Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2020.0107
Microsoft Patch Tuesday includes updates for Windows
10 June 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Windows
Operating System: Windows
Impact/Access: Administrator Compromise -- Existing Account
Denial of Service -- Existing Account
Access Confidential Data -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2020-1348 CVE-2020-1334 CVE-2020-1324
CVE-2020-1317 CVE-2020-1316 CVE-2020-1314
CVE-2020-1313 CVE-2020-1312 CVE-2020-1311
CVE-2020-1310 CVE-2020-1309 CVE-2020-1307
CVE-2020-1306 CVE-2020-1305 CVE-2020-1304
CVE-2020-1302 CVE-2020-1301 CVE-2020-1300
CVE-2020-1299 CVE-2020-1296 CVE-2020-1294
CVE-2020-1293 CVE-2020-1292 CVE-2020-1291
CVE-2020-1290 CVE-2020-1287 CVE-2020-1286
CVE-2020-1284 CVE-2020-1283 CVE-2020-1282
CVE-2020-1281 CVE-2020-1280 CVE-2020-1279
CVE-2020-1278 CVE-2020-1277 CVE-2020-1276
CVE-2020-1275 CVE-2020-1274 CVE-2020-1273
CVE-2020-1272 CVE-2020-1271 CVE-2020-1270
CVE-2020-1269 CVE-2020-1268 CVE-2020-1266
CVE-2020-1265 CVE-2020-1264 CVE-2020-1263
CVE-2020-1262 CVE-2020-1261 CVE-2020-1259
CVE-2020-1258 CVE-2020-1257 CVE-2020-1255
CVE-2020-1254 CVE-2020-1253 CVE-2020-1251
CVE-2020-1248 CVE-2020-1247 CVE-2020-1246
CVE-2020-1244 CVE-2020-1241 CVE-2020-1239
CVE-2020-1238 CVE-2020-1237 CVE-2020-1236
CVE-2020-1235 CVE-2020-1234 CVE-2020-1233
CVE-2020-1232 CVE-2020-1231 CVE-2020-1222
CVE-2020-1217 CVE-2020-1212 CVE-2020-1211
CVE-2020-1209 CVE-2020-1208 CVE-2020-1207
CVE-2020-1206 CVE-2020-1204 CVE-2020-1203
CVE-2020-1202 CVE-2020-1201 CVE-2020-1199
CVE-2020-1197 CVE-2020-1196 CVE-2020-1194
CVE-2020-1162 CVE-2020-1160 CVE-2020-1120
CVE-2020-0986 CVE-2020-0916 CVE-2020-0915
Member content until: Friday, July 10 2020
Reference: ESB-2020.1987
ESB-2020.1979
ESB-2020.1604
ESB-2020.1602
ESB-2020.1600
ESB-2020.1585
ESB-2020.1564
ESB-2020.1420
ESB-2020.1368
OVERVIEW
Microsoft has released its monthly security patch update for the month of June 2020.
This update resolves 93 vulnerabilities across the following products: [1]
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1709 for 32-bit Systems
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 Version 1709 for x64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for HoloLens
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1903 for 32-bit Systems
Windows 10 Version 1903 for ARM64-based Systems
Windows 10 Version 1903 for HoloLens
Windows 10 Version 1903 for x64-based Systems
Windows 10 Version 1909 for 32-bit Systems
Windows 10 Version 1909 for ARM64-based Systems
Windows 10 Version 1909 for x64-based Systems
Windows 10 Version 2004 for 32-bit Systems
Windows 10 Version 2004 for ARM64-based Systems
Windows 10 Version 2004 for HoloLens
Windows 10 Version 2004 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
IMPACT
Microsoft has given the following details regarding these vulnerabilities.
Details Impact Severity
CVE-2020-0915 Elevation of Privilege Important
CVE-2020-0916 Elevation of Privilege Important
CVE-2020-0986 Elevation of Privilege Important
CVE-2020-1120 Denial of Service Important
CVE-2020-1160 Information Disclosure Important
CVE-2020-1162 Elevation of Privilege Important
CVE-2020-1194 Denial of Service Important
CVE-2020-1196 Elevation of Privilege Important
CVE-2020-1197 Elevation of Privilege Important
CVE-2020-1199 Elevation of Privilege Important
CVE-2020-1201 Elevation of Privilege Important
CVE-2020-1202 Elevation of Privilege Important
CVE-2020-1203 Elevation of Privilege Important
CVE-2020-1204 Elevation of Privilege Important
CVE-2020-1206 Information Disclosure Important
CVE-2020-1207 Elevation of Privilege Important
CVE-2020-1208 Remote Code Execution Important
CVE-2020-1209 Elevation of Privilege Important
CVE-2020-1211 Elevation of Privilege Important
CVE-2020-1212 Elevation of Privilege Important
CVE-2020-1217 Information Disclosure Important
CVE-2020-1222 Elevation of Privilege Important
CVE-2020-1231 Elevation of Privilege Important
CVE-2020-1232 Information Disclosure Important
CVE-2020-1233 Elevation of Privilege Important
CVE-2020-1234 Elevation of Privilege Important
CVE-2020-1235 Elevation of Privilege Important
CVE-2020-1236 Remote Code Execution Important
CVE-2020-1237 Elevation of Privilege Important
CVE-2020-1238 Remote Code Execution Important
CVE-2020-1239 Remote Code Execution Important
CVE-2020-1241 Security Feature Bypass Important
CVE-2020-1244 Elevation of Privilege Important
CVE-2020-1246 Elevation of Privilege Important
CVE-2020-1247 Elevation of Privilege Important
CVE-2020-1248 Remote Code Execution Critical
CVE-2020-1251 Elevation of Privilege Important
CVE-2020-1253 Elevation of Privilege Important
CVE-2020-1254 Elevation of Privilege Important
CVE-2020-1255 Elevation of Privilege Important
CVE-2020-1257 Elevation of Privilege Important
CVE-2020-1258 Elevation of Privilege Important
CVE-2020-1259 Security Feature Bypass Important
CVE-2020-1261 Information Disclosure Important
CVE-2020-1262 Elevation of Privilege Important
CVE-2020-1263 Information Disclosure Important
CVE-2020-1264 Elevation of Privilege Important
CVE-2020-1265 Elevation of Privilege Important
CVE-2020-1266 Elevation of Privilege Important
CVE-2020-1268 Information Disclosure Important
CVE-2020-1269 Elevation of Privilege Important
CVE-2020-1270 Elevation of Privilege Important
CVE-2020-1271 Elevation of Privilege Important
CVE-2020-1272 Elevation of Privilege Important
CVE-2020-1273 Elevation of Privilege Important
CVE-2020-1274 Elevation of Privilege Important
CVE-2020-1275 Elevation of Privilege Important
CVE-2020-1276 Elevation of Privilege Important
CVE-2020-1277 Elevation of Privilege Important
CVE-2020-1278 Elevation of Privilege Important
CVE-2020-1279 Elevation of Privilege Important
CVE-2020-1280 Elevation of Privilege Important
CVE-2020-1281 Remote Code Execution Critical
CVE-2020-1282 Elevation of Privilege Important
CVE-2020-1283 Denial of Service Important
CVE-2020-1284 Denial of Service Important
CVE-2020-1286 Remote Code Execution Critical
CVE-2020-1287 Elevation of Privilege Important
CVE-2020-1290 Information Disclosure Important
CVE-2020-1291 Elevation of Privilege Important
CVE-2020-1292 Elevation of Privilege Important
CVE-2020-1293 Elevation of Privilege Important
CVE-2020-1294 Elevation of Privilege Important
CVE-2020-1296 None Important
CVE-2020-1299 Remote Code Execution Critical
CVE-2020-1300 Remote Code Execution Critical
CVE-2020-1301 Remote Code Execution Important
CVE-2020-1302 Elevation of Privilege Important
CVE-2020-1304 Elevation of Privilege Important
CVE-2020-1305 Elevation of Privilege Important
CVE-2020-1306 Elevation of Privilege Important
CVE-2020-1307 Elevation of Privilege Important
CVE-2020-1309 Elevation of Privilege Important
CVE-2020-1310 Elevation of Privilege Important
CVE-2020-1311 Security Feature Bypass Important
CVE-2020-1312 Elevation of Privilege Important
CVE-2020-1313 Elevation of Privilege Important
CVE-2020-1314 Elevation of Privilege Important
CVE-2020-1316 Elevation of Privilege Important
CVE-2020-1317 Elevation of Privilege Important
CVE-2020-1324 Elevation of Privilege Important
CVE-2020-1334 Elevation of Privilege Important
CVE-2020-1348 Information Disclosure Important
MITIGATION
Microsoft recommends updating the software with the version made
available on the Microsoft Update Catalogue for the following
Knowledge Base articles. [1].
KB4557957, KB4561649, KB4560960, KB4561674, KB4556799
KB4561666, KB4561602, KB4561612, KB4561673, KB4561616
KB4549951, KB4561608, KB4561621
REFERENCES
[1] Microsoft Security Update Guidance
https://portal.msrc.microsoft.com/en-us/security-guidance
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXuAmYeNLKJtyKPYoAQiEZhAAhAYkThrtFBzSKyA8xxgAJRvt0CBNmDKU
pnqJm3jf1Nd/f/H8o/2YzIu6dpprWnuSH1pPJKKU9uI5GvPig7kb6vaGfzw6TVCP
p0pC5oFXhSH5Bun7t6lRLS6fQOYXh05Oj8BByZahfEZzPUvohZzF9E1pcpokcxjI
Kl3eaW0OsKLTYRA7RKRA6sSCjnbMNRMYU6wItFJjHwUHVlScYNpXjtX58sO/mL3w
cJOnZlxMYWBY7Dlabtlue6ClkaDaHVkopSAEKqmzV37ma6jxssQJaB8omNFm+ZiO
nM1ov4I6kdQ23BJ9ixyy9j7WpyyPa/CK1agTvTKOAXEi4xWDaEHZJ7jgcncwZeyM
QDDQjWFIeG5EwzRVW7i5lOn/wKOhJ7fKlhNheZ2b+CdyiF7NDHFCFq9pGFcGfhPe
moJ3t8xUFXnq2IKIXPKqlrIeIHevX1gOYtyHk7JbPw9vCVoIeDF51cSocMseP4hl
mCCA0px7SgoZLfzgV/bs+5d+qc5VzlISnKyjIi4Md/Nefbg3udrYyqVkbJ9P2ED9
PIjT3ZJm+7kjMdEUaXUhBKTCIpBlL7U5ccR4TX4nwQJ1QWMlEFFdGaRYofm4MK8/
IbQHZFFUpUh1a714h+8WAAj4/x7czReqHbZPE+byP4qNotDOKXHDn33x2cXJW2O7
wGn66La9H20=
=eF2t
-----END PGP SIGNATURE-----