Microsoft June Patch Tuesday: fixed multi critical security vulnerabilities

Today, Microsoft officially released the Microsoft June Patch Tuesday to fix multi security vulnerabilities in its product. This security update patched for 129 vulnerabilities, mainly covering the Windows operating system, Windows application store, IE/Edge browser, ChakraCore, Dynamics, Visual Studio, Android applications, .Net Framework, Azure DevOps, HoloLens, Adobe Flash Player, Office and Office services and web applications, Microsoft malware protection engine.

Vulnerability Details

• CVE-2020-1206 | Windows SMBv3 Client/Server Information Disclosure Vulnerability

  An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

• CVE-2020-1284 | Windows SMBv3 Client/Server Denial of Service Vulnerability

  A denial of service vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An authenticated attacker who successfully exploited this vulnerability against an SMB Server could cause the affected system to crash. An unauthenticated attacker could also exploit this vulnerability against an SMB client and cause the affected system to crash.

• CVE-2020-1301 | Windows SMB Remote Code Execution Vulnerability

  A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server.

• ADV200010| CVE-2020-9633: Adobe Flash Player arbitrary code execution

• CVE-2020-1299 | LNK Remote Code Execution Vulnerability

  A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.

• CVE-2020-1229 | Microsoft Outlook Security Feature Bypass Vulnerability

  A security feature bypass vulnerability exists in Microsoft Outlook when Office fails to enforce security settings configured on a system. An attacker who successfully exploited this vulnerability could cause a system to load remote images. These images could disclose the IP address of the targeted system to the attacker.

• CVE-2020-1300 | Windows Remote Code Execution Vulnerability

  A remote code execution vulnerability exists when Microsoft Windows fails to properly handle cabinet files.

• CVE-2020-1281 | Windows OLE Remote Code Execution Vulnerability

  A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code.

• CVE-2020-1286 | Windows Shell Remote Code Execution Vulnerability

  A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths.

Solution

In this regard, we recommend that users install the latest patches in a timely manner to avoid being hacked.