Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2020.0107 Microsoft Patch Tuesday includes updates for Windows 10 June 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Windows Operating System: Windows Impact/Access: Administrator Compromise -- Existing Account Denial of Service -- Existing Account Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2020-1348 CVE-2020-1334 CVE-2020-1324 CVE-2020-1317 CVE-2020-1316 CVE-2020-1314 CVE-2020-1313 CVE-2020-1312 CVE-2020-1311 CVE-2020-1310 CVE-2020-1309 CVE-2020-1307 CVE-2020-1306 CVE-2020-1305 CVE-2020-1304 CVE-2020-1302 CVE-2020-1301 CVE-2020-1300 CVE-2020-1299 CVE-2020-1296 CVE-2020-1294 CVE-2020-1293 CVE-2020-1292 CVE-2020-1291 CVE-2020-1290 CVE-2020-1287 CVE-2020-1286 CVE-2020-1284 CVE-2020-1283 CVE-2020-1282 CVE-2020-1281 CVE-2020-1280 CVE-2020-1279 CVE-2020-1278 CVE-2020-1277 CVE-2020-1276 CVE-2020-1275 CVE-2020-1274 CVE-2020-1273 CVE-2020-1272 CVE-2020-1271 CVE-2020-1270 CVE-2020-1269 CVE-2020-1268 CVE-2020-1266 CVE-2020-1265 CVE-2020-1264 CVE-2020-1263 CVE-2020-1262 CVE-2020-1261 CVE-2020-1259 CVE-2020-1258 CVE-2020-1257 CVE-2020-1255 CVE-2020-1254 CVE-2020-1253 CVE-2020-1251 CVE-2020-1248 CVE-2020-1247 CVE-2020-1246 CVE-2020-1244 CVE-2020-1241 CVE-2020-1239 CVE-2020-1238 CVE-2020-1237 CVE-2020-1236 CVE-2020-1235 CVE-2020-1234 CVE-2020-1233 CVE-2020-1232 CVE-2020-1231 CVE-2020-1222 CVE-2020-1217 CVE-2020-1212 CVE-2020-1211 CVE-2020-1209 CVE-2020-1208 CVE-2020-1207 CVE-2020-1206 CVE-2020-1204 CVE-2020-1203 CVE-2020-1202 CVE-2020-1201 CVE-2020-1199 CVE-2020-1197 CVE-2020-1196 CVE-2020-1194 CVE-2020-1162 CVE-2020-1160 CVE-2020-1120 CVE-2020-0986 CVE-2020-0916 CVE-2020-0915 Member content until: Friday, July 10 2020 Reference: ESB-2020.1987 ESB-2020.1979 ESB-2020.1604 ESB-2020.1602 ESB-2020.1600 ESB-2020.1585 ESB-2020.1564 ESB-2020.1420 ESB-2020.1368 OVERVIEW Microsoft has released its monthly security patch update for the month of June 2020. This update resolves 93 vulnerabilities across the following products: [1] Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1709 for 32-bit Systems Windows 10 Version 1709 for ARM64-based Systems Windows 10 Version 1709 for x64-based Systems Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for HoloLens Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1903 for 32-bit Systems Windows 10 Version 1903 for ARM64-based Systems Windows 10 Version 1903 for HoloLens Windows 10 Version 1903 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 Version 2004 for 32-bit Systems Windows 10 Version 2004 for ARM64-based Systems Windows 10 Version 2004 for HoloLens Windows 10 Version 2004 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2019 Windows Server 2019 (Server Core installation) IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2020-0915 Elevation of Privilege Important CVE-2020-0916 Elevation of Privilege Important CVE-2020-0986 Elevation of Privilege Important CVE-2020-1120 Denial of Service Important CVE-2020-1160 Information Disclosure Important CVE-2020-1162 Elevation of Privilege Important CVE-2020-1194 Denial of Service Important CVE-2020-1196 Elevation of Privilege Important CVE-2020-1197 Elevation of Privilege Important CVE-2020-1199 Elevation of Privilege Important CVE-2020-1201 Elevation of Privilege Important CVE-2020-1202 Elevation of Privilege Important CVE-2020-1203 Elevation of Privilege Important CVE-2020-1204 Elevation of Privilege Important CVE-2020-1206 Information Disclosure Important CVE-2020-1207 Elevation of Privilege Important CVE-2020-1208 Remote Code Execution Important CVE-2020-1209 Elevation of Privilege Important CVE-2020-1211 Elevation of Privilege Important CVE-2020-1212 Elevation of Privilege Important CVE-2020-1217 Information Disclosure Important CVE-2020-1222 Elevation of Privilege Important CVE-2020-1231 Elevation of Privilege Important CVE-2020-1232 Information Disclosure Important CVE-2020-1233 Elevation of Privilege Important CVE-2020-1234 Elevation of Privilege Important CVE-2020-1235 Elevation of Privilege Important CVE-2020-1236 Remote Code Execution Important CVE-2020-1237 Elevation of Privilege Important CVE-2020-1238 Remote Code Execution Important CVE-2020-1239 Remote Code Execution Important CVE-2020-1241 Security Feature Bypass Important CVE-2020-1244 Elevation of Privilege Important CVE-2020-1246 Elevation of Privilege Important CVE-2020-1247 Elevation of Privilege Important CVE-2020-1248 Remote Code Execution Critical CVE-2020-1251 Elevation of Privilege Important CVE-2020-1253 Elevation of Privilege Important CVE-2020-1254 Elevation of Privilege Important CVE-2020-1255 Elevation of Privilege Important CVE-2020-1257 Elevation of Privilege Important CVE-2020-1258 Elevation of Privilege Important CVE-2020-1259 Security Feature Bypass Important CVE-2020-1261 Information Disclosure Important CVE-2020-1262 Elevation of Privilege Important CVE-2020-1263 Information Disclosure Important CVE-2020-1264 Elevation of Privilege Important CVE-2020-1265 Elevation of Privilege Important CVE-2020-1266 Elevation of Privilege Important CVE-2020-1268 Information Disclosure Important CVE-2020-1269 Elevation of Privilege Important CVE-2020-1270 Elevation of Privilege Important CVE-2020-1271 Elevation of Privilege Important CVE-2020-1272 Elevation of Privilege Important CVE-2020-1273 Elevation of Privilege Important CVE-2020-1274 Elevation of Privilege Important CVE-2020-1275 Elevation of Privilege Important CVE-2020-1276 Elevation of Privilege Important CVE-2020-1277 Elevation of Privilege Important CVE-2020-1278 Elevation of Privilege Important CVE-2020-1279 Elevation of Privilege Important CVE-2020-1280 Elevation of Privilege Important CVE-2020-1281 Remote Code Execution Critical CVE-2020-1282 Elevation of Privilege Important CVE-2020-1283 Denial of Service Important CVE-2020-1284 Denial of Service Important CVE-2020-1286 Remote Code Execution Critical CVE-2020-1287 Elevation of Privilege Important CVE-2020-1290 Information Disclosure Important CVE-2020-1291 Elevation of Privilege Important CVE-2020-1292 Elevation of Privilege Important CVE-2020-1293 Elevation of Privilege Important CVE-2020-1294 Elevation of Privilege Important CVE-2020-1296 None Important CVE-2020-1299 Remote Code Execution Critical CVE-2020-1300 Remote Code Execution Critical CVE-2020-1301 Remote Code Execution Important CVE-2020-1302 Elevation of Privilege Important CVE-2020-1304 Elevation of Privilege Important CVE-2020-1305 Elevation of Privilege Important CVE-2020-1306 Elevation of Privilege Important CVE-2020-1307 Elevation of Privilege Important CVE-2020-1309 Elevation of Privilege Important CVE-2020-1310 Elevation of Privilege Important CVE-2020-1311 Security Feature Bypass Important CVE-2020-1312 Elevation of Privilege Important CVE-2020-1313 Elevation of Privilege Important CVE-2020-1314 Elevation of Privilege Important CVE-2020-1316 Elevation of Privilege Important CVE-2020-1317 Elevation of Privilege Important CVE-2020-1324 Elevation of Privilege Important CVE-2020-1334 Elevation of Privilege Important CVE-2020-1348 Information Disclosure Important MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1]. KB4557957, KB4561649, KB4560960, KB4561674, KB4556799 KB4561666, KB4561602, KB4561612, KB4561673, KB4561616 KB4549951, KB4561608, KB4561621 REFERENCES [1] Microsoft Security Update Guidance https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXuAmYeNLKJtyKPYoAQiEZhAAhAYkThrtFBzSKyA8xxgAJRvt0CBNmDKU pnqJm3jf1Nd/f/H8o/2YzIu6dpprWnuSH1pPJKKU9uI5GvPig7kb6vaGfzw6TVCP p0pC5oFXhSH5Bun7t6lRLS6fQOYXh05Oj8BByZahfEZzPUvohZzF9E1pcpokcxjI Kl3eaW0OsKLTYRA7RKRA6sSCjnbMNRMYU6wItFJjHwUHVlScYNpXjtX58sO/mL3w cJOnZlxMYWBY7Dlabtlue6ClkaDaHVkopSAEKqmzV37ma6jxssQJaB8omNFm+ZiO nM1ov4I6kdQ23BJ9ixyy9j7WpyyPa/CK1agTvTKOAXEi4xWDaEHZJ7jgcncwZeyM QDDQjWFIeG5EwzRVW7i5lOn/wKOhJ7fKlhNheZ2b+CdyiF7NDHFCFq9pGFcGfhPe moJ3t8xUFXnq2IKIXPKqlrIeIHevX1gOYtyHk7JbPw9vCVoIeDF51cSocMseP4hl mCCA0px7SgoZLfzgV/bs+5d+qc5VzlISnKyjIi4Md/Nefbg3udrYyqVkbJ9P2ED9 PIjT3ZJm+7kjMdEUaXUhBKTCIpBlL7U5ccR4TX4nwQJ1QWMlEFFdGaRYofm4MK8/ IbQHZFFUpUh1a714h+8WAAj4/x7czReqHbZPE+byP4qNotDOKXHDn33x2cXJW2O7 wGn66La9H20= =eF2t -----END PGP SIGNATURE-----