For the fourth successive month, Microsoft Patch Tuesday has seen more than 100 CVEs patched and June 2020 Patch Tuesday contains the biggest round of updates ever issued. Microsoft has released updates to correct 129 vulnerabilities. That breaks the record set in March when patches were released to correct 115 vulnerabilities.
This month’s update includes patches for 11 critical vulnerabilities, although none are currently being exploited in real world attacks. 109 vulnerabilities are classed as important, with 7 rated as moderate and 2 as low severity. 98 of the vulnerabilities are for operating systems and browsers, with the remainder spread across a range of different Microsoft products.
Applying the patches across all devices can be a challenge at the best of times, but even more so with so many employees working from home with slow internet connections. Priority should be given to the following vulnerabilities, with the Windows OLE and Microsoft SharePoint patches two of the most important.
The 11 critical vulnerabilities are:
Windows OLE
CVE-2020-1281 – Windows OLE Remote Code Execution Vulnerability
Microsoft SharePoint
CVE-2020-1181 – Microsoft SharePoint Server Remote Code Execution Vulnerability
Windows Print Spooler Components
CVE-2020-1300 – Windows Remote Code Execution Vulnerability
Windows Shell
CVE-2020-1299 – LNK Remote Code Execution Vulnerability
CVE-2020-1286 – Windows Shell Remote Code Execution Vulnerability
Microsoft Browsers
CVE-2020-1219 – Microsoft Browser Memory Corruption Vulnerability
Microsoft Scripting Engine
CVE-2020-1073 – Scripting Engine Memory Corruption Vulnerability
CVE-2020-1213 – VBScript Remote Code Execution Vulnerability
CVE-2020-1216 – VBScript Remote Code Execution Vulnerability
Microsoft Windows PDF
CVE-2020-1248 – GDI+ Remote Code Execution Vulnerability
Adobe Flash Player
ADV200010 – Adobe Flash Security Update
Adobe has released fixes for 10 vulnerabilities across Adobe Flash Player, Adobe Experience Manager, and Adobe Framemaker, four of which are rated critical and could lead to remote code execution. The critical vulnerabilities are the use after free vulnerability -CVE-2020-9633 – in Adobe Flash Player, two out of bounds write vulnerabilities – CVE-2020-9634 and CVE-2020-9635 in Adobe Framemaker, and an Adobe Framemaker memory corruption vulnerability , CVE-2020-9636. Intel has also released patches to fix 22 vulnerabilities in its June 2020 Platform Update.