Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ The July 2020 Security Update Review

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š The July 2020 Security Update Review


๐Ÿ’ก Newskategorie: Hacking
๐Ÿ”— Quelle: thezdi.com

July is upon us, and it brings another huge batch of security patches from Microsoft, and a few from Adobe as well. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month.

Adobe Patches for July 2020

This month, Adobe released five patches covering 13 CVEs in Adobe Cold Fusion, Download Manager, Genuine Service, Media Encoder, and the Creative Cloud Desktop Application. Three of these bugs came through the ZDI program. The update for Cold Fusion covers two DLL search-order hijacking bugs that could allow a privilege escalation. The fix for Download Manager corrects a single command injection vulnerability. The patch for Media Encoder address two Out-Of-Bounds (OOB) Write and an OOB Read bug. The OOB Write bugs could lead to arbitrary code execution if an attacker convinces a target to visit a malicious page or open a malicious file. The update for the Creative Cloud Desktop Application fixes four different bugs. The most severe of these would allow an arbitrary file system write, while the others could allow a privilege escalation. Finally, the patch for Adobe Genuine Service fixes three Important-severity privilege escalation vulnerabilities. None of the bugs fixed by Adobe are listed as publicly known or under active attack at the time of release.

Microsoft Patches for July 2020

For July, Microsoft released patches for 123 CVEs and one advisory covering Microsoft Windows, Edge (EdgeHTML-based and Chromium-based) in IE Mode, ChakraCore, Internet Explorer (IE), Office and Office Services and Web Apps, Windows Defender, Skype for Business, Visual Studio, .NET Framework, OneDrive, Azure DevOp, and Open Source Software. That makes five straight months of 110+ CVEs released and brings the total for 2020 up to 742. For comparison, Microsoft released patches for 851 CVEs in all of 2019. At this pace, Microsoft will eclipse that number next month. They have already passed their totals for 2017 (665) and 2018 (691).

Of these 123 patches, 18 are listed as Critical and 105 are listed as Important in severity. Seven of these bugs came through the ZDI program. None of these bugs are listed as being under attack at the time of release, while one CVE is listed as publicly known. Letโ€™s take a closer look at some of the more interesting updates for this month, starting with a highly exploitable bug in Windows DNS servers:

-ย ย ย ย ย ย  CVE-2020-1350 - Windows DNS Server Remote Code Execution Vulnerability
This patch fixes a CVSS 10 rated bug in the Windows DNS Server service that could allow unauthenticated code execution at the level of Local System account if an affected system received a specially crafted request. That makes this bug wormable โ€“ at least between affected DNS servers. Microsoft also suggests a registry edit that limits the size of TCP packets the server will process as a workaround, but they donโ€™t list any potential side effects of that registry change. The attack vector requires very large DNS packets, so attacks cannot be conducted over UDP. Considering Windows DNS servers are usually also Domain Controllers, definitely get this patched as soon as you can.

-ย ย ย ย ย ย  CVE-2020-1025 - Microsoft Office Elevation of Privilege Vulnerability
Itโ€™s rare to see an Elevation of Privilege (EoP) bug rated Critical in severity, but this vulnerability in SharePoint and Skype for Business servers certainly earns its rating. An attacker could use this to gain access to an affected server through the improper handling of an OAuth token. Lync servers are also impacted by this, so if you have one of those left around, patch and then seriously consider upgrading to something newer.

-ย ย ย ย ย ย  CVE-2020-1147 - .NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability
A problem with the way XML source markup is checked could lead to RCE in .NET, SharePoint, and Visual Studio. This also seems to be related to CVE-2020-1439, as both list the core problem residing in the โ€œDataSetโ€ and โ€œDataTableโ€ types which are .NET components used to manage data sets. Either way, all patches are needed to fully address this bug, and that could make servicing difficult. At least it appears the patches may be installed in any order.

-ย ย ย ย ย ย  CVE-2020-1349 - Microsoft Outlook Remote Code Execution Vulnerability
This patch fixes a bug in Outlook that could allow an attacker to execute code at the level of the logged-on user if they open or view a specially crafted e-mail. What sets this vulnerability apart is the fact that just viewing the e-mail in the Preview Pane is enough to trigger the bug.

Hereโ€™s the full list of CVEs released by Microsoft for July 2020.

CVE Title Severity Public Exploited XI - Latest XI - Older Type
CVE-2020-1463 Windows SharedStream Library Elevation of Privilege Vulnerability Important Yes No 2 2 EoP
CVE-2020-1147 .NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-1409 DirectWrite Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-1435 GDI+ Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-1032 Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-1036 Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-1040 Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-1041 Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-1042 Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-1043 Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-1421 LNK Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-1025 Microsoft Office Elevation of Privilege Vulnerability Critical No No 2 2 RCE
CVE-2020-1349 Microsoft Outlook Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-1439 PerformancePoint Services Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-1374 Remote Desktop Client Remote Code Execution Vulnerability Critical No No 1 1 RCE
CVE-2020-1403 VBScript Remote Code Execution Vulnerability Critical No No 1 1 RCE
CVE-2020-1410 Window Address Book Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-1350 Windows DNS Server Remote Code Execution Vulnerability Critical No No 1 1 RCE
CVE-2020-1436 Windows Font Library Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-1469 Bond Denial of Service Vulnerability Important No No 2 2 DoS
CVE-2020-1333 Group Policy Services Policy Processing Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1400 Jet Database Engine Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1401 Jet Database Engine Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1407 Jet Database Engine Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1267 Local Security Authority Subsystem Service Denial of Service Vulnerability Important No No 2 2 DoS
CVE-2020-1461 Microsoft Defender Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1433 Microsoft Edge Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1240 Microsoft Excel Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1351 Microsoft Graphics Component Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1412 Microsoft Graphics Components Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1408 Microsoft Graphics Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1342 Microsoft Office Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1445 Microsoft Office Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1458 Microsoft Office Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1450 Microsoft Office SharePoint XSS Vulnerability Important No No 2 2 XSS
CVE-2020-1451 Microsoft Office SharePoint XSS Vulnerability Important No No 2 2 XSS
CVE-2020-1456 Microsoft Office SharePoint XSS Vulnerability Important No No 2 2 XSS
CVE-2020-1465 Microsoft OneDrive Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1449 Microsoft Project Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1454 Microsoft SharePoint Reflective XSS Vulnerability Important No No 2 2 XSS
CVE-2020-1444 Microsoft SharePoint Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1443 Microsoft SharePoint Spoofing Vulnerability Important No No 2 2 Spoof
CVE-2020-1446 Microsoft Word Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1447 Microsoft Word Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1448 Microsoft Word Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1442 Office Web Apps XSS Vulnerability Important No No 2 2 XSS
CVE-2020-1462 Skype for Business and Microsoft Edge (EdgeHTML-based) Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1432 Skype for Business via Internet Explorer Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1326 Team Foundation Server Cross-site Scripting Vulnerability Important No No 2 2 XSS
CVE-2020-1416 Visual Studio Code Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1481 Visual Studio Code Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1402 Windows ActiveX Installer Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1391 Windows Agent Activation Runtime Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1396 Windows ALPC Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1431 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1359 Windows CNG Key Isolation Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1384 Windows CNG Key Isolation Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1375 Windows COM Server Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1368 Windows Credential Enrollment Manager Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1385 Windows Credential Picker Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1393 Windows Diagnostics Hub Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1418 Windows Diagnostics Hub Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1388 Windows Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1392 Windows Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1394 Windows Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1395 Windows Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1420 Windows Error Reporting Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1429 Windows Error Reporting Manager Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1365 Windows Event Logging Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1371 Windows Event Logging Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1386 Windows Feedback Hub Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1355 Windows Font Driver Host Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1085 Windows Function Discovery Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1468 Windows GDI Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1381 Windows Graphics Component Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2020-1382 Windows Graphics Component Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2020-1397 Windows Imaging Component Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1356 Windows iSCSI Target Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1336 Windows Kernel Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1411 Windows Kernel Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1367 Windows Kernel Information Disclosure Vulnerability Important No No 2 2 EoP
CVE-2020-1389 Windows Kernel Information Disclosure Vulnerability Important No No 2 2 EoP
CVE-2020-1419 Windows Kernel Information Disclosure Vulnerability Important No No 2 2 EoP
CVE-2020-1426 Windows Kernel Information Disclosure Vulnerability Important No No 1 1 EoP
CVE-2020-1398 Windows Lockscreen Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1372 Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1405 Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1330 Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1346 Windows Modules Installer Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1373 Windows Network Connections Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1390 Windows Network Connections Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1427 Windows Network Connections Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1428 Windows Network Connections Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1438 Windows Network Connections Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1406 Windows Network List Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1437 Windows Network Location Awareness Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1363 Windows Picker Platform Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1366 Windows Print Workflow Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1360 Windows Profile Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1387 Windows Push Notification Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1358 Windows Resource Policy Information Disclosure Vulnerability Important No ...



๐Ÿ“Œ The July 2020 Security Update Review


๐Ÿ“ˆ 24.28 Punkte

๐Ÿ“Œ The July 2019 Security Update Review


๐Ÿ“ˆ 21.61 Punkte

๐Ÿ“Œ The July 2021 Security Update Review


๐Ÿ“ˆ 21.61 Punkte

๐Ÿ“Œ The July 2022 Security Update Review


๐Ÿ“ˆ 21.61 Punkte

๐Ÿ“Œ The July 2023 Security Update Review


๐Ÿ“ˆ 21.61 Punkte

๐Ÿ“Œ Xbox Summer Game Fest Demo Event coming to Xbox on July 21 through July 27


๐Ÿ“ˆ 20.69 Punkte

๐Ÿ“Œ M2 MacBook Air orders open on Friday, July 8; delivery from July 15


๐Ÿ“ˆ 20.69 Punkte

๐Ÿ“Œ July 2020 Security Update:โ€ฏCVE-2020-1350 Vulnerability in Windows Domain Name System (DNS) Server


๐Ÿ“ˆ 20.35 Punkte

๐Ÿ“Œ July 2020 Security Update:โ€ฏCVE-2020-1350 Vulnerability in Windows Domain Name System (DNS) Server


๐Ÿ“ˆ 20.35 Punkte

๐Ÿ“Œ July 2020 Security Update:โ€ฏCVE-2020-1350 Vulnerability in Windows Domain Name System (DNS) Server


๐Ÿ“ˆ 20.35 Punkte

๐Ÿ“Œ Microsoft Released Security Update For July With the Fixes of 2 Actively Exploited Zero-Day Vulnerabilities โ€“ Update Now


๐Ÿ“ˆ 17.63 Punkte

๐Ÿ“Œ Microsoft's Xbox July Showcase review: Finally, a roadmap


๐Ÿ“ˆ 16.96 Punkte

๐Ÿ“Œ Death's Door Xbox review: Among the best reasons to spend $20 this July


๐Ÿ“ˆ 16.96 Punkte

๐Ÿ“Œ MacBook Air ships, Apple Arcade loses games, and Chris Evans' iPhone - Apple's July 2022 in review


๐Ÿ“ˆ 16.96 Punkte

๐Ÿ“Œ Apple's July 2023 in review: Goldman Sachs wants out of Apple Card, Threads, Underdogs and more


๐Ÿ“ˆ 16.96 Punkte

๐Ÿ“Œ Maemo Leste - Fourteenth Update (July, August, September, October, November, December) 2020


๐Ÿ“ˆ 15.65 Punkte

๐Ÿ“Œ MITRE ATT&CK July 2020 Update: Sub-Techniques!


๐Ÿ“ˆ 15.65 Punkte

๐Ÿ“Œ Adobe Issues July 2020 Critical Security Patches for Multiple Software


๐Ÿ“ˆ 15.04 Punkte

๐Ÿ“Œ Microsoft Patches 123 Vulnerabilities With July 2020 Security Updates


๐Ÿ“ˆ 15.04 Punkte

๐Ÿ“Œ SAP Releases 10 Security Notes on July 2020 Patch Day


๐Ÿ“ˆ 15.04 Punkte

๐Ÿ“Œ SAP Releases 10 Security Notes on July 2020 Patch Day


๐Ÿ“ˆ 15.04 Punkte

๐Ÿ“Œ Microsoft July 2020 Security Updates address 123 vulnerabilities


๐Ÿ“ˆ 15.04 Punkte

๐Ÿ“Œ Adobe Issues July 2020 Critical Security Patches for Multiple Software


๐Ÿ“ˆ 15.04 Punkte

๐Ÿ“Œ Google Patches Critical โ€˜Broadpwnโ€™ Bug in July Security Update


๐Ÿ“ˆ 15 Punkte

๐Ÿ“Œ July 2018 Security Update Release


๐Ÿ“ˆ 15 Punkte

๐Ÿ“Œ July Android Security Update Fixes Four Critical RCE Flaws


๐Ÿ“ˆ 15 Punkte

๐Ÿ“Œ Android July 2019 Security Update Patches 33 New Vulnerabilities


๐Ÿ“ˆ 15 Punkte

๐Ÿ“Œ July 2019 Security Update Release


๐Ÿ“ˆ 15 Punkte

๐Ÿ“Œ July 2019 Security Update Release


๐Ÿ“ˆ 15 Punkte

๐Ÿ“Œ July 2018 Security Update Release


๐Ÿ“ˆ 15 Punkte

๐Ÿ“Œ July 2017 security update release


๐Ÿ“ˆ 15 Punkte

๐Ÿ“Œ July 2019 Security Update Release


๐Ÿ“ˆ 15 Punkte

๐Ÿ“Œ July 2018 Security Update Release


๐Ÿ“ˆ 15 Punkte

๐Ÿ“Œ July 2017 security update release


๐Ÿ“ˆ 15 Punkte











matomo