Microsoft has released its monthly security updates, with 129 patched vulnerabilities. Thus, June 2020 has become the fourth month in a row when the tech giant issued fixes for over 100 vulnerabilities found in its products. Out of these, 11 have been deemed “critical”, indicating they may be abused by cyber attackers to gain full, remote control of compromised devices without any user intervention. None of the security flaws have been spotted being exploited in the wild. However, as usual, HeimdalTM Security advises you to apply the updates as soon as possible.

Vulnerabilities found in Microsoft SMB could allow for remote code execution

A major concern among the patches refers to the flaws found in Microsoft’s Server Message Block (SMB). As Brian Krebs writes on his blog, the most alarming one seems to be CVE-2020-1301, which refers to the SMB capabilities built into Windows 7 and Windows 8 – both of these operating systems are no longer being provisioned with updates since January 2020. The risks of exploitation are quite low as attackers would have to be logged into the network to be able to exploit it, but this doesn’t mean postponing the patching process would be a good decision.

On a different note, another critical SMB flaw (tracked CVE-2020-0796) that Microsoft patched for Windows 10 systems back in March could potentially be exploited. According to a recently published proof-of-concept exploit code on GitHub, the vulnerability would allow Windows to communicate with other devices, such as file servers and printers. However, the exploit is not very reliable and oftentimes leads to the “blue screen of death” that Windows displays during system failures. This Microsoft vulnerability (dubbed “SMBGhost”) is highly unlikely to be exploited by attackers that would connect remotely, but it does have the potential for wormable exploits.

Other significant vulnerabilities in the June 2020 Patch Tuesday

Besides the abovementioned SMB vulnerability, here are some more flaws that Microsoft has patched this month that are worth mentioning:

  • CVE-2020-1181– This refers to a remote code execution vulnerability found in Microsoft SharePoint. An attacker who has managed to log into the target’s system would be able to use a “specially crafted page to perform actions in the security context of the SharePoint application pool process.” Once applied, the patch will correct the way Microsoft SharePoint Server handles the processing of created content.
  • CVE-2020-1225CVE-2020-1226– A remote code execution vulnerability can be found in Microsoft Excel, in the sense that the software does not to properly handle objects in memory. If successfully exploited, a cyber-criminal would be able to run arbitrary code. Should the target be logged on with admin rights, the attacker could completely take control of the affected system. Users whose accounts are configured to have fewer user rights than users who operate with administrative user rights could be less affected.
  • CVE-2020-1248– Another remote code execution vulnerability can be seen in the Windows Graphics Device Interface (GDI) in the way the Windows Graphics Device Interface (GDI) handles objects in the memory. Once again, users with full admin rights are more vulnerable, since attackers could completely override their accounts and be able to install software, “view, change, or delete data; or create new accounts with full user rights”.
Heimdal Official Logo

System admins waste 30% of their time manually managing user rights or installations.

Thor AdminPrivilege™

is the automatic Privileged Access Management (PAM) solution
which frees up huge chunks of sys-admin time.
  • Automate the elevation of admin rights on request;
  • Approve or reject escalations with one click;
  • Provide a full audit trail into user behavior;
  • Automatically de-escalate on infection;
Try it for FREE today Offer valid only for companies.

Bottom Line

With so many employees now working remotely, patch management has become a burden for sysadmins.

X-Ploit Resilience offers a very simple solution to patch management, with fully customizable set-and-forget settings for Automatic deployment of software and updates. It also comes with full compliance and CVE/CVSS audit trail and updates are delivered fully repackaged, ad-free, and tested beforehand by our security experts. Our customers receive the patches using encrypted packages inside encrypted HTTPS transfer to their endpoints locally and the distribution is further optimized using a local P2P network between their own machines. What’s more, the built-in software center allows them to remove admin rights and permit their users to click-and-install only the software they approve.

As always, our Thor Foresight Enterprise and X-Ploit Resilience customers keep their organizations safe by applying the latest Microsoft patches in a timely manner.

Learn how automated patch management can add a powerful layer of defense to your organization and get in touch with us today for a free walkthrough.

Heimdal Official Logo

Antivirus is no longer enough to keep an organization’s systems secure.

Thor Foresight Enterprise

Is our next gen proactive shield that stops unknown threats
before they reach your system.
  • Machine learning powered scans for all incoming online traffic;
  • Stops data breaches before sensitive info can be exposed to the outside;
  • Automatic patches for your software and apps with no interruptions;
  • Protection against data leakage, APTs, ransomware and exploits;
Try it for FREE today Offer valid only for companies.
2020.05.13 QUICK READ

Patch Tuesday: Microsoft Fixes 111 Vulnerabilities. Some Allow Remote Code Execution and Admin Rights Abuse

Microsoft's Patch Tuesday March 2020 includes 115 security fixes
2020.03.12 QUICK READ

Patch Tuesday: Microsoft Releases 115 Security Updates, The Biggest Batch Ever Launched

Comments
Teodros Tadelle Abrrlet on June 16, 2020 at 2:18 pm

none

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP