Microsoft June 2020 Patch Tuesday
This month we got patches for 130 vulnerabilities. Of these, 12 are critical and none of them was previously disclosed or is being exploited according to Microsoft.
Amongst critical vulnerabilities, there is a remote code execution in Windows Graphics Device Interface (GDI) - CVE-2020-1248 . An attacker could exploit this vulnerability by convincing users to view a specially crafted website or sending them an e-mail attachment with a malicious attachment. This vulnerability affects multiple versions of Windows 10 and Windows Server versions 1903, 1909, and 2004. The CVSS v3 score for this vulnerability is 8.40.
There is also an RCE affecting Windows OLE (CVE-2020-1281) due to improper validation of user input. As for the previous vulnerability, an attacker could exploit this vulnerability using specially crafted websites or via e-mail phishing campaigns. This vulnerability affects virtually all supported Windows versions – from Windows 7 to Windows Server 2019.
The highest CVSS v3 this month (8.60) was given to an important Information Disclosure vulnerability in SMBv3 Client/Server (CVE-2020-1206). According to Microsoft, the information that could be disclosed if an attacker successfully exploits this vulnerability is uninitialized memory. This vulnerability reminds me CVE-2020-0796, known as SMBGhost publish last March. The workarounds suggested by Microsoft are the same for both – disabling SMBv3 compression. But, of course, SMBGhost is an RCE vulnerability.
See Renato's dashboard for a more detailed breakout: https://patchtuesdaydashboard.com
Description | |||||||
---|---|---|---|---|---|---|---|
CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) |
Azure DevOps Server HTML Injection Vulnerability | |||||||
CVE-2020-1327 | No | No | Less Likely | Less Likely | Important | ||
Component Object Model Elevation of Privilege Vulnerability | |||||||
CVE-2020-1311 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Connected Devices Platform Service Elevation of Privilege Vulnerability | |||||||
CVE-2020-1211 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Connected User Experiences and Telemetry Service Denial of Service Vulnerability | |||||||
CVE-2020-1120 | No | No | Less Likely | Less Likely | Important | 7.1 | 6.4 |
CVE-2020-1244 | No | No | Less Likely | Less Likely | Important | 6.3 | 5.7 |
Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability | |||||||
CVE-2020-1202 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.3 |
CVE-2020-1203 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | |||||||
CVE-2020-1278 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1257 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1293 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
DirectX Elevation of Privilege Vulnerability | |||||||
CVE-2020-1258 | No | No | Less Likely | Less Likely | Important | 6.4 | 5.8 |
GDI+ Remote Code Execution Vulnerability | |||||||
CVE-2020-1248 | No | No | Less Likely | Less Likely | Critical | 8.4 | 7.6 |
Group Policy Elevation of Privilege Vulnerability | |||||||
CVE-2020-1317 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Internet Explorer Information Disclosure Vulnerability | |||||||
CVE-2020-1315 | No | No | Less Likely | Less Likely | Important | 2.4 | 2.2 |
Jet Database Engine Remote Code Execution Vulnerability | |||||||
CVE-2020-1208 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1236 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
June 2020 Adobe Flash Security Update | |||||||
ADV200010 | No | No | - | - | Critical | ||
LNK Remote Code Execution Vulnerability | |||||||
CVE-2020-1299 | No | No | Less Likely | Less Likely | Critical | 6.8 | 6.1 |
Media Foundation Information Disclosure Vulnerability | |||||||
CVE-2020-1232 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
Media Foundation Memory Corruption Vulnerability | |||||||
CVE-2020-1238 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.9 |
CVE-2020-1239 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.9 |
Microsoft Bing Search Spoofing Vulnerability | |||||||
CVE-2020-1329 | No | No | - | - | Important | ||
Microsoft Browser Memory Corruption Vulnerability | |||||||
CVE-2020-1219 | No | No | More Likely | More Likely | Critical | ||
Microsoft Edge (Chromium-based) in IE Mode Spoofing Vulnerability | |||||||
CVE-2020-1220 | No | No | - | - | Important | 5.4 | 4.9 |
Microsoft Edge Information Disclosure Vulnerability | |||||||
CVE-2020-1242 | No | No | - | - | Important | 4.3 | 3.9 |
Microsoft Excel Remote Code Execution Vulnerability | |||||||
CVE-2020-1225 | No | No | Less Likely | Less Likely | Important | ||
CVE-2020-1226 | No | No | Less Likely | Less Likely | Important | ||
Microsoft Graphics Component Information Disclosure Vulnerability | |||||||
CVE-2020-1160 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
Microsoft Office Remote Code Execution Vulnerability | |||||||
CVE-2020-1321 | No | No | Less Likely | Less Likely | Important | ||
Microsoft Office SharePoint XSS Vulnerability | |||||||
CVE-2020-1183 | No | No | Less Likely | Less Likely | Important | ||
CVE-2020-1298 | No | No | Less Likely | Less Likely | Important | ||
CVE-2020-1320 | No | No | Less Likely | Less Likely | Important | ||
CVE-2020-1177 | No | No | Less Likely | Less Likely | Important | ||
CVE-2020-1297 | No | No | Less Likely | Less Likely | Important | ||
CVE-2020-1318 | No | No | Less Likely | Less Likely | Important | ||
Microsoft Outlook Security Feature Bypass Vulnerability | |||||||
CVE-2020-1229 | No | No | Less Likely | Less Likely | Important | ||
Microsoft Project Information Disclosure Vulnerability | |||||||
CVE-2020-1322 | No | No | Less Likely | Less Likely | Important | ||
Microsoft SharePoint Elevation of Privilege Vulnerability | |||||||
CVE-2020-1295 | No | No | Less Likely | Less Likely | Important | ||
Microsoft SharePoint Server Elevation of Privilege Vulnerability | |||||||
CVE-2020-1178 | No | No | Less Likely | Less Likely | Important | ||
Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||||
CVE-2020-1181 | No | No | Less Likely | Less Likely | Critical | ||
Microsoft SharePoint Spoofing Vulnerability | |||||||
CVE-2020-1148 | No | No | Less Likely | Less Likely | Important | ||
CVE-2020-1289 | No | No | - | - | Important | ||
Microsoft Store Runtime Elevation of Privilege Vulnerability | |||||||
CVE-2020-1222 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1309 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Microsoft Windows Defender Elevation of Privilege Vulnerability | |||||||
CVE-2020-1163 | No | No | Less Likely | Less Likely | Important | ||
CVE-2020-1170 | No | No | Less Likely | Less Likely | Important | ||
NuGetGallery Spoofing Vulnerability | |||||||
CVE-2020-1340 | No | No | - | - | Important | ||
OLE Automation Elevation of Privilege Vulnerability | |||||||
CVE-2020-1212 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
OpenSSH for Windows Elevation of Privilege Vulnerability | |||||||
CVE-2020-1292 | No | No | Less Likely | Less Likely | Important | 8.8 | 7.9 |
Scripting Engine Memory Corruption Vulnerability | |||||||
CVE-2020-1073 | No | No | - | - | Critical | 4.2 | 3.8 |
SharePoint Open Redirect Vulnerability | |||||||
CVE-2020-1323 | No | No | Less Likely | Less Likely | Important | ||
System Center Operations Manager Spoofing Vulnerability | |||||||
CVE-2020-1331 | No | No | - | - | Important | ||
VBScript Remote Code Execution Vulnerability | |||||||
CVE-2020-1213 | No | No | More Likely | More Likely | Critical | ||
CVE-2020-1214 | No | No | More Likely | More Likely | Important | ||
CVE-2020-1215 | No | No | More Likely | More Likely | Important | ||
CVE-2020-1216 | No | No | More Likely | More Likely | Critical | ||
CVE-2020-1230 | No | No | More Likely | More Likely | Important | 7.5 | 6.7 |
CVE-2020-1260 | No | No | More Likely | More Likely | Critical | 6.4 | 5.8 |
Visual Studio Code Live Share Information Disclosure Vulnerability | |||||||
CVE-2020-1343 | No | No | - | - | Important | ||
Win32k Elevation of Privilege Vulnerability | |||||||
CVE-2020-1207 | No | No | More Likely | More Likely | Important | 6.4 | 5.8 |
CVE-2020-1247 | No | No | More Likely | More Likely | Important | 7.0 | 6.3 |
CVE-2020-1310 | No | No | Less Likely | Less Likely | Important | 6.4 | 5.8 |
CVE-2020-1251 | No | No | More Likely | More Likely | Important | 7.0 | 6.3 |
CVE-2020-1253 | No | No | More Likely | More Likely | Important | 6.4 | 5.8 |
Win32k Information Disclosure Vulnerability | |||||||
CVE-2020-1290 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability | |||||||
CVE-2020-1255 | No | No | Less Likely | Less Likely | Important | 8.5 | 7.6 |
Windows Backup Service Elevation of Privilege Vulnerability | |||||||
CVE-2020-1271 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Bluetooth Service Elevation of Privilege Vulnerability | |||||||
CVE-2020-1280 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Denial of Service Vulnerability | |||||||
CVE-2020-1283 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
Windows Diagnostics & feedback Information Disclosure Vulnerability | |||||||
CVE-2020-1296 | No | No | Less Likely | Less Likely | Important | 5.0 | 4.5 |
Windows Elevation of Privilege Vulnerability | |||||||
CVE-2020-1324 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1162 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Error Reporting Elevation of Privilege Vulnerability | |||||||
CVE-2020-1234 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Error Reporting Information Disclosure Vulnerability | |||||||
CVE-2020-1261 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
CVE-2020-1263 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
Windows Error Reporting Manager Elevation of Privilege Vulnerability | |||||||
CVE-2020-1197 | No | No | Less Likely | Less Likely | Important | 6.3 | 5.7 |
Windows Feedback Hub Elevation of Privilege Vulnerability | |||||||
CVE-2020-1199 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows GDI Elevation of Privilege Vulnerability | |||||||
CVE-2020-0915 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-0916 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows GDI Information Disclosure Vulnerability | |||||||
CVE-2020-1348 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
Windows Host Guardian Service Security Feature Bypass Vulnerability | |||||||
CVE-2020-1259 | No | No | Less Likely | Less Likely | Important | 4.3 | 3.9 |
Windows Installer Elevation of Privilege Vulnerability | |||||||
CVE-2020-1277 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1312 | No | No | Less Likely | Less Likely | Important | ||
CVE-2020-1272 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1302 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Kernel Elevation of Privilege Vulnerability | |||||||
CVE-2020-0986 | No | No | Less Likely | Less Likely | Important | ||
CVE-2020-1237 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1246 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1262 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1269 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1274 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1275 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1307 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1316 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1264 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1266 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1273 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1276 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Kernel Security Feature Bypass Vulnerability | |||||||
CVE-2020-1241 | No | No | More Likely | More Likely | Important | 5.3 | 4.8 |
Windows Lockscreen Elevation of Privilege Vulnerability | |||||||
CVE-2020-1279 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability | |||||||
CVE-2020-1204 | No | No | Less Likely | Less Likely | Important | 6.3 | 5.7 |
Windows Modules Installer Service Elevation of Privilege Vulnerability | |||||||
CVE-2020-1254 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Network Connections Service Elevation of Privilege Vulnerability | |||||||
CVE-2020-1291 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.3 |
Windows Network List Service Elevation of Privilege Vulnerability | |||||||
CVE-2020-1209 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.3 |
Windows Now Playing Session Manager Elevation of Privilege Vulnerability | |||||||
CVE-2020-1201 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows OLE Remote Code Execution Vulnerability | |||||||
CVE-2020-1281 | No | No | Less Likely | Less Likely | Critical | 7.8 | 7.0 |
Windows Print Configuration Elevation of Privilege Vulnerability | |||||||
CVE-2020-1196 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.3 |
Windows Registry Denial of Service Vulnerability | |||||||
CVE-2020-1194 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
Windows Remote Code Execution Vulnerability | |||||||
CVE-2020-1300 | No | No | Less Likely | Less Likely | Critical | 7.8 | 7.0 |
Windows Runtime Elevation of Privilege Vulnerability | |||||||
CVE-2020-1334 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1231 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1233 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1235 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1282 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1265 | No | No | - | - | Important | 7.8 | 7.0 |
CVE-2020-1304 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1306 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Runtime Information Disclosure Vulnerability | |||||||
CVE-2020-1217 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.3 |
Windows SMB Remote Code Execution Vulnerability | |||||||
CVE-2020-1301 | No | No | More Likely | More Likely | Important | 7.5 | 6.7 |
Windows SMBv3 Client/Server Denial of Service Vulnerability | |||||||
CVE-2020-1284 | No | No | - | - | Important | 7.5 | 6.7 |
Windows SMBv3 Client/Server Information Disclosure Vulnerability | |||||||
CVE-2020-1206 | No | No | More Likely | More Likely | Important | 8.6 | 7.7 |
Windows Service Information Disclosure Vulnerability | |||||||
CVE-2020-1268 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
Windows Shell Remote Code Execution Vulnerability | |||||||
CVE-2020-1286 | No | No | Less Likely | Less Likely | Critical | 7.8 | 7.0 |
Windows State Repository Service Elevation of Privilege Vulnerability | |||||||
CVE-2020-1305 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Text Service Framework Elevation of Privilege Vulnerability | |||||||
CVE-2020-1314 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.3 |
Windows Update Orchestrator Service Elevation of Privilege Vulnerability | |||||||
CVE-2020-1313 | No | No | Less Likely | Less Likely | Important | ||
Windows WLAN Service Elevation of Privilege Vulnerability | |||||||
CVE-2020-1270 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows WalletService Elevation of Privilege Vulnerability | |||||||
CVE-2020-1294 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-1287 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Word for Android Remote Code Execution Vulnerability | |||||||
CVE-2020-1223 | No | No | - | - | Important |
--
Renato Marinho
Morphus Labs| LinkedIn|Twitter
Comments
Not only does CVE-2020-1206 remind you of CVE-2020-0796; they can also be used together: https://blog.zecops.com/vulnerabilities/smbleedingghost-writeup-chaining-smbleed-cve-2020-1206-with-smbghost/
ZecOps coined it "SMBBleedingGhost" and if I'm not mistaken they published a POC of the exploit chain on their Github: https://github.com/ZecOps/CVE-2020-0796-RCE-POC
Anonymous
Jun 10th 2020
4 years ago
https://docs.microsoft.com/en-us/deployoffice/update-channels-changes
Anonymous
Jun 10th 2020
4 years ago