Image: ZDNet
Microsoft has released today the June 2020 Patch Tuesday, the company’s monthly security updates.
This month, Redmond engineers have patched 129 vulnerabilities, making this the largest Patch Tuesday release in the company’s history.
The good news is that despite this month’s bulkiness, none of the vulnerabilities have been exploited in the wild before Microsoft released patches today (no zero-days).
System administrators who manage large fleets of computers — such as those deployed across enterprises and government organizations — are advised to test today’s updates for any bugs and deploy them as soon as possible.
Malware authors are known to keep on eye out on Microsoft’s monthly security updates, select the most useful bugs, and patch-diff the security updates to find the exact bug that Microsoft fixed — so they can weaponize it as soon as possible.
Among the most serious bugs patched this month, we list:
Below is some useful information about today’s Patch Tuesday, but also the security updates released by other companies this month.
- Microsoft’s official Security Update Guide portal lists all security updates in a filterable table.
- ZDNet has published this file listing all this month’s security advisories on one single page.
- Adobe’s security updates are detailed here.
- SAP security updates are available here.
- VMWare security updates are available here.
- Intel security updates are detailed here.
- Firefox security updates have been released last week, with the release of Firefox v77.
- The Android Security Bulletin for June 2020 is detailed here. Patches started rolling out to users’ phones last week.
| Tag | CVE ID | CVE Title |
|---|---|---|
| Android App | CVE-2020-1223 | Word for Android Remote Code Execution Vulnerability |
| Apps | CVE-2020-1329 | Microsoft Bing Search Spoofing Vulnerability |
| Azure DevOps | CVE-2020-1327 | Azure DevOps Server HTML Injection Vulnerability |
| Diagnostics Hub | CVE-2020-1278 | Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability |
| Diagnostics Hub | CVE-2020-1203 | Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability |
| Diagnostics Hub | CVE-2020-1202 | Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability |
| HoloLens | CVE-2020-1199 | Windows Feedback Hub Elevation of Privilege Vulnerability |
| Internet Explorer | CVE-2020-1315 | Internet Explorer Information Disclosure Vulnerability |
| Microsoft Browsers | CVE-2020-1219 | Microsoft Browser Memory Corruption Vulnerability |
| Microsoft Edge | CVE-2020-1242 | Microsoft Edge Information Disclosure Vulnerability |
| Microsoft Edge (Chromium-based) in IE Mode | CVE-2020-1220 | Microsoft Edge (Chromium-based) in IE Mode Spoofing Vulnerability |
| Microsoft Graphics Component | CVE-2020-1207 | Win32k Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2020-1258 | DirectX Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2020-1251 | Win32k Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2020-1160 | Microsoft Graphics Component Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2020-0915 | Windows GDI Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2020-1253 | Win32k Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2020-1348 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2020-0986 | Windows Kernel Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2020-0916 | Windows GDI Elevation of Privilege Vulnerability |
| Microsoft JET Database Engine | CVE-2020-1236 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2020-1208 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft Malware Protection Engine | CVE-2020-1163 | Microsoft Windows Defender Elevation of Privilege Vulnerability |
| Microsoft Malware Protection Engine | CVE-2020-1170 | Microsoft Windows Defender Elevation of Privilege Vulnerability |
| Microsoft Office | CVE-2020-1226 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-1225 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-1229 | Microsoft Outlook Security Feature Bypass Vulnerability |
| Microsoft Office | CVE-2020-1321 | Microsoft Office Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-1322 | Microsoft Project Information Disclosure Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1289 | Microsoft SharePoint Spoofing Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1181 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1148 | Microsoft SharePoint Spoofing Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1183 | Microsoft Office SharePoint XSS Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1318 | Microsoft Office SharePoint XSS Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1295 | Microsoft SharePoint Elevation of Privilege Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1298 | Microsoft Office SharePoint XSS Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1323 | SharePoint Open Redirect Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1297 | Microsoft Office SharePoint XSS Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1178 | Microsoft SharePoint Server Elevation of Privilege Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1177 | Microsoft Office SharePoint XSS Vulnerability |
| Microsoft Office SharePoint | CVE-2020-1320 | Microsoft Office SharePoint XSS Vulnerability |
| Microsoft Scripting Engine | CVE-2020-1260 | VBScript Remote Code Execution Vulnerability |
| Microsoft Scripting Engine | CVE-2020-1215 | VBScript Remote Code Execution Vulnerability |
| Microsoft Scripting Engine | CVE-2020-1230 | VBScript Remote Code Execution Vulnerability |
| Microsoft Scripting Engine | CVE-2020-1073 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2020-1214 | VBScript Remote Code Execution Vulnerability |
| Microsoft Scripting Engine | CVE-2020-1216 | VBScript Remote Code Execution Vulnerability |
| Microsoft Scripting Engine | CVE-2020-1213 | VBScript Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2020-1324 | Windows Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1162 | Windows Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1305 | Windows State Repository Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1313 | Windows Update Orchestrator Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1316 | Windows Kernel Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1309 | Microsoft Store Runtime Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1312 | Windows Installer Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1306 | Windows Runtime Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1296 | Windows Diagnostics & feedback Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2020-1270 | Windows WLAN Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1255 | Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1283 | Windows Denial of Service Vulnerability |
| Microsoft Windows | CVE-2020-1263 | Windows Error Reporting Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2020-1259 | Windows Host Guardian Service Security Feature Bypass Vulnerability |
| Microsoft Windows | CVE-2020-1268 | Windows Service Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2020-1290 | Win32k Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2020-1291 | Windows Network Connections Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1292 | OpenSSH for Windows Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1317 | Group Policy Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1244 | Connected User Experiences and Telemetry Service Denial of Service Vulnerability |
| Microsoft Windows | CVE-2020-1241 | Windows Kernel Security Feature Bypass Vulnerability |
| Microsoft Windows | CVE-2020-1314 | Windows Text Service Framework Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1271 | Windows Backup Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1222 | Microsoft Store Runtime Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1120 | Connected User Experiences and Telemetry Service Denial of Service Vulnerability |
| Microsoft Windows | CVE-2020-1201 | Windows Now Playing Session Manager Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1233 | Windows Runtime Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1246 | Windows Kernel Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1235 | Windows Runtime Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1234 | Windows Error Reporting Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1197 | Windows Error Reporting Manager Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1194 | Windows Registry Denial of Service Vulnerability |
| Microsoft Windows | CVE-2020-1231 | Windows Runtime Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1209 | Windows Network List Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1204 | Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1307 | Windows Kernel Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1211 | Connected Devices Platform Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1196 | Windows Print Configuration Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1334 | Windows Runtime Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-1217 | Windows Runtime Information Disclosure Vulnerability |
| Microsoft Windows PDF | CVE-2020-1248 | GDI+ Remote Code Execution Vulnerability |
| Open Source Software | CVE-2020-1340 | NuGetGallery Spoofing Vulnerability |
| System Center | CVE-2020-1331 | System Center Operations Manager Spoofing Vulnerability |
| Visual Studio | CVE-2020-1343 | Visual Studio Code Live Share Information Disclosure Vulnerability |
| Windows COM | CVE-2020-1311 | Component Object Model Elevation of Privilege Vulnerability |
| Windows Diagnostic Hub | CVE-2020-1293 | Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability |
| Windows Diagnostic Hub | CVE-2020-1257 | Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability |
| Windows Error Reporting | CVE-2020-1261 | Windows Error Reporting Information Disclosure Vulnerability |
| Windows Installer | CVE-2020-1272 | Windows Installer Elevation of Privilege Vulnerability |
| Windows Installer | CVE-2020-1302 | Windows Installer Elevation of Privilege Vulnerability |
| Windows Installer | CVE-2020-1277 | Windows Installer Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2020-1276 | Windows Kernel Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2020-1310 | Win32k Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2020-1273 | Windows Kernel Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2020-1280 | Windows Bluetooth Service Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2020-1275 | Windows Kernel Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2020-1247 | Win32k Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2020-1274 | Windows Kernel Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2020-1262 | Windows Kernel Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2020-1237 | Windows Kernel Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2020-1266 | Windows Kernel Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2020-1269 | Windows Kernel Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2020-1282 | Windows Runtime Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2020-1264 | Windows Kernel Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2020-1265 | Windows Runtime Elevation of Privilege Vulnerability |
| Windows Lock Screen | CVE-2020-1279 | Windows Lockscreen Elevation of Privilege Vulnerability |
| Windows Media | CVE-2020-1238 | Media Foundation Memory Corruption Vulnerability |
| Windows Media | CVE-2020-1304 | Windows Runtime Elevation of Privilege Vulnerability |
| Windows Media Player | CVE-2020-1239 | Media Foundation Memory Corruption Vulnerability |
| Windows Media Player | CVE-2020-1232 | Media Foundation Information Disclosure Vulnerability |
| Windows OLE | CVE-2020-1281 | Windows OLE Remote Code Execution Vulnerability |
| Windows OLE | CVE-2020-1212 | OLE Automation Elevation of Privilege Vulnerability |
| Windows Print Spooler Components | CVE-2020-1300 | Windows Remote Code Execution Vulnerability |
| Windows Shell | CVE-2020-1299 | LNK Remote Code Execution Vulnerability |
| Windows Shell | CVE-2020-1286 | Windows Shell Remote Code Execution Vulnerability |
| Windows SMB | CVE-2020-1206 | Windows SMBv3 Client/Server Information Disclosure Vulnerability |
| Windows SMB | CVE-2020-1284 | Windows SMBv3 Client/Server Denial of Service Vulnerability |
| Windows SMB | CVE-2020-1301 | Windows SMB Remote Code Execution Vulnerability |
| Windows Update Stack | CVE-2020-1254 | Windows Modules Installer Service Elevation of Privilege Vulnerability |
| Windows Wallet Service | CVE-2020-1294 | Windows WalletService Elevation of Privilege Vulnerability |
| Windows Wallet Service | CVE-2020-1287 | Windows WalletService Elevation of Privilege Vulnerability |
