Microsoft Breaks Patch Tuesday Record with Fixes for 129 Vulnerabilities

By Richard Anderson

For the fourth successive month, Microsoft Patch Tuesday has seen more than 100 CVEs patched and June 2020 Patch Tuesday contains the biggest round of updates ever issued. Microsoft has released updates to correct 129  vulnerabilities. That breaks the record set in March when patches were released to correct 115 vulnerabilities.

This month’s update includes patches for 11 critical vulnerabilities, although none are currently being exploited in real world attacks. 109 vulnerabilities are classed as important, with 7 rated as moderate and 2 as low severity. 98 of the vulnerabilities are for operating systems and browsers, with the remainder spread across a range of different Microsoft products.

Applying the patches across all devices can be a challenge at the best of times, but even more so with so many employees working from home with slow internet connections. Priority should be given to the following vulnerabilities, with the Windows OLE and Microsoft SharePoint patches two of the most important.

The 11 critical vulnerabilities are:

Windows OLE

CVE-2020-1281 – Windows OLE Remote Code Execution Vulnerability

Microsoft SharePoint

CVE-2020-1181 – Microsoft SharePoint Server Remote Code Execution Vulnerability

Windows Print Spooler Components

CVE-2020-1300 – Windows Remote Code Execution Vulnerability

Windows Shell

CVE-2020-1299 – LNK Remote Code Execution Vulnerability

CVE-2020-1286 – Windows Shell Remote Code Execution Vulnerability

Microsoft Browsers

CVE-2020-1219 – Microsoft Browser Memory Corruption Vulnerability

Microsoft Scripting Engine

CVE-2020-1073 – Scripting Engine Memory Corruption Vulnerability

CVE-2020-1213 – VBScript Remote Code Execution Vulnerability

CVE-2020-1216 – VBScript Remote Code Execution Vulnerability

Microsoft Windows PDF

CVE-2020-1248 – GDI+ Remote Code Execution Vulnerability

Adobe Flash Player

ADV200010 – Adobe Flash Security Update

Adobe has released fixes for 10 vulnerabilities across Adobe Flash Player, Adobe Experience Manager, and Adobe Framemaker, four of which are rated critical and could lead to remote code execution. The critical vulnerabilities are the use after free vulnerability -CVE-2020-9633 – in Adobe Flash Player, two out of bounds write vulnerabilities – CVE-2020-9634 and CVE-2020-9635 in Adobe Framemaker, and an Adobe Framemaker memory corruption vulnerability , CVE-2020-9636. Intel has also released patches to fix 22 vulnerabilities in its June 2020 Platform Update.

Twitter Facebook LinkedIn Reddit Link copied to clipboard

Posted by

Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news