Microsoft releases over 100 CVEs in June 2020 Patch Tuesday

21st June 2020 | By Mouseworld Now Correspondent |

Microsoft-logoNew Delhi, 20th June, 2020: For the fourth month in a row, Microsoft has patched over 100 CVEs, addressing 129 in the June 2020 Patch Tuesday release. The updates this month include patches for Microsoft Windows, Microsoft Edge, ChakraCore, Internet Explorer, Microsoft Office, Microsoft Office Services and Web Apps, Windows Defender, Microsoft Dynamics, Visual Studio, Azure DevOps and Adobe Flash Player.
“Microsoft continues its streak of releasing patches for over 100 CVEs, as June 2020s Patch Tuesday release contains fixes for 129 CVEs, 11 of which are rated as critical, commented Satnam Narang, Staff Research Engineer at Tenable. “For the second month in a row, none of the vulnerabilities patched this month were exploited in the wild nor publicly disclosed. Most notably in this month’s release are a trio of fixes for vulnerabilities in Microsoft Server Message Block (SMB), two of which reside in SMB version 3.1.1 (SMBv3).”

All three vulnerabilities are rated as Exploitation More Likely based on Microsoft’s Exploitability Index. These include a denial of service vulnerability (CVE-2020-1284) and an information disclosure vulnerability (CVE-2020-1206) in SMBv3. The former can be exploited by an unauthenticated, remote attacker, while the latter requires the attacker to be authenticated. These flaws in SMBv3 follow in the footsteps of CVE-2020-0796, an unauthenticated remote code execution flaw in SMBv3 that was patched back in March that has since been observed being exploited in the wild.CVE-2020-1301 completes the trio of SMB vulnerabilities this month. It is a remote code execution vulnerability in SMBv1.

Now this might create a sense of deja vu, because it reminds us of EternalBlue, another remote code execution vulnerability in SMBv1 that was used in the WannaCry ransomware attacks of 2017.

However, the difference between these two is that EternalBlue could be exploited by an unauthenticated attacker, whereas this flaw requires authentication, according to Microsoft. This vulnerability affects Windows 7 and Windows 2008, both of which reached their end of support in January 2020. However, Microsoft has provided patches for both operating systems.
Despite this, Narang strongly recommend disabling SMBv1, as it is a legacy protocol that should no longer be used. Additionally, upgrading from Windows 7 and Windows 2008 is also recommended by him as Microsoft rarely releases security patches for operating systems that are no longer officially supported.”

Tags: , , , , , , , , , , , , , , , , , ,

Leave your comment

IMPORTANT! To be able to proceed, you need to solve the following simple math

What is 3 + 15 ?
Please leave these two fields as-is:

Mouseworldnow Videos
  • r chandrashekhar president nasscom
  • Anant Maheshwari, President, Microsoft India
  • Suresh_Vaswani-220 by 220

Channel News

  • Capillary Technologies Attains AWS Retail Competency Status more...
  • MG Motor Opens its first digital car-less showroom, MG Digital Studio more...
  • Globus Infocom to Participate in InfoComm India 2019 Expo more...
  • ASUS Opens New ASUS Exclusive Store in B’lore more...
  • COMPUTEX 2019 Successfully Comes to a Close at Taipei more...
dell for SMEs
Subscribe via email

Enter your email address:

Keysight
QUESTION HOUR
What does the mouse ask?

Will the spurt in online video advertisement steal the twinkle from the TV ad platform?

View Results

Loading ... Loading ...
Newsletter Registration