Skip to main content
SolarWinds MSP
  • Login
  • Support
  • Partnerships
    • Partnerships Overview
    • Solution Provider Program
    • Technology Alliance Program
    • Distributor Program
SolarWinds MSP
  • Products
    • SolarWinds N-central Automate what you need. Tackle complex networks. Try this remote monitoring and management solution built to help maximize efficiency and scale.
    • SolarWinds RMM Start fast. Grow at your own pace. Try this powerful but simple remote monitoring and management solution.
    • SolarWinds EDR Defend against ransomware, zero-day attacks, and evolving online threats with Endpoint Detection and Response
    • SolarWinds Backup Manage data protection for servers, workstations applications, documents and Microsoft 365 from one SaaS dashboard.
    • Mail Protection & Archiving Protect users from email threats and downtime.
    • Password Management Easily adopt and demonstrate best practice password and documentation management workflows.
      • Passportal Demo
    • PSA & Ticketing Manage ticketing, reporting, and billing to increase helpdesk efficiency.
    • Remote Support Help support customers and their devices with remote support tools designed to be fast and powerful.
  • Solutions

    I'm looking for...

    • Security Solutions
    • Monitoring Solutions
    • Efficiency Solutions
  • Resources
    • Blog
    • Webcasts & Events
    • Ask the N-central Experts
    • Daily Live Demos
    • RMM Foundations Training
    • Upcoming Events
    • Upcoming Webcasts
    • Resource Center
    • COVID-19 Resources
    • Resource Library
      • Case Studies
      • Product Information
      • eBooks
      • White Papers
      • Infographics
    • SolarWinds MSP Free Tools
    • GDPR Resource Center
    • Security Resource Center
    • MSP Institute Webinar Series
    • MSP Advice Project
  • About
    • Contact
    • Customer Success
    • Worldwide sales and support
    • Careers
    • Awards and Recognition
    • Get A Quote
    • Newsroom
      • Press Releases
      • In The News
      • Media Contacts
      • COVID-19 Response
    • Leadership Team
    • Legal
      • Cookie Policy
      • Privacy Notice
      • Software Services Agreement
      • Terms of Use
      • Backup Fair Use Policy
    • Security
      • SolarWinds Security Statement
      • Vendor Data Protection Requirements
    • Support
  • IT Departments
  • Contact Sales
    • Get A Quote
    • General Inquiry
  • TRY NOW
    • SolarWinds RMM
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Passportal
    • SolarWinds N-central
    • SolarWinds Mail Assure
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
  • Request a Quote
  • Try Now
    • SolarWinds RMM
    • SolarWinds N-central
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Mail Assure
    • SolarWinds Passportal
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
Request quote
Filter Blogs
  • Filter by:
  • MSP Business
    • Automation
    • Backup & Disaster Recovery
    • Security-series
    • Best Practices
    • Business
    • Business Growth
    • Business Risk
    • Cloud Computing
    • Customer Service
    • Cybersecurity
    • Cybersecurity Awareness Month
    • Data
    • GDPR
    • Internet of Things
    • IT Support
    • ITSM
    • LOGICcards
    • Machine Learning
    • Mail
    • Managed Services
    • Marketing
    • Mobile
    • Networking
    • Operations
    • Podcast
    • Product
    • PSA
    • Remote Management
    • Research & Trends
    • Risk Intelligence
    • Security
    • Security Vlog
    • Service Desk
    • Services & Support
    • The Head Nerds
    • Tips & Advice
    • Training
Home Blog MSP Business Security June 2020 Patch Tuesday Update—Highest CVE count in history
Security

June 2020 Patch Tuesday Update—Highest CVE count in history

By Gill Langston
10 June, 2020

The June patch Tuesday release is another heavy one, meaning the research community keeps finding more vulnerabilities and Microsoft continues to step up and knock them down. In total, 128 unique CVE numbers were fixed—the highest so far. Of those, 11 are marked “Critical” across operating systems, browsers, and one in SharePoint. There are also some very notable “Important” vulnerabilities to pay attention to, which we’ll break down here as well. There are no “Exploit Detected” entries this month but there are some “Exploitation More Likely” listings—including a few surprises (I’m talking about you SMBv1!). As always, let’s start with the “Criticals.”

Operating systems

There are five “Critical” operating system vulnerabilities in this batch. They’re all remote code execution vulnerabilities, and all are listed as “Exploitation Less Likely.” This is usually due to the complexity required to deliver and exploit the vulnerability.

CVE-2020-1248 is a GDI+ remote code execution vulnerability that would give the attacker the same rights as the logged-on user. It requires a user to access a malicious webpage or to open a document sent via email or file sharing to execute the vulnerability. The fix addresses how Graphics Device Interface handles memory. This vulnerability affects the most recent versions of Windows 10 (1903, 1909, and the newly released 2004) and the corresponding Server Core systems. The vulnerability is only listed as “Important” on version 2004, which means there were likely some changes in that area of the code in version 2004 that mitigate the risk.

The next one, CVE-2020-1281, is a vulnerability in Object Linking (OLE) that would allow an attacker to execute code on a system if a user accesses a file or program on that system. This vulnerability affects all supported versions of Windows, including Windows 7 and Server 2008, all the way up to the most recent versions of Windows 10 and Windows Server (including Core). This means you will need ESU to update Windows 7 and Server 2008.

There is a Windows Shell file path validation issue that would allow an attacker to execute code with the same permissions as the user. CVE-2020-1286 fixes this vulnerability in Windows 10 (version 1709 up to 2004, including corresponding Server versions).

CVE-2020-1299 would also grant the attacker the same rights as the logged-on user if they were to click on a malicious .LNK file in a remote share or removable drive. This patch addresses how the shortcut is processed.

Finally, CVE-2020-1300 is a vulnerability in Windows that would allow an attacker to execute remote code if the user opened a cabinet file on the affected system.

Browsers

It seems this month that Microsoft has more concern with the browser-based vulnerabilities, as several of them are marked “Exploitation More Likely.” First up is a trio of VBScript remote code execution vulnerabilities in Internet Explorer.

CVE-2020-1260, CVE-2020-1213, and CVE-2020-1216 have identical descriptions and exploitability assessments. Accessing a malicious website or an ActiveX control in Microsoft 365 that uses the IE engine for rendering could grant the attacker the same rights as the user. They all affect Internet Explorer 11 on all supported operating systems, and Internet Explorer 9 on Server 2008 systems. As with most browser vulnerabilities, they are rated as Moderate on the Server operating systems because of the enhanced security configuration that browsers come configured with when installed on Server. 

CVE-2020-1219 is a browser memory corruption vulnerability in Internet Explorer 11, as well as the Edge-HTML version of the Edge Browser. It would also grant the attacker the same rights as the user and is marked as “Exploitation More Likely.”

The final “Critical” browser vulnerability is marked as “Exploitation Less Likely.” CVE-2020-1073 is a scripting engine memory corruption vulnerability and affects the Edge-HTML version of Microsoft Edge on Windows 10 1709 up to 1909 (including Server versions). 

Other applications

The final “Critical” affects SharePoint Server. CVE-2020-1181 is a remote code execution vulnerability. If an attacker has access, they could create a specially crafted page on SharePoint 2010 SP2, SharePoint Foundation 2013 SP1, SharePoint Enterprise 2016, or SharePoint Server 2019. 

Finally, Microsoft released an advisory for Adobe products, ADV200010 for Adobe Flash components in Windows 8.1 up to current versions of Windows 10. IT should be noted that this is a separate update from the cumulative updates and should be given attention.

Other notable issues

We often direct our focus to the “Critical” updates, but sometimes you can find some updates of concern in the “Important” vulnerabilities as well. If you’re prioritizing only certain types of updates, you should consider adding “Important” to your criteria, as there are sometimes some hidden “high-risk” vulnerabilities in that group. There are a few of note we will discuss here:

CVE-2020-1301 is a Windows SMB remote code execution vulnerability, and it’s listed as “Exploitation More Likely.” It affects SMBv1 in all supported operating systems from Windows 7 up to Windows 10 current version (2004) and all corresponding server versions. If this sounds familiar, it’s a vulnerability in the same area the famous ShadowBrokers mass-released exploits for in 2017, and was the vector for the WannaCry and NotPetya attacks that year. This vulnerability doesn’t quite meet that level of risk though—mainly because this one requires authentication, while WannaCry did not. It’s important to note that even Microsoft recommends you disable SMBv1, as the protocol is 30 years old and most communications and applications have moved to SMBv2 or v3 by now. If you have SMBv1 enabled, you should disable it immediately, as this will likely not be the end of vulnerabilities found in the protocol.  If you cannot disable it, you should deploy updates immediately. The instructions on how to disable it are included in the Workarounds section of the article.

CVE-2020-1241 is also listed as “Exploitation More Likely.” It’s a vulnerability in the kernel that would allow an attacker to bypass security but requires access to the affected system. This fact gives this vulnerability a lower CVSS score, but clearly Microsoft suspects bad actors may attempt to leverage this vulnerability in the future. Windows 10 from 1607 to 2004 (including Server versions) are affected by this vulnerability.

CVE-2020-1247 and CVE-2020-1251  are both Windows kernel-mode driver vulnerabilities that would require an attacker to log on to the affected system, but Microsoft has also listed this one as “Exploitation More Likely.” CVE-22020-1247 affects all versions of Windows from Windows 7 to current (including Server), while CVE-2020-1251 affects Windows 8.1 to current versions of Windows 10.

The final “Important” vulnerability listed as “Exploitation More Likely” is found in Internet Explorer 11 on all supported operating systems. CVE-2020-1230 would grant the attacker the same rights as the user if they accessed a malicious webpage or opened a document in Office where the IE rendering engine was used.

27 Vulnerabilities were fixed in Windows 7 based operating systems—falling under the Extended Security Updates (ESU) required to continue getting fixes. If you’re running this operating system, we recommend you purchase ESU or upgrade to a supported operating system.

Summary

From a priority standpoint, browsers and internet-facing workstations should take priority and then SharePoint. If you haven’t disabled SMBv1 yet across your systems, you should do that this month. The good news: since version 1709 of Windows 10, Microsoft hasn’t installed SMBv1 by default on a new installation. However, you could have installed and enabled it yourself. If you’re running Windows 7, this is another good reason to move to a supported (and more secure) operating system.

Remember, if you’re running Windows 10 or the corresponding server operating system, the Cumulative update will contain all the fixes for the operating system and the browsers. Older operating systems require you either install the updates separately or install the Rollups.

It’s another “heavy” month of vulnerabilities in the world of Windows, so make sure you’re up to date. When looking at the themes for attack vectors in all the vulnerabilities we’ve discussed, I keep coming back to one point: since it can take time to deploy patches across an IT estate, it’s always important to ensure other layers of protection are in place. For example, many of the vulnerabilities mention email as a vector but your email security solution shouldn’t allow attachments such as .LNK and .CAB files. Limiting access to malicious websites with web protection reduces the risk of an attempted exploit. Disabling SMBv1 greatly reduces the risk of a successful attack. Combining these with a timely patch deployment plan helps ensure you’re protecting yourself and your customers.

Let’s stay safe out there!

 

Gill Langston is head security nerd for SolarWinds MSP. You can follow Gill on Twitter at @cybersec_nerd

 

You might also like...
Automation

What the Head Nerds Were Up to in 2020

Security

January 2021 Patch Tuesday: One Actively Exploited Vulnerability and a Few Likely to Be

Security

December 2020 Patch Tuesday—A quiet(er) finish to a busy year in vulnerabilities

Security

National Computer Security Day—It’s Not Just About the Computer Anymore

Security

November 2020 Patch Tuesday Update: 111 CVE Numbers Addressed

Security

US-CERT Releases Warning to Healthcare Organizations about Elevated Ransomware Risks

Want to stay up to date?

Get the latest MSP tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a subscription.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site

Recent Posts
  • What the Head Nerds Were Up to in 2020
  • RMM and PSA Tools: How to Make the Most of Both
  • How to Empower an IT Help Desk Team for Success
  • Six Tips That Will Make Managing Your MSP Company Easier
  • January 2021 Patch Tuesday: One Actively Exploited Vulnerability and a Few Likely to Be
Categories:
  • Security (230)
  • Tips & Advice (122)
  • Best Practices (94)
  • Managed Services (86)
  • Backup & Disaster Recovery (83)
  • The Head Nerds (75)
  • Business Growth (75)
  • IT Support (42)
  • Business (39)
  • Automation (37)
  • Cybersecurity (37)
  • Operations (34)
  • Mail (33)
  • Remote Management (28)
  • ITSM (25)
  • Cloud Computing (21)
  • Networking (21)
  • Data (21)
  • Marketing (14)
  • Product (11)
  • PSA (11)
  • Service Desk (5)
  • Services & Support (5)
  • Mobile (4)
  • Risk Intelligence (4)
  • Internet of Things (3)
  • Customer Service (3)
  • Research & Trends (2)
  • Training (2)
  • GDPR (2)
  • Business Risk (1)
  • LOGICcards (1)
Show moreless
SolarWinds MSP

Products
  • SolarWinds RMM
  • SolarWinds N-central
  • SolarWinds Backup
  • SolarWinds EDR
  • SolarWinds MSP Manager
  • SolarWinds Mail Assure
  • SolarWinds Risk Intelligence
  • SolarWinds Take Control
  • SolarWinds Passportal
  • All Products Use Cases
Solutions
  • Security Solutions
  • Monitoring Solutions
  • Efficiency Solutions
  • Identify which RMM solution is right for me
  • Drive Efficiency with Automation
  • Manage my MSP Business More Efficiently
  • Manage my IT Department More Efficiently
  • Layered Security
  • Cross-Platform Support
  • Data-Driven Insights
About
  • About Us
  • Careers
  • Newsroom
  • Leadership Team
  • Upcoming Events
  • Subscription Preferences
  • SolarWinds
  • SolarWinds Trust Center
  • COVID-19 Response
Support
  • SolarWinds RMM
  • Solarwinds N-central
  • SolarWinds Backup
  • SolarWinds Mail Assure
  • SolarWinds Take Control
  • SolarWinds MSP Manager
  • Solarwinds Risk Intelligence
  • Solarwinds Threat Monitor
  • SolarWinds Passportal
  • SolarWinds Take Control Downloads
  • Backup & Recovery Downloads
  • Service Status

Footer 2

  • Legal Documents
  • Privacy
  • California Privacy Rights
  • Security Information
  • Sitemap

© SolarWinds MSP Canada ULC and SolarWinds MSP UK Ltd.
All Rights Reserved.