Otto background

June 2020 Patch Tuesday Index

Don't miss a single vulnerability this Patch Tuesday. The latest patches and updates from Microsoft and multiple third-party applications can be found in June's Patch Tuesday Index below. Ensure you're minimizing your attack surface by joining our Automating Patch Tuesday Webinar this Wednesday. Patch Tuesday expert Justin Knapp will give recommended remediation strategies for current vulnerabilities and exploits.

Microsoft released 129 vulnerabilities with 11 being rated critical. View the index below for details and register for our Automating June's Patch Tuesday webinar for a live breakdown of this month's can't-miss patch releases.

Adobe released three updates this month addressing a number of vulnerabilities identified. The updates include three critical vulnerabilities in Adobe Framemaker: CVE-2020-9636, -9634, and -9635. All three lead to arbitrary code execution. Additionally, there was a security update for Adobe Flash Player, CVE-2020-9633. This is a critical “use after free” vulnerability that can also lead to arbitrary code execution. Arbitrary code execution allows attackers to execute commands or code on a device or within a process. On its own, ACE exploits are limited in scope to the privilege of the affected process, but when combined with privilege escalation vulnerabilities like those found in the previous updates can allow an attacker to quickly escalate privileges for a process and execute code on the target system giving the attacker full control over the device. This emphasizes the importance of keeping your systems up to date. A single vulnerability may not lead to an immediate risk, but the sum total of multiple months of missing patches can create a target-rich environment for attackers.

Updated Live. Last Update 1:43 PM EST June 9 2020.

firefoxAdobe
Product
Title
Identifier
Severity
Adobe Flash Player 1 Security Vulnerability fixed in Adobe Flash Player APSB20-30 High
Adobe Experience Manager 6 Security Vulnerabilities fixed in Adobe Experience Manager APSB20-31 High
Adobe Flash Player 3 Security Vulnerability fixed in Adobe Framemaker APSB20-32 Moderate
firefoxMozilla Firefox
Product
Title
Identifier
Severity
Firefox 8 Security Vulnerabilities fixed in Firefox 77 MFSA 2020-20 High
Firefox ESR 4 Security Vulnerabilities fixed in Firefox ESR 68.9 MFSA 2020-21 High
Thunderbird 5 Security Vulnerabilities fixed in Thunderbird 68.9.0 MFSA 2020-22 High
microsoftMicrosoft
Product
Title
Identifier
Severity
NuGetGallery NuGetGallery Spoofing Vulnerability CVE-2020-1340 High
Microsoft Visual Studio Visual Studio Code Live Share Information Disclosure Vulnerability CVE-2020-1343 High
Windows GDI Windows GDI Information Disclosure Vulnerability CVE-2020-1348 High
Android App Word for Android Remote Code Execution Vulnerability CVE-2020-1223 High
Apps Microsoft Bing Search Spoofing Vulnerability CVE-2020-1329 High
Azure DevOps Team Foundation Server HTML Injection Vulnerability CVE-2020-1327 High
Diagnostics Hub Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability CVE-2020-1203 High
Diagnostics Hub Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability CVE-2020-1202 High
Diagnostics Hub Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability CVE-2020-1278 High
HoloLens Windows Feedback Hub Elevation of Privilege Vulnerability CVE-2020-1199 High
Internet Explorer Internet Explorer Information Disclosure Vulnerability CVE-2020-1315 High
Microsoft Browsers Microsoft Browser Memory Corruption Vulnerability CVE-2020-1219 Critical
Microsoft Edge Microsoft Edge Information Disclosure Vulnerability CVE-2020-1242 High
Microsoft Edge Microsoft Edge in IE Mode Spoofing Vulnerability CVE-2020-1220 High
Microsoft Graphics Component Microsoft Graphics Component Information Disclosure Vulnerability CVE-2020-1160 High
Microsoft Graphics Component Win32k Elevation of Privilege Vulnerability CVE-2020-1251 High
Microsoft Graphics Component Win32k Elevation of Privilege Vulnerability Vulnerability CVE-2020-1253 High
Microsoft Graphics Component Win32k Elevation of Privilege Vulnerability Vulnerability CVE-2020-1258 High
Microsoft Graphics Component Windows GDI Elevation of Privilege Vulnerability CVE-2020-0915 High
Microsoft Graphics Component Windows GDI Elevation of Privilege Vulnerability CVE-2020-0916 High
Microsoft Graphics Component Windows Kernel Elevation of Privilege Vulnerability CVE-2020-0986 High
Microsoft Graphics Component Win32k Elevation of Privilege Vulnerability CVE-2020-1207 High
Microsoft JET Database Engine Jet Database Engine Remote Code Execution Vulnerability CVE-2020-1208 High
Microsoft JET Database Engine Jet Database Engine Remote Code Execution Vulnerability CVE-2020-1236 High
Microsoft Malware Protection Engine Microsoft Windows Defender Elevation of Privilege Vulnerability CVE-2020-1170 High
Microsoft Malware Protection Engine Microsoft Windows Defender Elevation of Privilege Vulnerability CVE-2020-1163 High
Microsoft Office Microsoft Excel Remote Code Execution Vulnerability CVE-2020-1225 High
Microsoft Office Microsoft Project Information Disclosure Vulnerability CVE-2020-1322 High
Microsoft Office Microsoft Excel Remote Code Execution Vulnerability CVE-2020-1226 High
Microsoft Office Microsoft Outlook Security Feature Bypass Vulnerability CVE-2020-1229 High
Microsoft Office Microsoft Office Remote Code Execution Vulnerability CVE-2020-1321 High
Microsoft Office SharePoint Microsoft SharePoint Elevation of Privilege Vulnerability CVE-2020-1295 High
Microsoft Office SharePoint SharePoint Open Redirect Vulnerability CVE-2020-1323 High
Microsoft Office SharePoint Microsoft Office SharePoint XSS Vulnerability CVE-2020-1318 High
Microsoft Office SharePoint Microsoft Office SharePoint XSS Vulnerability CVE-2020-1297 High
Microsoft Office SharePoint Microsoft SharePoint Spoofing Vulnerability CVE-2020-1148 High
Microsoft Office SharePoint Microsoft SharePoint Spoofing Vulnerability CVE-2020-1289 High
Microsoft Office SharePoint Microsoft SharePoint Server Remote Code Execution Vulnerability CVE-2020-1181 Critical
Microsoft Office SharePoint Microsoft SharePoint XSS Vulnerability CVE-2020-1183 High
Microsoft Office SharePoint Microsoft SharePoint Server Elevation of Privilege Vulnerability CVE-2020-1178 High
Microsoft Office SharePoint Microsoft Office SharePoint XSS Vulnerability CVE-2020-1177 High
Microsoft Office SharePoint Microsoft Office SharePoint XSS Vulnerability CVE-2020-1320 High
Microsoft Office SharePoint Microsoft Office SharePoint XSS Vulnerability CVE-2020-1298 High
Microsoft Scripting Engine VBScript Remote Code Execution Vulnerability CVE-2020-1260 Medium
Microsoft Scripting Engine VBScript Remote Code Execution Vulnerability CVE-2020-1214 High
Microsoft Scripting Engine VBScript Remote Code Execution Vulnerability CVE-2020-1215 Low
Microsoft Scripting Engine VBScript Remote Code Execution Vulnerability CVE-2020-1216 Critical
Microsoft Scripting Engine VBScript Remote Code Execution Vulnerability CVE-2020-1213 Critical
Microsoft Scripting Engine VBScript Remote Code Execution Vulnerability CVE-2020-1073 Critical
Microsoft Scripting Engine VBScript Remote Code Execution Vulnerability CVE-2020-1230 Low
Microsoft Windows Windows Runtime Elevation of Privilege Vulnerability CVE-2020-1334 High
Microsoft Windows Windows Kernel Security Feature Bypass Vulnerability CVE-2020-1241 High
Microsoft Windows Connected User Experiences and Telemetry Service Denial of Service Vulnerability CVE-2020-1244 High
Microsoft Windows Windows Runtime Elevation of Privilege Vulnerability CVE-2020-1231 High
Microsoft Windows Windows Background Intelligent Transfer Elevation of Privilege Vulnerability CVE-2020-1255 High
Microsoft Windows Connected Devices Platform Service Elevation of Privilege Vulnerability CVE-2020-1211 High
Microsoft Windows Windows Host Guardian Service Security Feature Bypass Vulnerability CVE-2020-1259 High
Microsoft Windows Windows Print Configuration Elevation of Privilege Vulnerability CVE-2020-1196 High
Microsoft Windows Windows Error Reporting Information Disclosure Vulnerability CVE-2020-1263 High
Microsoft Windows Windows Service Information Disclosure Vulnerability CVE-2020-1268 High
Microsoft Windows Windows WLAN Service Elevation of Privilege Vulnerability CVE-2020-1270 High
Microsoft Windows Windows Denial of Service Vulnerability CVE-2020-1283 High
Microsoft Windows Windows Registry Denial of Service Vulnerability CVE-2020-1194 High
Microsoft Windows Win32k Information Disclosure Vulnerability CVE-2020-1290 High
Microsoft Windows Windows Network Connections Service Elevation of Privilege Vulnerability CVE-2020-1291 High
Microsoft Windows OpenSSH for Windows Elevation of Privilege Vulnerability CVE-2020-1292 High
Microsoft Windows Windows Diagnostics and Feedback Information Disclosure Vulnerability CVE-2020-1296 High
Microsoft Windows Connected User Experiences and Telemetry Service Denial of Service Vulnerability CVE-2020-1120 High
Microsoft Windows Windows State Repository Service Elevation of Privilege Vulnerability CVE-2020-1305 High
Microsoft Windows Windows Runtime Elevation of Privilege Vulnerability CVE-2020-1306 High
Microsoft Windows Windows Store Runtime Elevation of Privilege Vulnerability CVE-2020-1309 High
Microsoft Windows Windows Update Orchestrator Service Elevation of Privilege Vulnerability CVE-2020-1313 High
Microsoft Windows Windows Text Service Framework Elevation of Privilege Vulnerability CVE-2020-1314 High
Microsoft Windows Windows Network List Service Elevation of Privilege Vulnerability CVE-2020-1209 High
Microsoft Windows Group Policy Elevation of Privilege Vulnerability CVE-2020-1317 High
Microsoft Windows Windows Error Reporting Manager Elevation of Privilege Vulnerability CVE-2020-1197 High
Microsoft Windows Windows Runtime Elevation of Privilege Vulnerability CVE-2020-1233 High
Microsoft Windows Windows Store Runtime Elevation of Privilege Vulnerability CVE-2020-1222 High
Microsoft Windows Windows Now Playing Session Manager Elevation of Privilege Vulnerability CVE-2020-1201 High
Microsoft Windows Windows Error Reporting Elevation of Privilege Vulnerability CVE-2020-1234 High
Microsoft Windows Windows Elevation of Privilege Vulnerability CVE-2020-1162 High
Microsoft Windows Windows Kernel Elevation of Privilege Vulnerability CVE-2020-1307 High
Microsoft Windows Windows Backup Service Elevation of Privilege Vulnerability CVE-2020-1271 High
Microsoft Windows Windows Installer Elevation of Privilege Vulnerability CVE-2020-1312 High
Microsoft Windows Windows Kernel Elevation of Privilege Vulnerability CVE-2020-1316 High
Microsoft Windows Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability CVE-2020-1204 High
Microsoft Windows Windows Runtime Information Disclosure Vulnerability CVE-2020-1217 High
Microsoft Windows Windows Kernel Elevation of Privilege Vulnerability CVE-2020-1246 High
Microsoft Windows Windows Runtime Elevation of Privilege Vulnerability CVE-2020-1235 High
Microsoft Windows Windows Elevation of Privilege Vulnerability CVE-2020-1324 High
Microsoft Windows PDF GDI+ Elevation of Privilege Vulnerability CVE-2020-1248 Critical
System Center System Spoofing Vulnerability CVE-2020-1331 High
Windows COM Component Object Model Elevation of Privilege Vulnerability CVE-2020-1311 High
Windows Diagnostics Hub Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability CVE-2020-1257 High
Windows Diagnostics Hub Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability CVE-2020-1293 High
Windows Error Reporting Windows Error Reporting Information Disclosure Vulnerability CVE-2020-1261 High
Windows Installer Windows Installer Elevation of Privilege Vulnerability CVE-2020-1272 High
Windows Installer Windows Installer Elevation of Privilege Vulnerability CVE-2020-1277 High
Windows Installer Windows Installer Elevation of Privilege Vulnerability CVE-2020-1302 High
Windows Kernel Windows Bluetooth Service Elevation of Privilege Vulnerability CVE-2020-1280 High
Windows Kernel Windows Kernel Elevation of Privilege Vulnerability CVE-2020-1274 High
Windows Kernel Win32k Elevation of Privilege Vulnerability CVE-2020-1247 High
Windows Kernel Windows Runtime Elevation of Privilege Vulnerability CVE-2020-1282 High
Windows Kernel Windows Kernel Elevation of Privilege Vulnerability CVE-2020-1269 High
Windows Kernel Windows Kernel Elevation of Privilege Vulnerability CVE-2020-1275 High
Windows Kernel Windows Kernel Elevation of Privilege Vulnerability CVE-2020-1262 High
Windows Kernel Windows Kernel Elevation of Privilege Vulnerability CVE-2020-1276 High
Windows Kernel Win32k Elevation of Privilege Vulnerability CVE-2020-1310 High
Windows Kernel Windows Kernel Elevation of Privilege Vulnerability CVE-2020-1264 High
Windows Kernel Windows Kernel Elevation of Privilege Vulnerability CVE-2020-1273 High
Windows Kernel Windows Runtime Elevation of Privilege Vulnerability CVE-2020-1265 High
Windows Kernel Windows Kernel Elevation of Privilege Vulnerability CVE-2020-1266 High
Windows Kernel Windows Kernel Elevation of Privilege Vulnerability CVE-2020-1237 High
Windows Lock Screen Windows Lockscreen Elevation of Privilege Vulnerability CVE-2020-1279 High
Windows Media Windows Runtime Elevation of Privilege Vulnerability CVE-2020-1304 High
Windows Media Windows Foundation Memory Corruption Vulnerability CVE-2020-1238 High
Windows Media Player Windows Foundation Memory Corruption Vulnerability CVE-2020-1239 High
Windows Media Player Windows Foundation Information Disclosure Vulnerability CVE-2020-1232 High
Windows OLE Windows OLE Remote Code Execution Vulnerability CVE-2020-1281 Critical
Windows OLE Windows OLE Automation Elevation of Privilege Vulnerability CVE-2020-1212 High
Windows Print Spooler Components Windows Remote Code Execution Vulnerability CVE-2020-1300 Critical
Windows Shell LNK Remote Code Execution Vulnerability CVE-2020-1299 Critical
Windows Shell Windows Shell Remote Code Execution Vulnerability CVE-2020-1286 Critical
Windows SMB Windows SMBv3 Client/Server Information Disclosure Vulnerability CVE-2020-1206 High
Windows SMB Windows SMB Remote Code Execution Vulnerability CVE-2020-1301 High
Windows SMB Windows SMBv3 Client/Server Denial of Service Vulnerability CVE-2020-1284 High
Windows Update Stack Windows Modules Installer Service Elevation of Privilege Vulnerability CVE-2020-1254 High
Windows Wallet Service Windows WalletService Elevation of Privilege Vulnerability CVE-2020-1287 High
Windows Wallet Service Windows WalletService Elevation of Privilege Vulnerability CVE-2020-1294 High

About Automox

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.

Dive deeper into this topic

loading...