This month’s Patch Tuesday had the highest number of entries so far in 2020 — a whopping 129, a continuation of the trend seen from the previous months. The update includes fixes for LNK, SMB, SharePoint, and Win32k vulnerabilities.
While the update contained a significant number of patches, only 11 were rated Critical. One of the patches addresses yet another LNK-related vulnerability, CVE-2020-1299, which attackers can exploit by having the affected system process a malicious .LNK file, for example, via a remote drive or through remote share.
Another critical vulnerability that was patched in this update is CVE-2020-1219, a Microsoft Browser memory corruption vulnerability that exists due to the way Microsoft browsers access objects in memory. It can be exploited through the use of a specially-crafted website designed to take advantage of the bug and could result in an attacker potentially gaining control of the targeted system.
Trend Micro Zero Day Initiative (ZDI) was responsible for disclosing nine of the vulnerabilities in the June update, including CVE-2020-1181 and CVE-2020-1219.
SMB vulnerabilities patched
Fixes for three SMB vulnerabilities were present in this patch. One is CVE-2020-1301 — a remote code execution (RCE) vulnerability that exists due to the way the Microsoft SMBv1 server handles certain requests. An attacker can exploit the flaw by sending a malicious packet to the affected server.
The two other SMB-related patches address the information disclosure vulner ..
Support the originator by clicking the read the rest link below.
