Microsoft releases over 100 CVEs in June 2020 Patch Tuesday

21st June 2020 | By Mouseworld Now Correspondent |

Microsoft-logoNew Delhi, 20th June, 2020: For the fourth month in a row, Microsoft has patched over 100 CVEs, addressing 129 in the June 2020 Patch Tuesday release. The updates this month include patches for Microsoft Windows, Microsoft Edge, ChakraCore, Internet Explorer, Microsoft Office, Microsoft Office Services and Web Apps, Windows Defender, Microsoft Dynamics, Visual Studio, Azure DevOps and Adobe Flash Player.
“Microsoft continues its streak of releasing patches for over 100 CVEs, as June 2020s Patch Tuesday release contains fixes for 129 CVEs, 11 of which are rated as critical, commented Satnam Narang, Staff Research Engineer at Tenable. “For the second month in a row, none of the vulnerabilities patched this month were exploited in the wild nor publicly disclosed. Most notably in this month’s release are a trio of fixes for vulnerabilities in Microsoft Server Message Block (SMB), two of which reside in SMB version 3.1.1 (SMBv3).”

All three vulnerabilities are rated as Exploitation More Likely based on Microsoft’s Exploitability Index. These include a denial of service vulnerability (CVE-2020-1284) and an information disclosure vulnerability (CVE-2020-1206) in SMBv3. The former can be exploited by an unauthenticated, remote attacker, while the latter requires the attacker to be authenticated. These flaws in SMBv3 follow in the footsteps of CVE-2020-0796, an unauthenticated remote code execution flaw in SMBv3 that was patched back in March that has since been observed being exploited in the wild.CVE-2020-1301 completes the trio of SMB vulnerabilities this month. It is a remote code execution vulnerability in SMBv1.

Now this might create a sense of deja vu, because it reminds us of EternalBlue, another remote code execution vulnerability in SMBv1 that was used in the WannaCry ransomware attacks of 2017.

However, the difference between these two is that EternalBlue could be exploited by an unauthenticated attacker, whereas this flaw requires authentication, according to Microsoft. This vulnerability affects Windows 7 and Windows 2008, both of which reached their end of support in January 2020. However, Microsoft has provided patches for both operating systems.
Despite this, Narang strongly recommend disabling SMBv1, as it is a legacy protocol that should no longer be used. Additionally, upgrading from Windows 7 and Windows 2008 is also recommended by him as Microsoft rarely releases security patches for operating systems that are no longer officially supported.”

Tags: , , , , , , , , , , , , , , , , , ,

Leave your comment

IMPORTANT! To be able to proceed, you need to solve the following simple math

What is 15 + 7 ?
Please leave these two fields as-is:

Mouseworldnow Videos
  • r chandrashekhar president nasscom
  • Anant Maheshwari, President, Microsoft India
  • Suresh_Vaswani-220 by 220

Channel News

  • CRG Solutions Named SingleStore’s Value-Added Reseller Partner more...
  • Vijay Sales Announces Big New Year Discounts on iPhones on its eCommerce Platform more...
  • Capillary Technologies Attains AWS Retail Competency Status more...
  • MG Motor Opens its first digital car-less showroom, MG Digital Studio more...
  • Globus Infocom to Participate in InfoComm India 2019 Expo more...
Zebronics Zeb-County Bluetooth Speaker
Cosmic Byte GS410 Headphones with Mic and for PS4, Xbox One, Laptop, PC, iPhone and Android Phones
Advertisement
Subscribe via email

Enter your email address:

Keysight
QUESTION HOUR
What does the mouse ask?

Will the spurt in online video advertisement steal the twinkle from the TV ad platform?

View Results

Loading ... Loading ...
Newsletter Registration