VERT Threat Alert: July 2020 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s July 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-895 on Wednesday, July 15th.
In-The-Wild & Disclosed CVEs
CVE-2020-1463
A vulnerability in the SharedStream Library could allow a locally authenticated attacker to run a malicious application in order to elevate their privileges.
Microsoft has rated this as a 2 (Exploitation Less Likely) on the latest software release on the Exploitability Index.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.
Tag | CVE Count | CVEs |
Windows Update Stack | 3 | CVE-2020-1424, CVE-2020-1346, CVE-2020-1392 |
Windows Hyper-V | 6 | CVE-2020-1032, CVE-2020-1036, CVE-2020-1040, CVE-2020-1041, CVE-2020-1043, CVE-2020-1042 |
Skype for Business | 1 | CVE-2020-1025 |
Windows Subsystem for Linux | 1 | CVE-2020-1423 |
Microsoft JET Database Engine | 3 | CVE-2020-1400, CVE-2020-1401, CVE-2020-1407 |
Microsoft Windows | 51 | CVE-2020-1350, CVE-2020-1418, CVE-2020-1420, CVE-2020-1421, CVE-2020-1422, CVE-2020-1347, CVE-2020-1352, CVE-2020-1353, CVE-2020-1354, CVE-2020-1356, CVE-2020-1359, CVE-2020-1363, CVE-2020-1365, CVE-2020-1366, CVE-2020-1370, CVE-2020-1371, CVE-2020-1372, CVE-2020-1373, CVE-2020-1374, CVE-2020-1375, CVE-2020-1384, CVE-2020-1385, CVE-2020-1386, CVE-2020-1387, CVE-2020-1390, CVE-2020-1391, CVE-2020-1393, CVE-2020-1394, CVE-2020-1395, CVE-2020-1398, CVE-2020-1399, CVE-2020-1402, CVE-2020-1404, CVE-2020-1405, CVE-2020-1406, CVE-2020-1410, CVE-2020-1413, CVE-2020-1427, CVE-2020-1428, CVE-2020-1429, CVE-2020-1430, CVE-2020-1431, CVE-2020-1434, CVE-2020-1437, CVE-2020-1438, CVE-2020-1463, CVE-2020-1249, CVE-2020-1267, CVE-2020-1333, CVE-2020-1085, CVE-2020-1330 |
Microsoft Malware Protection Engine | 1 | CVE-2020-1461 |
Microsoft Edge | 2 | CVE-2020-1433, CVE-2020-1462 |
Windows WalletService | 5 | CVE-2020-1344, CVE-2020-1361, CVE-2020-1362, CVE-2020-1364, CVE-2020-1369 |
.NET Framework | 1 | CVE-2020-1147 |
Microsoft OneDrive | 1 | CVE-2020-1465 |
Visual Studio | 2 | CVE-2020-1416, CVE-2020-1481 |
Windows Kernel | 10 | CVE-2020-1336, CVE-2020-1419, CVE-2020-1357, CVE-2020-1358, CVE-2020-1367, CVE-2020-1388, CVE-2020-1389, CVE-2020-1396, CVE-2020-1411, CVE-2020-1426 |
Microsoft Graphics Component | 11 | CVE-2020-1351, CVE-2020-1355, CVE-2020-1381, CVE-2020-1382, CVE-2020-1397, CVE-2020-1408, CVE-2020-1409, CVE-2020-1412, CVE-2020-1435, CVE-2020-1436, CVE-2020-1468 |
Internet Explorer | 1 | CVE-2020-1432 |
Windows Shell | 4 | CVE-2020-1360, CVE-2020-1368, CVE-2020-1414, CVE-2020-1415 |
Open Source Software | 1 | CVE-2020-1469 |
Microsoft Office | 10 | CVE-2020-1349, CVE-2020-1439, CVE-2020-1442, CVE-2020-1445, CVE-2020-1446, CVE-2020-1447, CVE-2020-1448, CVE-2020-1449, CVE-2020-1458, CVE-2020-1240 |
Microsoft Scripting Engine | 1 | CVE-2020-1403 |
Microsoft Office SharePoint | 7 | CVE-2020-1342, CVE-2020-1456, (Read more...) |
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tyler Reguly. Read the original post at: https://www.tripwire.com/state-of-security/vert/july2020-patchtuesday/