VERT Threat Alert: June 2020 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s June 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-888 on Wednesday, June 10th.
In-The-Wild & Disclosed CVEs
None of the vulnerabilities resolved this month have been publicly disclosed or exploited according to Microsoft.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.
Tag | CVE Count | CVEs |
Open Source Software | 1 | CVE-2020-1340 |
HoloLens | 1 | CVE-2020-1199 |
Microsoft Windows | 40 | CVE-2020-1334, CVE-2020-1196, CVE-2020-1197, CVE-2020-1201, CVE-2020-1204, CVE-2020-1209, CVE-2020-1211, CVE-2020-1217, CVE-2020-1222, CVE-2020-1120, CVE-2020-1194, CVE-2020-1231, CVE-2020-1233, CVE-2020-1234, CVE-2020-1235, CVE-2020-1246, CVE-2020-1271, CVE-2020-1307, CVE-2020-1312, CVE-2020-1316, CVE-2020-1324, CVE-2020-1162, CVE-2020-1241, CVE-2020-1244, CVE-2020-1255, CVE-2020-1259, CVE-2020-1263, CVE-2020-1268, CVE-2020-1270, CVE-2020-1283, CVE-2020-1290, CVE-2020-1291, CVE-2020-1292, CVE-2020-1296, CVE-2020-1305, CVE-2020-1306, CVE-2020-1309, CVE-2020-1313, CVE-2020-1314, CVE-2020-1317 |
Microsoft Malware Protection Engine | 2 | CVE-2020-1163, CVE-2020-1170 |
Apps | 1 | CVE-2020-1329 |
Microsoft Edge | 1 | CVE-2020-1242 |
Windows Media | 2 | CVE-2020-1238, CVE-2020-1304 |
Windows Installer | 3 | CVE-2020-1277, CVE-2020-1272, CVE-2020-1302 |
Visual Studio | 1 | CVE-2020-1343 |
Internet Explorer | 1 | CVE-2020-1315 |
Android App | 1 | CVE-2020-1223 |
Microsoft Browsers | 1 | CVE-2020-1219 |
Microsoft Office SharePoint | 12 | CVE-2020-1181, CVE-2020-1183, CVE-2020-1148, CVE-2020-1295, CVE-2020-1298, CVE-2020-1320, CVE-2020-1177, CVE-2020-1178, CVE-2020-1289, CVE-2020-1297, CVE-2020-1318, CVE-2020-1323 |
Microsoft JET Database Engine | 2 | CVE-2020-1208, CVE-2020-1236 |
Microsoft Graphics Component | 9 | CVE-2020-0915, CVE-2020-0916, CVE-2020-0986, CVE-2020-1348, CVE-2020-1207, CVE-2020-1160, CVE-2020-1251, CVE-2020-1253, CVE-2020-1258 |
Windows Lock Screen | 1 | CVE-2020-1279 |
Windows Error Reporting | 1 | CVE-2020-1261 |
Windows Shell | 2 | CVE-2020-1286, CVE-2020-1299 |
Diagnostics Hub | 3 | CVE-2020-1202, CVE-2020-1203, CVE-2020-1278 |
Windows Kernel | 14 | CVE-2020-1237, CVE-2020-1247, CVE-2020-1262, CVE-2020-1269, CVE-2020-1274, CVE-2020-1275, CVE-2020-1280, CVE-2020-1282, CVE-2020-1310, CVE-2020-1264, CVE-2020-1265, CVE-2020-1266, CVE-2020-1273, CVE-2020-1276 |
Microsoft Office | 5 | CVE-2020-1225, CVE-2020-1226, CVE-2020-1229, CVE-2020-1321, CVE-2020-1322 |
Microsoft Edge (Chromium-based) in IE Mode | 1 | CVE-2020-1220 |
System Center | 1 | CVE-2020-1331 |
Windows Diagnostic Hub | 2 | CVE-2020-1257, CVE-2020-1293 |
Microsoft Scripting Engine | 7 | CVE-2020-1213, CVE-2020-1214, CVE-2020-1215, CVE-2020-1216, CVE-2020-1073, CVE-2020-1230, CVE-2020-1260 |
Windows OLE | 2 | CVE-2020-1212, CVE-2020-1281 |
Windows Update Stack | 1 | CVE-2020-1254 |
Windows Print Spooler Components | 1 | CVE-2020-1300 |
Windows Media Player | 2 | CVE-2020-1232, CVE-2020-1239 |
Windows COM | 1 | CVE-2020-1311 |
Azure DevOps | 1 | CVE-2020-1327 |
Microsoft Windows PDF | 1 | CVE-2020-1248 |
Windows Wallet Service | 2 | CVE-2020-1294, CVE-2020-1287 |
Windows SMB | 3 | CVE-2020-1206, CVE-2020-1284, CVE-2020-1301 |
Â
Other Information
In addition to the Microsoft vulnerabilities included in the June Security Guidance, an advisory was released today.
June 2020 Adobe Flash Security Update [ADV200010]
Microsoft has released an advisory for Adobe Security Bulletin APSB20-30. This advisory contains updates for CVE-2020-9633.
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tyler Reguly. Read the original post at: https://www.tripwire.com/state-of-security/vert/vert-threat-alert-june-2020-patch-tuesday-analysis/
