Overview
Microsoft released the June 2020 security patches on Tuesday that fix 130 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including Adobe Flash Player, Android App, Apps, Azure DevOps, Diagnostics Hub, HoloLens, Internet Explorer, Microsoft Browsers, Microsoft Edge, Microsoft Edge (Chromium-based) in IE Mode, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Malware Protection Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, Microsoft Windows PDF, Open Source Software, System Center, Visual Studio, Windows COM, Windows Diagnostic Hub, Windows Error Reporting, Windows Installer, Windows Kernel, Windows Lock Screen, Windows Media, Windows Media Player, Windows OLE, Windows Print Spooler Components, Windows Shell, Windows SMB, Windows Update Stack, and Windows Wallet Service.
Description of Critical and Important Vulnerabilities
The security updates fix 8 critical vulnerabilities and 117 important vulnerabilities. Though no exploit is discovered for these vulnerabilities, users are still strongly recommended to install updates as soon as possible.
- SMB vulnerabilities: CVE-2020-1284, CVE-2020-1206, and CVE-2020-1301
Of three vulnerabilities in Microsoft Server Message Block (SMB), two reside in SMBv3: a denial-of-service vulnerability (CVE-2020-1284) that can be exploited by authenticated attackers and an information disclosure vulnerability (CVE-2020-1206) that can be exploited without authentication. The vulnerability assigned CVE-2020-1301 is a remote code execution vulnerability that requires authentication in SMBv1.
The vulnerability (CVE-2020-1301) reminds people of EternalBlue which is a remote code execution vulnerability in SMBv1 that is exploited by the WannaCry ransomware. Unlike EternalBlue, this vulnerability can be exploited only be authenticated attackers. In addition, SMBv1 is disabled in Windows 10 by default.
The vulnerability (CVE-2020-1301) affects Windows 7 and Windows Server 2008 for which official support has been unavailable since January 2020. However, patches have been released for the two systems. Since patches are available, users of Windows 7 and Windows Server 2008 are advised to upgrade their system as soon as possible:
- Windows Graphics Device Interface (GDI) remote code execution vulnerability:
Through web-based or file sharing attack scenarios, attackers could exploit the vulnerability (CVE-2020-1248) to entice users to access links or open attachments via a specially crafted malicious website or file. Once a user accesses a malicious website or opens a malicious file, the attacker could take full control of the vulnerable system with privileges of the current logged-in user.
- Microsoft Excel remote code execution vulnerabilities: CVE-2020-1225, CVE-2020-1226
An attacker could exploit this vulnerability by enticing a user to open a crafted Excel document. Successful exploitation allows attackers to be able to execute remote code in the context of the current user.
- Microsoft Word for Android remote code execution vulnerability: CVE-2020-1223
A remote code execution vulnerability in Word of certain Android versions allows attackers to execute arbitrary code remotely. Microsoft recommends that users update their application through Google Play.
- VBScript remote code execution vulnerabilities: CVE-2020-1214, CVE-2020-1215, CVE-2020-1216, CVE-2020-1230, and CVE-2020-1260
The VBScript engine does not properly handle objects in memory. Attackers could exploit this vulnerability to execute arbitrary code in the context of the current user.
In a web-based attack scenario, an attacker could build a specially crafted website that is designed to exploit the vulnerability through Internet Explorer, and then convince a user to view the website.
- LNK remote code execution vulnerability: CVE-2020-1299
Microsoft Windows is prone to a remote code execution vulnerability that allows attackers to execute arbitrary code remotely on the target system via a malicious .LNK file.
Remediation
| Product | CVE ID | CVE Title | Severity Level |
| Adobe Flash Player | ADV200010 | June 2020 Adobe Flash Security Update | Critical |
| Microsoft Office SharePoint | CVE-2020-1181 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2020-1213 | VBScript Remote Code Execution Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2020-1216 | VBScript Remote Code Execution Vulnerability | Critical |
| Windows OLE | CVE-2020-1281 | Windows OLE Remote Code Execution Vulnerability | Critical |
| Windows Print Spooler Components | CVE-2020-1300 | Windows Remote Code Execution Vulnerability | Critical |
| Windows Shell | CVE-2020-1286 | Windows Shell Remote Code Execution Vulnerability | Critical |
| Windows Shell | CVE-2020-1299 | LNK Remote Code Execution Vulnerability | Critical |
| Android App | CVE-2020-1223 | Word for Android Remote Code Execution Vulnerability | Important |
| Apps | CVE-2020-1329 | Microsoft Bing Search Spoofing Vulnerability | Important |
| Azure DevOps | CVE-2020-1327 | Azure DevOps Server HTML Injection Vulnerability | Important |
| Diagnostics Hub | CVE-2020-1202 | Diagnostic Hub Standard Collector Privilege Escalation Vulnerability | Important |
| Diagnostics Hub | CVE-2020-1203 | Diagnostic Hub Standard Collector Privilege Escalation Vulnerability | Important |
| Diagnostics Hub | CVE-2020-1278 | Diagnostics Hub Standard Collector Privilege Escalation Vulnerability | Important |
| HoloLens | CVE-2020-1199 | Windows Feedback Hub Privilege Escalation Vulnerability | Important |
| Microsoft Edge | CVE-2020-1242 | Microsoft Edge Information Disclosure Vulnerability | Important |
| Microsoft Edge (Chromium-based) in IE Mode | CVE-2020-1220 | Microsoft Edge (Chromium-based) in IE Mode Spoofing Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-0915 | Windows GDI Privilege Escalation Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-0916 | Windows GDI Privilege Escalation Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-0986 | Windows Kernel Privilege Escalation Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-1348 | Windows GDI Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-1207 | Win32k Privilege Escalation Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-1160 | Microsoft Graphics Component Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-1251 | Win32k Privilege Escalation Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-1253 | Win32k Privilege Escalation Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-1258 | DirectX Privilege Escalation Vulnerability | Important |
| Microsoft JET Database Engine | CVE-2020-1208 | Jet Database Engine Remote Code Execution Vulnerability | Important |
| Microsoft JET Database Engine | CVE-2020-1236 | Jet Database Engine Remote Code Execution Vulnerability | Important |
| Microsoft Malware Protection Engine | CVE-2020-1163 | Microsoft Windows Defender Privilege Escalation Vulnerability | Important |
| Microsoft Malware Protection Engine | CVE-2020-1170 | Microsoft Windows Defender Privilege Escalation Vulnerability | Important |
| Microsoft Office | CVE-2020-1225 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2020-1226 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2020-1229 | Microsoft Outlook Security Function Bypass Vulnerability | Important |
| Microsoft Office | CVE-2020-1321 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2020-1322 | Microsoft Project Information Disclosure Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1183 | Microsoft Office SharePoint XSS Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1148 | Microsoft SharePoint Spoofing Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1295 | Microsoft SharePoint Privilege Escalation Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1298 | Microsoft Office SharePoint XSS Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1320 | Microsoft Office SharePoint XSS Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1177 | Microsoft Office SharePoint XSS Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1178 | Microsoft SharePoint Server Privilege Escalation Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1289 | Microsoft SharePoint Spoofing Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1297 | Microsoft Office SharePoint XSS Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1318 | Microsoft Office SharePoint XSS Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1323 | SharePoint Open Redirect Vulnerability | Important |
| Microsoft Scripting Engine | CVE-2020-1214 | VBScript Remote Code Execution Vulnerability | Important |
| Microsoft Scripting Engine | CVE-2020-1215 | VBScript Remote Code Execution Vulnerability | Important |
| Microsoft Scripting Engine | CVE-2020-1230 | VBScript Remote Code Execution Vulnerability | Important |
| Microsoft Windows | CVE-2020-1334 | Windows Runtime Privilege Escalation Vulnerability | Important |
| Microsoft Windows | CVE-2020-1196 | Windows Print Configuration Privilege Escalation Vulnerability | Important |
| Microsoft Windows | CVE-2020-1197 | Windows Error Reporting Manager Privilege Escalation Vulnerability | Important |
| Microsoft Windows | CVE-2020-1201 | Windows Now Playing Session Manager Privilege Escalation Vulnerability | Important |
| Microsoft Windows | CVE-2020-1204 | Windows Mobile Device Management Diagnostics Privilege Escalation Vulnerability | Important |
| Microsoft Windows | CVE-2020-1209 | Windows Network List Service Privilege Escalation Vulnerability | Important |
| Microsoft Windows | CVE-2020-1211 | Connected Devices Platform Service Privilege Escalation Vulnerability | Important |
| Microsoft Windows | CVE-2020-1217 | Windows Runtime Information Disclosure Vulnerability | Important |
| Microsoft Windows | CVE-2020-1222 | Microsoft Store Runtime Privilege Escalation Vulnerability | Important |
| Microsoft Windows | CVE-2020-1120 | Connected User Experiences and Telemetry Service Denial-of-Service Vulnerability | Important |
| Microsoft Windows | CVE-2020-1194 | Windows Registry Denial-of-Service Vulnerability | Important |
| Microsoft Windows | CVE-2020-1231 | Windows Runtime Privilege Escalation Vulnerability | Important |
| Microsoft Windows | CVE-2020-1233 | Windows Runtime Privilege Escalation Vulnerability | Important |
| Microsoft Windows | CVE-2020-1234 | Windows Error Reporting Privilege Escalation Vulnerability | Important |
| Microsoft Windows | CVE-2020-1235 | Windows Runtime Privilege Escalation Vulnerability | Important |
| Microsoft Windows | CVE-2020-1246 | Windows Kernel Privilege Escalation Vulnerability | Important |
| Microsoft Windows | CVE-2020-1271 | Windows Backup Service Privilege Escalation Vulnerability | Important |
| Microsoft Windows | CVE-2020-1307 | Windows Kernel Privilege Escalation Vulnerability | Important |
| Microsoft Windows | CVE-2020-1312 | Windows Installer Privilege Escalation Vulnerability | Important |
| Microsoft Windows | CVE-2020-1316 | Windows Kernel Privilege Escalation Vulnerability | Important |
| Microsoft Windows | CVE-2020-1324 | Windows Privilege Escalation Vulnerability | Important |
| Microsoft Windows | CVE-2020-1162 | Windows Privilege Escalation Vulnerability | Important |
| Microsoft Windows | CVE-2020-1241 | Windows Kernel Security Function Bypass Vulnerability | Important |
| Microsoft Windows | CVE-2020-1244 | Connected User Experiences and Telemetry Service Denial-of-Service Vulnerability | Important |
| Microsoft Windows | CVE-2020-1255 | Windows Background Intelligent Transfer Service Privilege Escalation Vulnerability | Important |
| Microsoft Windows | CVE-2020-1259 | Windows Host Guardian Service Security Function Bypass Vulnerability | Important |
| Microsoft Windows | CVE-2020-1263 | Windows Error Reporting Information Disclosure Vulnerability | Important |
| Microsoft Windows | CVE-2020-1268 | Windows Service Information Disclosure Vulnerability | Important |
| Microsoft Windows | CVE-2020-1270 | Windows WLAN Service Privilege Escalation Vulnerability | Important |
| Microsoft Windows | CVE-2020-1283 | Windows Denial-of-Service Vulnerability | Important |
| Microsoft Windows | CVE-2020-1290 | Win32k Information Disclosure Vulnerability | Important |
| Microsoft Windows | CVE-2020-1291 | Windows Network Connections Service Privilege Escalation Vulnerability | Important |
| Microsoft Windows | CVE-2020-1292 | OpenSSH for Windows Privilege Escalation Vulnerability | Important |
| Microsoft Windows | CVE-2020-1305 | Windows State Repository Service Privilege Escalation Vulnerability | Important |
| Microsoft Windows | CVE-2020-1306 | Windows Runtime Privilege Escalation Vulnerability | Important |
| Microsoft Windows | CVE-2020-1309 | Microsoft Store Runtime Privilege Escalation Vulnerability | Important |
| Microsoft Windows | CVE-2020-1313 | Windows Update Orchestrator Service Privilege Escalation Vulnerability | Important |
| Microsoft Windows | CVE-2020-1314 | Windows Text Service Framework Privilege Escalation Vulnerability | Important |
| Microsoft Windows | CVE-2020-1317 | Group Policy Privilege Escalation Vulnerability | Important |
| Microsoft Windows PDF | CVE-2020-1248 | GDI+ Remote Code Execution Vulnerability | Important |
| Open Source Software | CVE-2020-1340 | NuGetGallery Spoofing Vulnerability | Important |
| System Center | CVE-2020-1331 | System Center Operations Manager Spoofing Vulnerability | Important |
| Visual Studio | CVE-2020-1343 | Visual Studio Code Live Share Information Disclosure Vulnerability | Important |
| Windows COM | CVE-2020-1311 | Component Object Model Privilege Escalation Vulnerability | Important |
| Windows Diagnostic Hub | CVE-2020-1257 | Diagnostics Hub Standard Collector Privilege Escalation Vulnerability | Important |
| Windows Diagnostic Hub | CVE-2020-1293 | Diagnostics Hub Standard Collector Privilege Escalation Vulnerability | Important |
| Windows Error Reporting | CVE-2020-1261 | Windows Error Reporting Information Disclosure Vulnerability | Important |
| Windows Installer | CVE-2020-1277 | Windows Installer Privilege Escalation Vulnerability | Important |
| Windows Installer | CVE-2020-1272 | Windows Installer Privilege Escalation Vulnerability | Important |
| Windows Installer | CVE-2020-1302 | Windows Installer Privilege Escalation Vulnerability | Important |
| Windows Kernel | CVE-2020-1237 | Windows Kernel Privilege Escalation Vulnerability | Important |
| Windows Kernel | CVE-2020-1247 | Win32k Privilege Escalation Vulnerability | Important |
| Windows Kernel | CVE-2020-1262 | Windows Kernel Privilege Escalation Vulnerability | Important |
| Windows Kernel | CVE-2020-1269 | Windows Kernel Privilege Escalation Vulnerability | Important |
| Windows Kernel | CVE-2020-1274 | Windows Kernel Privilege Escalation Vulnerability | Important |
| Windows Kernel | CVE-2020-1275 | Windows Kernel Privilege Escalation Vulnerability | Important |
| Windows Kernel | CVE-2020-1280 | Windows Bluetooth Service Privilege Escalation Vulnerability | Important |
| Windows Kernel | CVE-2020-1282 | Windows Runtime Privilege Escalation Vulnerability | Important |
| Windows Kernel | CVE-2020-1310 | Win32k Privilege Escalation Vulnerability | Important |
| Windows Kernel | CVE-2020-1264 | Windows Kernel Privilege Escalation Vulnerability | Important |
| Windows Kernel | CVE-2020-1265 | Windows Runtime Privilege Escalation Vulnerability | Important |
| Windows Kernel | CVE-2020-1266 | Windows Kernel Privilege Escalation Vulnerability | Important |
| Windows Kernel | CVE-2020-1273 | Windows Kernel Privilege Escalation Vulnerability | Important |
| Windows Kernel | CVE-2020-1276 | Windows Kernel Privilege Escalation Vulnerability | Important |
| Windows Lock Screen | CVE-2020-1279 | Windows Lockscreen Privilege Escalation Vulnerability | Important |
| Windows Media | CVE-2020-1238 | Media Foundation Memory Corruption Vulnerability | Important |
| Windows Media | CVE-2020-1304 | Windows Runtime Privilege Escalation Vulnerability | Important |
| Windows Media Player | CVE-2020-1232 | Media Foundation Information Disclosure Vulnerability | Important |
| Windows Media Player | CVE-2020-1239 | Media Foundation Memory Corruption Vulnerability | Important |
| Windows OLE | CVE-2020-1212 | OLE Automation Privilege Escalation Vulnerability | Important |
| Windows SMB | CVE-2020-1206 | Windows SMBv3 Client/Server Information Disclosure Vulnerability | Important |
| Windows SMB | CVE-2020-1284 | Windows SMBv3 Client/Server Denial-of-Service Vulnerability | Important |
| Windows SMB | CVE-2020-1301 | Windows SMB Remote Code Execution Vulnerability | Important |
| Windows Update Stack | CVE-2020-1254 | Windows Modules Installer Service Privilege Escalation Vulnerability | Important |
| Windows Wallet Service | CVE-2020-1294 | Windows WalletService Privilege Escalation Vulnerability | Important |
| Windows Wallet Service | CVE-2020-1287 | Windows WalletService Privilege Escalation Vulnerability | Important |
| Internet Explorer | CVE-2020-1315 | Internet Explorer Information Disclosure Vulnerability | Low |
| Microsoft Browsers | CVE-2020-1219 | Microsoft Browser Memory Corruption Vulnerability | Moderate |
| Microsoft Scripting Engine | CVE-2020-1073 | Scripting Engine Memory Corruption Vulnerability | Moderate |
| Microsoft Scripting Engine | CVE-2020-1260 | VBScript Remote Code Execution Vulnerability | Moderate |
| Microsoft Windows | CVE-2020-1296 | Windows Diagnostics & Feedback Information Disclosure Vulnerability | None |
Recommended Mitigation Measure
Microsoft has released the June 2020 security patches to fix these issues. Please install them as soon as possible.
Statement
This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.
About NSFOCUS
NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.
NSFOCUS works with Fortune Global 500 companies, including four of the world’s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA).
A wholly owned subsidiary of NSFOCUS Technologies Group Co., Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.
Download:
