Security News > 2020 > June > Microsoft Patches Critical Code Execution Vulnerabilities in Windows, Browsers
"Microsoft's latest fixes in its June Patch Tuesday update show that when it comes to vulnerabilities, what's old is new again. The same vulnerabilities we've seen appear in Adobe Flash over the past few years, along with common cross-site-scripting issues, were addressed this month. As witnessed within Microsoft Office SharePoint, there were multiple XSS vulnerabilities identified in the same product - this could be the result of a researcher who found one flaw and decided to continue digging, or Microsoft itself going through similar flows of code to try to fix them all."
"This month starts with CVE-2020-1281, a remote code execution vulnerability in Microsoft's Object Linking & Embedding. This vulnerability impacts Windows 7 through 10 and Windows Server 2008 through 2019. The vulnerability exists in the way OLE validates user input. An attacker who sent a specially crafted file or program, or convinced a victim to download one, could execute malicious code on the victim's machine. Microsoft assigned this vulnerability a CVSS score of 7.8; a similar vulnerability, CVE-2017-0199, has been widely exploited including by the Lazarus group and APT 34.".
"CVE-2020-1299 is a remote code execution vulnerability in the way Microsoft processes.LNK files. This vulnerability affects Windows 7 through 10 and Windows Server 2008 through Windows Server 2019. In order to exploit this vulnerability, the attacker would need to provide a removable drive or a remote drive share that contains the malicious.LNK file. In March 2020, Microsoft announced a similar vulnerability, CVE-2020-0684, There was a lot of concern about it being exploited when it was first released but, to date, it has not been exploited in the wild."
In terms of urgency, critical remote execution vulnerabilities are typically choice patches to prioritize.
"Last, but not least, I want to acknowledge the SMBv3 vulnerabilities being addressed this month. CVE-2020-0796, disclosed back in March 2020, is now seeing functional PoCs targeting unpatched systems. Luckily, these vulnerabilities continue to affect Windows 10 variants on Version 1903 onwards. There is a commonality between all these vulnerabilities and it is that mitigation can be accomplished via disabling SMBv3 compression, which is stated as having no negative performance impact. There are patches, and patches will always be a solid strategy, but it's nice to know what the alternatives could be."
News URL
Related news
- Microsoft improves text contrast for all Windows Chromium browsers (source)
- Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities (source)
- Microsoft lifts Windows 11 24H2 block on PCs with USB scanners (source)
- Microsoft says Auto HDR causes game freezes on Windows 11 24H2 (source)
- CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List (source)
- Sophos Firewall vulnerable to critical remote code execution flaw (source)
- Sophos discloses critical Firewall remote code execution flaw (source)
- Microsoft adds another problem to the Windows 11 24H2 naughty list (source)
- Microsoft may have scrapped Windows 11's dynamic wallpapers feature (source)
- Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-09 | CVE-2020-1281 | Integer Overflow or Wraparound vulnerability in Microsoft products A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution Vulnerability'. | 8.8 |
| 2020-06-09 | CVE-2020-1299 | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'. | 8.8 |
| 2020-03-12 | CVE-2020-0684 | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'. | 8.8 |
| 2020-03-12 | CVE-2020-0796 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Windows 10 and Windows Server 2016 A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'. | 10.0 |
| 2017-04-12 | CVE-2017-0199 | Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API." | 7.8 |