Microsoft’s security updates for June 2020 patch 129 vulnerabilities, including 11 critical remote code execution flaws affecting Windows, the Edge and Internet Explorer browsers, and SharePoint.
Vulnerabilities rated important severity have been found in Windows, browsers, Office, Windows Defender, Dynamics, Visual Studio, Azure DevOps, and Android apps. One of these flaws, a privilege escalation issue related to the Windows Group Policy Object (GPO) mechanism, was identified by CyberArk (among others), and the cybersecurity company has published a blog post detailing its findings.
None of the security holes patched this month has been exploited in attacks or disclosed before fixes were released.
Trend Micro’s Zero Day Initiative (ZDI) has pointed out that this is the fourth month in a row that Microsoft has released patches for over 110 CVEs, and this is the highest number of patches released in a single month. The total number of patches released to date this year, 616, is nearly as much as the total fixed in 2017.
Experts from several cybersecurity companies have commented on this month’s patches:
Dustin Childs, Communications Manager, Trend Micro’s ZDI Program:
“There’s a Critical-rated SharePoint bug that would allow remote code execution if an authenticated user managed to create and invoke a specially crafted page on an affected version of SharePoint. ZDI will share more information about this bug in an upcoming blog post.
Mac users beware of CVE-2020-1229 – This bug could allow attackers to automatically load remote images – even from within the Preview Pane. While this bypass alone could just disclose the IP address of a target system, it’s not unheard of to get code execution through the processing of specially crafte ..
Support the originator by clicking the read the rest link below.
