This month’s Patch Tuesday had the highest number of entries so far in 2020 — a whopping 129, a continuation of the trend seen from the previous months. The update includes fixes for LNK, SMB, SharePoint, and Win32k vulnerabilities.
While the update contained a significant number of patches, only 11 were rated Critical. One of the patches addresses yet another LNK-related vulnerability, CVE-2020-1299, which attackers can exploit by having the affected system process a malicious .LNK file, for example, via a remote drive or through remote share.
Another critical vulnerability that was patched in this update is CVE-2020-1219, a Microsoft Browser memory corruption vulnerability that exists due to the way Microsoft browsers access objects in memory. It can be exploited through the use of a specially-crafted website designed to take advantage of the bug and could result in an attacker potentially gaining control of the targeted system.
Trend Micro Zero Day Initiative (ZDI) was responsible for disclosing nine of the vulnerabilities in the June update, including CVE-2020-1181 and CVE-2020-1219.
SMB vulnerabilities patched
Fixes for three SMB vulnerabilities were present in this patch. One is CVE-2020-1301 — a remote code execution (RCE) vulnerability that exists due to the way the Microsoft SMBv1 server handles certain requests. An attacker can exploit the flaw by sending a malicious packet to the affected server.
More Microsoft Office, SharePoint vulnerabilities addressed
One of the highlights of last month’s Patch Tuesday release were patches for various SharePoint vulnerabilities. The June update addressed 12 more bugs, including the Critically-rated CVE-2020-1181, an RCE vulnerability that exists in Microsoft SharePoint Server when it fails to identify and filter unsafe ASP.Net web controls properly.
Several cross-site scripting (XSS) Microsoft Office SharePoint vulnerabilities were also patched. These include CVE-2020-1177, CVE-2020-1183, CVE-2020-1297, CVE-2020-1298, CVE-2020-1318, and CVE-2020-1320, which an attacker can exploit sending a specially crafted request to a vulnerable SharePoint server. Successful exploitation of any of these flaws could lead to cross-site scripting attacks on the affected systems.
The Microsoft Office vulnerabilities that were fixed in this patch includes CVE-2020-1321, an RCE vulnerability that exists in Microsoft Office when it fails to properly handle objects in memory. Flaws in Microsoft Excel (CVE-2020-1225, CVE-2020-1226) and Outlook (CVE-2020-1229) were also fixed.
Fixes for Win32k vulnerabilities
Microsoft also addressed multiple Win32k Elevation of Privilege vulnerabilities this month. These errors occur when the Windows kernel-mode driver fails to handle objects in memory properly. Exploiting these vulnerabilities can potentially allow an attacker to gain unauthorized, elevated access on affected systems or networks:
Trend Micro solutions
We highly recommend that organizations apply the latest round of updates to their machines as soon as possible to avoid any potential exploitation from external attackers. Meanwhile, organizations, especially those that have employees working from home, can take advantage of the following security solutions to strengthen their systems even further:
- 1010309 – Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability (CVE-2020-1213)
- 1010310 – Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability (CVE-2020-1214)
- 1010311 – Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability (CVE-2020-1260)
- 1010313 – Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability (CVE-2020-1215)
- 1010314 – Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability (CVE-2020-1216)
- 1010315 – Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability (CVE-2020-1230)
- 1010317 – Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2020-1301)
- 1010318 – Microsoft Internet Explorer and Edge Memory Corruption Vulnerability (CVE-2020-1219)
- 1010319 – Microsoft Windows SMB Denial of Service Vulnerability (CVE-2020-1284)
Trend Micro™ TippingPoint® protects customers through the following rules:
- 32851: HTTP: Microsoft Internet Explorer Type Confusion Vulnerability
- 32901: HTTP: Microsoft Internet Explorer Use-After-Free Vulnerability
- 32907: HTTP: Microsoft Internet Explorer Use-After-Free Vulnerability
- 32939: HTTP: Microsoft Internet Explorer Use-After-Free Vulnerability
- 33325: HTTP: Microsoft SharePoint Web Part Arbitrary File Upload
- 33432: SMB: Microsoft Windows SMB Denial-of-Service Vulnerability
- 34458: SMB: Microsoft Windows SMBv1 Integer Underflow Vulnerability