Microsoft June Patch is Largest-Ever Update

Walden Systems Geeks Corner News Microsoft June Patch is Largest-Ever Update Rutherford NJ New Jersey NYC New York City North Bergen County
CielView-Server minimizes redundancy in computing resources while allowing users remote desktop access to virtualized user Desktops. CielView-Desktop provides customized solutions to each user in an organization

Microsoft released a huge update in June. Within the security update, 11 critical remote code-execution flaws were patched in Windows. Unlike other recent monthly updates from Microsoft, its June updates did not include any zero-day vulnerabilities being actively attacked in the wild. Microsoft released patches for 129 CVEs covering Microsoft Windows, Internet Explorer, Microsoft Edge, and Office. This brings the total number of Microsoft patches released this year to 616, only 49 less than the total number of CVEs addressed in all of 2017. Microsoft's June Patch Tuesday volume beats out the update from May, where it released fixes for 111 security flaws, including 16 critical bugs and 96 that are rated important.

Three of the fixes involves Microsofts Server Message Block ( SMB ). Two of these flaws exist in Microsoft Server Message Block 3.1.1 (SMBv3). All three vulnerabilities are notable because they’re rated as “more likely” based on Microsoft's Exploitability Index. The two flaws in SMBv3 include a denial-of-service vulnerability, CVE-2020-1284, and an information disclosure vulnerability, CVE-2020-1206, both of which can be exploited by a remote, authenticated hacker. The third vulnerability patched in Microsoft SMB, CVE-2020-1301, is a remote code execution vulnerability that exists in the way SMBv1 handles requests. To exploit the flaw, a hacker needs to be authenticated and can send a specially crafted packet to a targeted SMBv1 server.


Various critical remote code-execution flaws discovered in VBScript were also patched. The flaws exist in the way that the VBScript engine handles objects in memory; a hacker can corrupt memory in such a way that allows them to execute arbitrary code as the current user. A hacker could host a fake website that is designed to exploit the vulnerability through Internet Explorer and then trick users to view the website. The hacker could gain the same user rights as the current user. The hacker can then install programs, view, change or delete data, or create new accounts with full user rights.