Patch Tuesday (June 2020): Microsoft Has Issued Fixes for 129 Vulnerabilities
This has become the largest Patch Tuesday batch in Microsoft’s history
Microsoft has released its monthly security updates, with 129 patched vulnerabilities. Thus, June 2020 has become the fourth month in a row when the tech giant issued fixes for over 100 vulnerabilities found in its products. Out of these, 11 have been deemed “critical”, indicating they may be abused by cyber attackers to gain full, remote control of compromised devices without any user intervention. None of the security flaws have been spotted being exploited in the wild. However, as usual, HeimdalTM Security advises you to apply the updates as soon as possible.
Vulnerabilities found in Microsoft SMB could allow for remote code execution
A major concern among the patches refers to the flaws found in Microsoft’s Server Message Block (SMB). As Brian Krebs writes on his blog, the most alarming one seems to be CVE-2020-1301, which refers to the SMB capabilities built into Windows 7 and Windows 8 – both of these operating systems are no longer being provisioned with updates since January 2020. The risks of exploitation are quite low as attackers would have to be logged into the network to be able to exploit it, but this doesn’t mean postponing the patching process would be a good decision.
On a different note, another critical SMB flaw (tracked CVE-2020-0796) that Microsoft patched for Windows 10 systems back in March could potentially be exploited. According to a recently published proof-of-concept exploit code on GitHub, the vulnerability would allow Windows to communicate with other devices, such as file servers and printers. However, the exploit is not very reliable and oftentimes leads to the “blue screen of death” that Windows displays during system failures. This Microsoft vulnerability (dubbed “SMBGhost”) is highly unlikely to be exploited by attackers that would connect remotely, but it does have the potential for wormable exploits.
Other significant vulnerabilities in the June 2020 Patch Tuesday
Besides the abovementioned SMB vulnerability, here are some more flaws that Microsoft has patched this month that are worth mentioning:
- CVE-2020-1181– This refers to a remote code execution vulnerability found in Microsoft SharePoint. An attacker who has managed to log into the target’s system would be able to use a “specially crafted page to perform actions in the security context of the SharePoint application pool process.” Once applied, the patch will correct the way Microsoft SharePoint Server handles the processing of created content.
- CVE-2020-1225, CVE-2020-1226– A remote code execution vulnerability can be found in Microsoft Excel, in the sense that the software does not to properly handle objects in memory. If successfully exploited, a cyber-criminal would be able to run arbitrary code. Should the target be logged on with admin rights, the attacker could completely take control of the affected system. Users whose accounts are configured to have fewer user rights than users who operate with administrative user rights could be less affected.
- CVE-2020-1248– Another remote code execution vulnerability can be seen in the Windows Graphics Device Interface (GDI) in the way the Windows Graphics Device Interface (GDI) handles objects in the memory. Once again, users with full admin rights are more vulnerable, since attackers could completely override their accounts and be able to install software, “view, change, or delete data; or create new accounts with full user rights”.
Heimdal® Privileged Access Management
- Automate the elevation of admin rights on request;
- Approve or reject escalations with one click;
- Provide a full audit trail into user behavior;
- Automatically de-escalate on infection;
With so many employees now working remotely, patch management has become a burden for sysadmins.
Heimdal™ Patch & Asset Management offers a very simple solution to patch management, with fully customizable set-and-forget settings for Automatic deployment of software and updates. It also comes with full compliance and CVE/CVSS audit trail and updates are delivered fully repackaged, ad-free, and tested beforehand by our security experts. Our customers receive the patches using encrypted packages inside encrypted HTTPS transfer to their endpoints locally and the distribution is further optimized using a local P2P network between their own machines. What’s more, the built-in software center allows them to remove admin rights and permit their users to click and install only the software they approve.
Learn how automated patch management can add a powerful layer of defense to your organization and get in touch with us today for a free walkthrough.
Heimdal® Threat Prevention - Endpoint
- Machine learning powered scans for all incoming online traffic;
- Stops data breaches before sensitive info can be exposed to the outside;
- Advanced DNS, HTTP and HTTPS filtering for all your endpoints;
- Protection against data leakage, APTs, ransomware and exploits;