Microsoft has rolled out one of the biggest security updates this month. For June, the Patch Tuesday update bundle includes a whopping 129 security fixes by Microsoft, including some critical bugs.
Critical Security Fixes In June
With Patch Tuesday June updates, Microsoft has issued security fixes for 11 different critical bugs. All of these vulnerabilities, when exploited, could lead to remote code execution.
One of these bugs, CVE-2020-1299, existed in the way Microsoft Windows processed .LNK files. This is the third RCE flaw related to .LNK file processing addressed this year. Exploiting this vulnerability could let the attacker gain the same user privileges as that of the local user.
Similarly, another critical bug existed in the Microsoft SharePoint Server (CVE-2020-1181). As stated in Microsoft’s advisory,
A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls. An authenticated attacker who successfully exploited the vulnerability could use a specially crafted page to perform actions in the security context of the SharePoint application pool process.
Apart from these, 3 RCE flaws existed in the VBScript engine, 1 in ChakraCore scripting engine, 1 in Windows Graphics Device Interface (GDI), and the rest in some other components.
Other Microsoft Patch Tuesday Updates
In addition to the critical security flaws, Microsoft also released fixes for 118 important severity bugs. These vulnerabilities affected a range of Microsoft components.
One of these includes CVE-2020-1229. It existed in the Microsoft Outlook because of the failure of the implementation of security settings. Exploiting the flaw merely required the attacker to lure the victim to open a maliciously crafted image.
Despite being huge, this update bundle is also significant as it addresses no low-severity flaws.
However, what’s positive this time is that Microsoft has reported no publicly disclosed or exploited vulnerabilities. Hence, the users are seemingly safe from any potential cyber attacks as the patches are already out. All they have to ensure is to install these updates to their devices at the earliest.
Let us know your thoughts in the comments.