You are here
Home > News > Biggest-ever Monthly Security Updates: Microsoft June Patch Tuesday fixes 129 bugs

Biggest-ever Monthly Security Updates: Microsoft June Patch Tuesday fixes 129 bugs

Biggest-ever Monthly Security Updates: Microsoft June Patch Tuesday fixes 129 bugs

In June 2020, Microsoft released what appears to be the largest patch Tuesday released in Microsoft’s history. The company published the monthly security updates fixing about 129 bugs that escaped being exploited by cybercriminals despite the huge number, unlike other monthly updates.

The June 2020 updates include CVEs for 11 vital remote code-execution bugs that received patches in Windows Shell, VBScript, Windows, and SharePoint servers.

Also included in the June 2020 released patches are updates for Internet Explorer (IE), CHakraCore, Microsoft Edge (Edge HTML based, and Chromium-based in IE Mode), Web Apps, and Microsoft Office, Microsoft Dynamics, Visual Studio, Windows Defender, Microsoft Apps for Android and Azure DevOps.

These latest patches have now increased the total release for the year to 616 variety of bugs, which is 49 less than the total number of all CVEs released in 2017 according to Trend Micro’s Zero Day Initiative’s Dustin Childs.

Meanwhile, Malware developers are notorious for spying on MS’ monthly security updates, in order to filter out important bugs, and patch-diff the security updates to identify the exact bug that Microsoft fixed, then weaponize it as quickly as possible for fraudulent purposes.

More About The Microsoft Security Updates

A trio of fixes (CVE-2020-1284), (CVE-2020-1206), and (CVE-2020-1301) became outstanding in the Patch Tuesday update due to being rated as “exploitation more likely” according to Microsoft’s Exploitability Index with two of these bugs (CVE-2020-1284), and (CVE-2020-1206) subsist in Microsoft Server Message Block 3.1.1 (SMBV3). This was made known by Satnam Narang, Tenable’s staff research engineer.

READ ALSO: Android releases June 2020 Patches for Critical RCE vulnerabilities

Narang continued by saying the third bug (CVE-2020-1301) “may likely create a sense of déjà vu” for another remote code-execution bug in SMBv1, EternalBlue, as used in the WannaCry 2017 ransomware attacks.

He also strongly recommends disabling SMBv1 irrespective of the aforementioned, being a legacy protocol that should be discarded,”. He also advises organizations to upgrade from Windows 7, and Windows 8 since Microsoft no longer releases patches for unsupported operating systems.

System administrators who control multiple computers mostly found in enterprises and government organizations are advised to evaluate the recent updates for any vulnerability and deploy them on time.

RELATED POSTS

Marie Beaujolie

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Top
Enable Notifications    Ok No thanks