Don't miss a single vulnerability this Patch Tuesday. The latest patches and updates from Microsoft and multiple third-party applications can be found in June's Patch Tuesday Index below. Ensure you're minimizing your attack surface by joining our Automating Patch Tuesday Webinar this Wednesday. Patch Tuesday expert Justin Knapp will give recommended remediation strategies for current vulnerabilities and exploits.
Microsoft released 129 vulnerabilities with 11 being rated critical. View the index below for details and register for our Automating June's Patch Tuesday webinar for a live breakdown of this month's can't-miss patch releases.
Adobe released three updates this month addressing a number of vulnerabilities identified. The updates include three critical vulnerabilities in Adobe Framemaker: CVE-2020-9636, -9634, and -9635. All three lead to arbitrary code execution. Additionally, there was a security update for Adobe Flash Player, CVE-2020-9633. This is a critical “use after free” vulnerability that can also lead to arbitrary code execution. Arbitrary code execution allows attackers to execute commands or code on a device or within a process. On its own, ACE exploits are limited in scope to the privilege of the affected process, but when combined with privilege escalation vulnerabilities like those found in the previous updates can allow an attacker to quickly escalate privileges for a process and execute code on the target system giving the attacker full control over the device. This emphasizes the importance of keeping your systems up to date. A single vulnerability may not lead to an immediate risk, but the sum total of multiple months of missing patches can create a target-rich environment for attackers.
Updated Live. Last Update 1:43 PM EST June 9 2020.
![]() |
|||
Product |
Title
|
Identifier
|
Severity
|
Adobe Flash Player | 1 Security Vulnerability fixed in Adobe Flash Player | APSB20-30 | High |
Adobe Experience Manager | 6 Security Vulnerabilities fixed in Adobe Experience Manager | APSB20-31 | High |
Adobe Flash Player | 3 Security Vulnerability fixed in Adobe Framemaker | APSB20-32 | Moderate |
![]() |
|||
Product |
Title
|
Identifier
|
Severity
|
Firefox | 8 Security Vulnerabilities fixed in Firefox 77 | MFSA 2020-20 | High |
Firefox ESR | 4 Security Vulnerabilities fixed in Firefox ESR 68.9 | MFSA 2020-21 | High |
Thunderbird | 5 Security Vulnerabilities fixed in Thunderbird 68.9.0 | MFSA 2020-22 | High |
![]() |
|||
Product |
Title
|
Identifier
|
Severity
|
NuGetGallery | NuGetGallery Spoofing Vulnerability | CVE-2020-1340 | High |
Microsoft Visual Studio | Visual Studio Code Live Share Information Disclosure Vulnerability | CVE-2020-1343 | High |
Windows GDI | Windows GDI Information Disclosure Vulnerability | CVE-2020-1348 | High |
Android App | Word for Android Remote Code Execution Vulnerability | CVE-2020-1223 | High |
Apps | Microsoft Bing Search Spoofing Vulnerability | CVE-2020-1329 | High |
Azure DevOps | Team Foundation Server HTML Injection Vulnerability | CVE-2020-1327 | High |
Diagnostics Hub | Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability | CVE-2020-1203 | High |
Diagnostics Hub | Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability | CVE-2020-1202 | High |
Diagnostics Hub | Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability | CVE-2020-1278 | High |
HoloLens | Windows Feedback Hub Elevation of Privilege Vulnerability | CVE-2020-1199 | High |
Internet Explorer | Internet Explorer Information Disclosure Vulnerability | CVE-2020-1315 | High |
Microsoft Browsers | Microsoft Browser Memory Corruption Vulnerability | CVE-2020-1219 | Critical |
Microsoft Edge | Microsoft Edge Information Disclosure Vulnerability | CVE-2020-1242 | High |
Microsoft Edge | Microsoft Edge in IE Mode Spoofing Vulnerability | CVE-2020-1220 | High |
Microsoft Graphics Component | Microsoft Graphics Component Information Disclosure Vulnerability | CVE-2020-1160 | High |
Microsoft Graphics Component | Win32k Elevation of Privilege Vulnerability | CVE-2020-1251 | High |
Microsoft Graphics Component | Win32k Elevation of Privilege Vulnerability Vulnerability | CVE-2020-1253 | High |
Microsoft Graphics Component | Win32k Elevation of Privilege Vulnerability Vulnerability | CVE-2020-1258 | High |
Microsoft Graphics Component | Windows GDI Elevation of Privilege Vulnerability | CVE-2020-0915 | High |
Microsoft Graphics Component | Windows GDI Elevation of Privilege Vulnerability | CVE-2020-0916 | High |
Microsoft Graphics Component | Windows Kernel Elevation of Privilege Vulnerability | CVE-2020-0986 | High |
Microsoft Graphics Component | Win32k Elevation of Privilege Vulnerability | CVE-2020-1207 | High |
Microsoft JET Database Engine | Jet Database Engine Remote Code Execution Vulnerability | CVE-2020-1208 | High |
Microsoft JET Database Engine | Jet Database Engine Remote Code Execution Vulnerability | CVE-2020-1236 | High |
Microsoft Malware Protection Engine | Microsoft Windows Defender Elevation of Privilege Vulnerability | CVE-2020-1170 | High |
Microsoft Malware Protection Engine | Microsoft Windows Defender Elevation of Privilege Vulnerability | CVE-2020-1163 | High |
Microsoft Office | Microsoft Excel Remote Code Execution Vulnerability | CVE-2020-1225 | High |
Microsoft Office | Microsoft Project Information Disclosure Vulnerability | CVE-2020-1322 | High |
Microsoft Office | Microsoft Excel Remote Code Execution Vulnerability | CVE-2020-1226 | High |
Microsoft Office | Microsoft Outlook Security Feature Bypass Vulnerability | CVE-2020-1229 | High |
Microsoft Office | Microsoft Office Remote Code Execution Vulnerability | CVE-2020-1321 | High |
Microsoft Office SharePoint | Microsoft SharePoint Elevation of Privilege Vulnerability | CVE-2020-1295 | High |
Microsoft Office SharePoint | SharePoint Open Redirect Vulnerability | CVE-2020-1323 | High |
Microsoft Office SharePoint | Microsoft Office SharePoint XSS Vulnerability | CVE-2020-1318 | High |
Microsoft Office SharePoint | Microsoft Office SharePoint XSS Vulnerability | CVE-2020-1297 | High |
Microsoft Office SharePoint | Microsoft SharePoint Spoofing Vulnerability | CVE-2020-1148 | High |
Microsoft Office SharePoint | Microsoft SharePoint Spoofing Vulnerability | CVE-2020-1289 | High |
Microsoft Office SharePoint | Microsoft SharePoint Server Remote Code Execution Vulnerability | CVE-2020-1181 | Critical |
Microsoft Office SharePoint | Microsoft SharePoint XSS Vulnerability | CVE-2020-1183 | High |
Microsoft Office SharePoint | Microsoft SharePoint Server Elevation of Privilege Vulnerability | CVE-2020-1178 | High |
Microsoft Office SharePoint | Microsoft Office SharePoint XSS Vulnerability | CVE-2020-1177 | High |
Microsoft Office SharePoint | Microsoft Office SharePoint XSS Vulnerability | CVE-2020-1320 | High |
Microsoft Office SharePoint | Microsoft Office SharePoint XSS Vulnerability | CVE-2020-1298 | High |
Microsoft Scripting Engine | VBScript Remote Code Execution Vulnerability | CVE-2020-1260 | Medium |
Microsoft Scripting Engine | VBScript Remote Code Execution Vulnerability | CVE-2020-1214 | High |
Microsoft Scripting Engine | VBScript Remote Code Execution Vulnerability | CVE-2020-1215 | Low |
Microsoft Scripting Engine | VBScript Remote Code Execution Vulnerability | CVE-2020-1216 | Critical |
Microsoft Scripting Engine | VBScript Remote Code Execution Vulnerability | CVE-2020-1213 | Critical |
Microsoft Scripting Engine | VBScript Remote Code Execution Vulnerability | CVE-2020-1073 | Critical |
Microsoft Scripting Engine | VBScript Remote Code Execution Vulnerability | CVE-2020-1230 | Low |
Microsoft Windows | Windows Runtime Elevation of Privilege Vulnerability | CVE-2020-1334 | High |
Microsoft Windows | Windows Kernel Security Feature Bypass Vulnerability | CVE-2020-1241 | High |
Microsoft Windows | Connected User Experiences and Telemetry Service Denial of Service Vulnerability | CVE-2020-1244 | High |
Microsoft Windows | Windows Runtime Elevation of Privilege Vulnerability | CVE-2020-1231 | High |
Microsoft Windows | Windows Background Intelligent Transfer Elevation of Privilege Vulnerability | CVE-2020-1255 | High |
Microsoft Windows | Connected Devices Platform Service Elevation of Privilege Vulnerability | CVE-2020-1211 | High |
Microsoft Windows | Windows Host Guardian Service Security Feature Bypass Vulnerability | CVE-2020-1259 | High |
Microsoft Windows | Windows Print Configuration Elevation of Privilege Vulnerability | CVE-2020-1196 | High |
Microsoft Windows | Windows Error Reporting Information Disclosure Vulnerability | CVE-2020-1263 | High |
Microsoft Windows | Windows Service Information Disclosure Vulnerability | CVE-2020-1268 | High |
Microsoft Windows | Windows WLAN Service Elevation of Privilege Vulnerability | CVE-2020-1270 | High |
Microsoft Windows | Windows Denial of Service Vulnerability | CVE-2020-1283 | High |
Microsoft Windows | Windows Registry Denial of Service Vulnerability | CVE-2020-1194 | High |
Microsoft Windows | Win32k Information Disclosure Vulnerability | CVE-2020-1290 | High |
Microsoft Windows | Windows Network Connections Service Elevation of Privilege Vulnerability | CVE-2020-1291 | High |
Microsoft Windows | OpenSSH for Windows Elevation of Privilege Vulnerability | CVE-2020-1292 | High |
Microsoft Windows | Windows Diagnostics and Feedback Information Disclosure Vulnerability | CVE-2020-1296 | High |
Microsoft Windows | Connected User Experiences and Telemetry Service Denial of Service Vulnerability | CVE-2020-1120 | High |
Microsoft Windows | Windows State Repository Service Elevation of Privilege Vulnerability | CVE-2020-1305 | High |
Microsoft Windows | Windows Runtime Elevation of Privilege Vulnerability | CVE-2020-1306 | High |
Microsoft Windows | Windows Store Runtime Elevation of Privilege Vulnerability | CVE-2020-1309 | High |
Microsoft Windows | Windows Update Orchestrator Service Elevation of Privilege Vulnerability | CVE-2020-1313 | High |
Microsoft Windows | Windows Text Service Framework Elevation of Privilege Vulnerability | CVE-2020-1314 | High |
Microsoft Windows | Windows Network List Service Elevation of Privilege Vulnerability | CVE-2020-1209 | High |
Microsoft Windows | Group Policy Elevation of Privilege Vulnerability | CVE-2020-1317 | High |
Microsoft Windows | Windows Error Reporting Manager Elevation of Privilege Vulnerability | CVE-2020-1197 | High |
Microsoft Windows | Windows Runtime Elevation of Privilege Vulnerability | CVE-2020-1233 | High |
Microsoft Windows | Windows Store Runtime Elevation of Privilege Vulnerability | CVE-2020-1222 | High |
Microsoft Windows | Windows Now Playing Session Manager Elevation of Privilege Vulnerability | CVE-2020-1201 | High |
Microsoft Windows | Windows Error Reporting Elevation of Privilege Vulnerability | CVE-2020-1234 | High |
Microsoft Windows | Windows Elevation of Privilege Vulnerability | CVE-2020-1162 | High |
Microsoft Windows | Windows Kernel Elevation of Privilege Vulnerability | CVE-2020-1307 | High |
Microsoft Windows | Windows Backup Service Elevation of Privilege Vulnerability | CVE-2020-1271 | High |
Microsoft Windows | Windows Installer Elevation of Privilege Vulnerability | CVE-2020-1312 | High |
Microsoft Windows | Windows Kernel Elevation of Privilege Vulnerability | CVE-2020-1316 | High |
Microsoft Windows | Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability | CVE-2020-1204 | High |
Microsoft Windows | Windows Runtime Information Disclosure Vulnerability | CVE-2020-1217 | High |
Microsoft Windows | Windows Kernel Elevation of Privilege Vulnerability | CVE-2020-1246 | High |
Microsoft Windows | Windows Runtime Elevation of Privilege Vulnerability | CVE-2020-1235 | High |
Microsoft Windows | Windows Elevation of Privilege Vulnerability | CVE-2020-1324 | High |
Microsoft Windows PDF | GDI+ Elevation of Privilege Vulnerability | CVE-2020-1248 | Critical |
System Center | System Spoofing Vulnerability | CVE-2020-1331 | High |
Windows COM | Component Object Model Elevation of Privilege Vulnerability | CVE-2020-1311 | High |
Windows Diagnostics Hub | Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | CVE-2020-1257 | High |
Windows Diagnostics Hub | Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | CVE-2020-1293 | High |
Windows Error Reporting | Windows Error Reporting Information Disclosure Vulnerability | CVE-2020-1261 | High |
Windows Installer | Windows Installer Elevation of Privilege Vulnerability | CVE-2020-1272 | High |
Windows Installer | Windows Installer Elevation of Privilege Vulnerability | CVE-2020-1277 | High |
Windows Installer | Windows Installer Elevation of Privilege Vulnerability | CVE-2020-1302 | High |
Windows Kernel | Windows Bluetooth Service Elevation of Privilege Vulnerability | CVE-2020-1280 | High |
Windows Kernel | Windows Kernel Elevation of Privilege Vulnerability | CVE-2020-1274 | High |
Windows Kernel | Win32k Elevation of Privilege Vulnerability | CVE-2020-1247 | High |
Windows Kernel | Windows Runtime Elevation of Privilege Vulnerability | CVE-2020-1282 | High |
Windows Kernel | Windows Kernel Elevation of Privilege Vulnerability | CVE-2020-1269 | High |
Windows Kernel | Windows Kernel Elevation of Privilege Vulnerability | CVE-2020-1275 | High |
Windows Kernel | Windows Kernel Elevation of Privilege Vulnerability | CVE-2020-1262 | High |
Windows Kernel | Windows Kernel Elevation of Privilege Vulnerability | CVE-2020-1276 | High |
Windows Kernel | Win32k Elevation of Privilege Vulnerability | CVE-2020-1310 | High |
Windows Kernel | Windows Kernel Elevation of Privilege Vulnerability | CVE-2020-1264 | High |
Windows Kernel | Windows Kernel Elevation of Privilege Vulnerability | CVE-2020-1273 | High |
Windows Kernel | Windows Runtime Elevation of Privilege Vulnerability | CVE-2020-1265 | High |
Windows Kernel | Windows Kernel Elevation of Privilege Vulnerability | CVE-2020-1266 | High |
Windows Kernel | Windows Kernel Elevation of Privilege Vulnerability | CVE-2020-1237 | High |
Windows Lock Screen | Windows Lockscreen Elevation of Privilege Vulnerability | CVE-2020-1279 | High |
Windows Media | Windows Runtime Elevation of Privilege Vulnerability | CVE-2020-1304 | High |
Windows Media | Windows Foundation Memory Corruption Vulnerability | CVE-2020-1238 | High |
Windows Media Player | Windows Foundation Memory Corruption Vulnerability | CVE-2020-1239 | High |
Windows Media Player | Windows Foundation Information Disclosure Vulnerability | CVE-2020-1232 | High |
Windows OLE | Windows OLE Remote Code Execution Vulnerability | CVE-2020-1281 | Critical |
Windows OLE | Windows OLE Automation Elevation of Privilege Vulnerability | CVE-2020-1212 | High |
Windows Print Spooler Components | Windows Remote Code Execution Vulnerability | CVE-2020-1300 | Critical |
Windows Shell | LNK Remote Code Execution Vulnerability | CVE-2020-1299 | Critical |
Windows Shell | Windows Shell Remote Code Execution Vulnerability | CVE-2020-1286 | Critical |
Windows SMB | Windows SMBv3 Client/Server Information Disclosure Vulnerability | CVE-2020-1206 | High |
Windows SMB | Windows SMB Remote Code Execution Vulnerability | CVE-2020-1301 | High |
Windows SMB | Windows SMBv3 Client/Server Denial of Service Vulnerability | CVE-2020-1284 | High |
Windows Update Stack | Windows Modules Installer Service Elevation of Privilege Vulnerability | CVE-2020-1254 | High |
Windows Wallet Service | Windows WalletService Elevation of Privilege Vulnerability | CVE-2020-1287 | High |
Windows Wallet Service | Windows WalletService Elevation of Privilege Vulnerability | CVE-2020-1294 | High |
About Automox
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.