Security News > 2020 > June > June 2020 Patch Tuesday: Microsoft fixes record monthly number of CVEs

Microsoft has fixed a record 129 CVE-numbered vulnerabilities in a wide variety of its offerings: Windows, the Internet Explorer and Edge browsers, Office and Microsoft Office Services and Web Apps, Windows Defender, Visual Studio, Azure DevOps, and more.
"To exploit the vulnerability, an attacker would have to convince a user to either open a specially crafted cabinet file or spoof a network printer and trick a user into installing a malicious cabinet file disguised as a printer driver," Microsoft explained.
"In the recent 2020 Verizon DBIR, researchers found that over 22% of incidents were due to human error, and 30% of breaches were due to phishing attacks, going to show that despite increased efforts by organizations to address training, users still click on links, open files, and visit websites that could potentially be compromised. Each of these vulnerabilities relies on these user patterns, and if left unaddressed and vulnerable, could be a backdoor for an attacker to execute malicious code, install a backdoor, modify user credentials, or navigate laterally through the corporate network. And seeing as each of these addresses vulnerabilities impact Windows Server from 2008 to 2019, a successful exploit could be devastating to an organization."
Microsoft has fixed several bugs affecting Office, including a critical Microsoft Outlook security feature bypass vulnerability.
The Flash update should be a priority as it fixes a critical flaw that could be exploited to achieve arbitrary code execution on the target system and the vulnerability is in a piece of software that is still widely used and has historically been a preferred target of attackers.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/uXQ8LFgUaJc/
Related news
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft (source)
- Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws (source)
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)
- March 2025 Patch Tuesday forecast: A return to normalcy (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
- Week in review: Probing activity on Palo Alto Networks GlobalProtect portals, Patch Tuesday forecast (source)
- April's Patch Tuesday leaves unlucky Windows Hello users unable to login (source)
- Microsoft pitches pay-to-patch reboot reduction subscription for Windows Server 2025 (source)