Microsoft has released June Patch Tuesday, security updates with a total release of 130 vulnerabilities in the family of Windows operating systems and related products. This is the highest number of CVE’s Microsoft has reported in a single month. In which, 11 are classified as Critical with Remote Code Execution(RCE) whereas 118 are reported as Important in which more than half are under Elevation of Privilege (EOP) category.
The vulnerabilities classified as critical are Remote Code Execution(RCE) and which are classified as important are Elevation of Privilege(EOP) that reside in the Microsoft Windows, Microsoft Sharepoint, Internet Explorer (IE), Microsoft Edge (EdgeHTML-based and Chromium-based in IE Mode), ChakraCore, Microsoft Excel, Microsoft Apps for Android, etc.
No zero day vulnerabilities are reported and the bugs being patched were not publicly known or under-active attack at the time of release.
Interesting Vulnerabilities :
LNK Remote Code Execution Vulnerability | CVE-2020-1299 :
- The vulnerability exists in Microsoft Windows which could allow remote code execution if a .LNK file is processed. The .LNK file is a shortcut or “link”. An attacker can trick a user by giving a removable drive or anything similar to this which contains a .LNK file associated with a malicious binary. When Victim tries to open the drive the malicious binary could execute the code.
- Successful exploitation of the vulnerability could allow attacker to achieve the same user rights as the local user. Users with administrative rights are highly impacted as compared to users having fewer rights.
Windows Remote Code Execution Vulnerability (Cabinet Files) | CVE-2020-1300 :
- The vulnerability exists in Microsoft Windows when it fails to properly handle cabinet(.CAB) files. An attacker would have to convince the user to open a specially crafted cabinet file or trick a user by spoofing a network printer to install a malicious cabinet file as a disguised printer driver.
- It would not be surprising to see this exploit, as users are often conditioned into trusting the printer drivers when offered. Successful exploitation could allow an attacker to get arbitrary code execution on a target system.
Windows OLE Remote Code Execution Vulnerability | CVE-2020-1281 :
- The vulnerability exists when the malicious code could be executed by an attacker when Windows OLE fails to validate user input. Since this bug involves the OLE Data Structures, multiple file types could be used by the attacker.
- A remote attacker could trick the user into opening either a specially crafted file or a program from either a web-page or an email message and execute arbitrary code on the target system.
Windows SMB Remote Code Execution Vulnerability | CVE-2020-1301 :
- Remote code execution vulnerability exists in the way SMBv1 handles requests. This vulnerability, named “SMBLost“, is much less harmful than “SMBGhost” or the “Eternal Blue” as it requires two prerequisites. First, the attacker has to have user credentials to connect with the remote share folder and other it would seem that a partition such as “C:\”, “D:\” and so on are to be shared on the server.
- To exploit the vulnerability an attacker has to send a specially crafted packet to the target SMBv1 Server. After successful exploitation of the vulnerability, an attacker could gain the ability to execute code on the target server.
Windows Kernel Security Feature Bypass Vulnerability | CVE-2020-1241 :
- An Elevation of Privilege Vulnerability exists in Window that allows a local attacker to bypass implemented security restrictions as Windows kernel fails to sanitize user supplied inputs with certain parameters.
- To exploit this vulnerability, A locally-authenticated attacker could attempt to run a specially crafted application on a targeted system. On successful exploitation, an attacker could gain administrative rights or high level privileges on the target system.
Microsoft Security Bulletin Summary for June 2020:
- Microsoft Windows
- Microsoft Edge (EdgeHTML-based)
- Microsoft ChakraCore
- Internet Explorer
- Microsoft Office and Microsoft Office Services and Web Apps
- Microsoft Dynamics
- Visual Studio Code
- Adobe Flash Player
- Microsoft Apps for Android
- Windows App Store
- System Center
- Android App
- Microsoft .NET Framework
Product: Microsoft Windows
CVEs/Advisory: CVE-2020-1028 ,CVE-2020-1117 ,CVE-2020-1126 ,CVE-2020-1136 ,CVE-2020-1153 ,CVE-2020-1248 ,CVE-2020-1281 ,CVE-2020-1286 ,CVE-2020-1299 ,CVE-2020-1300.
Impact: Denial of Service, Elevation of Privilege, Information Disclosure, Remote Code Execution, Security Feature Bypass, Spoofing
KBs: 4551853 ,4556799 ,4556807 ,4556812 ,4556813 ,4556826 ,4556840 ,4556846 ,4556852 ,4556853 ,4557957 ,4560960 ,4561602 ,4561608 ,4561612 ,4561616 ,4561621 ,4561649 ,4561666 ,4561673 ,4561674.
Product: Microsoft Edge (EdgeHTML-based)
CVEs/Advisory: CVE-2020-1037 ,CVE-2020-1056 ,CVE-2020-1065 ,CVE-2020-1073 ,CVE-2020-1219 .
Impact: Elevation of Privilege, Remote Code Execution, Spoofing, Information Disclosure
KBs: 4551853 ,4556799 ,4556807 ,4556812 ,4556813 ,4556826 ,4557957 ,4560960 ,4561602 ,4561608 ,4561616 ,4561621 ,4561649.
Product: Internet Explorer
CVEs/Advisory: CVE-2020-1062 ,CVE-2020-1064 ,CVE-2020-1093 ,CVE-2020-1213 ,CVE-2020-1216 ,CVE-2020-1219 ,CVE-2020-1260.
Impact: Remote Code Execution
KBs: 4551853 ,4556798 ,4556799 ,4556807 ,4556812 ,4556813 ,4556826 ,4556836 ,4556846 ,4557957 ,4560960 ,4561602 ,4561603 ,4561608 ,4561616 ,4561621 ,4561643 ,4561649 ,4561666.
Product: Microsoft Office and Apps
CVEs/Advisory: CVE-2020-1023 ,CVE-2020-1024 ,CVE-2020-1069 ,CVE-2020-1102 ,CVE-2020-1181.
Impact: Information Disclosure, Remote Code Execution, Spoofing
KBs: 4484332 ,4484336 ,4484364 ,4484391 ,4484400 ,4484402 ,4484409.
Product: Visual Studio Code
Impact: Remote Code Execution