vulnerability Important No* No 2 2 EoP
CVE-2020-1348 Windows GDI Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1259 Windows Host Guardian Service Security Feature Bypass Vulnerability Important No No 2 2 SFB
CVE-2020-1272 Windows Installer Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1277 Windows Installer Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1302 Windows Installer Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1312 Windows Installer Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0986 Windows Kernel Elevation of Privilege Vulnerability Important No* No 2 2 EoP
CVE-2020-1237 Windows Kernel Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1246 Windows Kernel Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1262 Windows Kernel Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1264 Windows Kernel Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1266 Windows Kernel Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1269 Windows Kernel Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1273 Windows Kernel Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1274 Windows Kernel Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1275 Windows Kernel Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1276 Windows Kernel Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1307 Windows Kernel Elevation of Privilege Vulnerability Important No No 2 2 EoP
...



๐Ÿ“Œ Google Releases June Android Security Update (June 6, 2016)


๐Ÿ“ˆ 24.7 Punkte

๐Ÿ“Œ Google Releases June Android Security Update (June 6, 2016)


๐Ÿ“ˆ 24.7 Punkte

๐Ÿ“Œ The June 2020 Security Update Review


๐Ÿ“ˆ 23.96 Punkte

๐Ÿ“Œ The June 2019 Security Update Review


๐Ÿ“ˆ 21.29 Punkte

๐Ÿ“Œ The June 2021 Security Update Review


๐Ÿ“ˆ 21.29 Punkte

๐Ÿ“Œ The June 2022 Security Update Review


๐Ÿ“ˆ 21.29 Punkte

๐Ÿ“Œ The June 2023 Security Update Review


๐Ÿ“ˆ 21.29 Punkte

๐Ÿ“Œ Linux Mint 19 Beta Will Arrive on June 4, Final Release Expected at End of June


๐Ÿ“ˆ 20.05 Punkte

๐Ÿ“Œ What to expect from WWDC 2023 on June 5 through June 9


๐Ÿ“ˆ 20.05 Punkte

๐Ÿ“Œ WWDC, iPhone's anniversary, and USB-C is taking over - Apple's June 2022 in review


๐Ÿ“ˆ 16.64 Punkte

๐Ÿ“Œ Apple's June 2023 in review: Vision Pro, Mac Pro, and tech titan fighting talk


๐Ÿ“ˆ 16.64 Punkte

๐Ÿ“Œ Xamarin: .NET Community Standup - June 11th 2020 - Build 2020 Recap + .NET MAUI


๐Ÿ“ˆ 15.38 Punkte

๐Ÿ“Œ Intel patched 22 vulnerabilities in the June 2020 Platform Update


๐Ÿ“ˆ 15.33 Punkte

๐Ÿ“Œ June 2020 Update for Netsparker Enterprise On-Premises


๐Ÿ“ˆ 15.33 Punkte

๐Ÿ“Œ Maemo Leste - Thirteenth Update (April, May, June) 2020


๐Ÿ“ˆ 15.33 Punkte

๐Ÿ“Œ Librem 5 June 2020 Software Development Update


๐Ÿ“ˆ 15.33 Punkte

๐Ÿ“Œ Microsoft Releases June 2020 Security Patches For 129 Vulnerabilities


๐Ÿ“ˆ 14.72 Punkte

๐Ÿ“Œ June 2018 Security Update Release


๐Ÿ“ˆ 14.68 Punkte

๐Ÿ“Œ June 2019 security update release


๐Ÿ“ˆ 14.68 Punkte

๐Ÿ“Œ 4025685 - Guidance related to June 2017 security update release - Version: 1.0


๐Ÿ“ˆ 14.68 Punkte

๐Ÿ“Œ June 2019 security update release


๐Ÿ“ˆ 14.68 Punkte

๐Ÿ“Œ June 2018 Security Update Release


๐Ÿ“ˆ 14.68 Punkte

๐Ÿ“Œ June 2017 security update release


๐Ÿ“ˆ 14.68 Punkte

๐Ÿ“Œ June 2019 security update release


๐Ÿ“ˆ 14.68 Punkte

๐Ÿ“Œ June 2018 Security Update Release


๐Ÿ“ˆ 14.68 Punkte

๐Ÿ“Œ June 2017 security update release


๐Ÿ“ˆ 14.68 Punkte

๐Ÿ“Œ June 2016 security update release


๐Ÿ“ˆ 14.68 Punkte

๐Ÿ“Œ Google Releases Android Security Patch for June 2019 with 22 Security Fixes


๐Ÿ“ˆ 14.06 Punkte

๐Ÿ“Œ The January 2020 Security Update Review


๐Ÿ“ˆ 13.94 Punkte

๐Ÿ“Œ The February 2020 Security Update Review


๐Ÿ“ˆ 13.94 Punkte

๐Ÿ“Œ The March 2020 Security Update Review


๐Ÿ“ˆ 13.94 Punkte

๐Ÿ“Œ The April 2020 Security Update Review


๐Ÿ“ˆ 13.94 Punkte

๐Ÿ“Œ The May 2020 Security Update Review


๐Ÿ“ˆ 13.94 Punkte

๐Ÿ“Œ The July 2020 Security Update Review


๐Ÿ“ˆ 13.94 Punkte











matomo