Microsoft has issued a patch for a total of 129 security vulnerabilities affecting its products. While twelve of the vulnerabilities are deemed ‘Critical,’ thankfully, researchers haven’t found any of the bugs being exploited so far.
Microsoft June 2020 security update available to download
A remote code execution vulnerability in Adobe’s Flash player software remains critical. Meanwhile, Adobe has released an update for Flash, Adobe Framemaker, and Adobe Experience Manager.
Adobe, however, did not distribute the update through the Windows Update Mechanism.
Right before the June 2020 security updates, Microsoft had issued a fix for an Elevation of Privilege vulnerability in Edge Chromium. Interestingly, updates to Edge Chromium are distributed from within the browser itself, without requiring a system restart.
In case there’s a delay in receiving security updates automatically, users can download patches manually from the Microsoft Security Update Catalog.
Microsoft’s most-recent security updates apply to a fairly long list of software, as follows:
- Microsoft Windows
- Microsoft Edge (EdgeHTML-based)
- Microsoft Edge (Chromium-based) in IE Mode
- Microsoft ChakraCore
- Internet Explorer
- Microsoft Office and Microsoft Office Services and Web Apps
- Windows Defender
- Microsoft Dynamics
- Visual Studio
- Azure DevOps
- Adobe Flash Player
- Microsoft Apps for Android
- Windows App Store
- System Center
- Android App
Some of the notable bug fixes this month revolve around Office remote code execution. Following is the list of CVEs that have been fixed by Microsoft.
- CVE-2020-1321 (Microsoft Word)
- CVE-2020-1225, CVE-2020-1226 (Microsoft Excel)
- CVE-2020-1223 (Microsoft Word for Android)
Remote Code Execution vulnerabilities in the Office suite could lead to an email-based malware threat. But for the first time, a CVE has been assigned to Microsoft Word for Android.
Interestingly, a significant portion of vulnerabilities patched this month belongs to the Elevation of Privilege (EoP) vulnerabilities, which are present in multiple Windows components and packages. If gone unpatched, these security bugs could also allow attackers to obtain unrestricted control over the affected system.
Microsoft has also patched a seemingly harmless vulnerability in Windows Kernel (CVE-2020-1241). But when exploited, it could bypass its security feature, essentially maximizing the risk of Elevation of Privilege attacks.
Harmful or not, users are advised to install these security updates to fix potentially serious vulnerabilities.