In June 2020, Microsoft released what appears to be the largest patch Tuesday released in Microsoft’s history. The company published the monthly security updates fixing about 129 bugs that escaped being exploited by cybercriminals despite the huge number, unlike other monthly updates.
The June 2020 updates include CVEs for 11 vital remote code-execution bugs that received patches in Windows Shell, VBScript, Windows, and SharePoint servers.
Also included in the June 2020 released patches are updates for Internet Explorer (IE), CHakraCore, Microsoft Edge (Edge HTML based, and Chromium-based in IE Mode), Web Apps, and Microsoft Office, Microsoft Dynamics, Visual Studio, Windows Defender, Microsoft Apps for Android and Azure DevOps.
These latest patches have now increased the total release for the year to 616 variety of bugs, which is 49 less than the total number of all CVEs released in 2017 according to Trend Micro’s Zero Day Initiative’s Dustin Childs.
Meanwhile, Malware developers are notorious for spying on MS’ monthly security updates, in order to filter out important bugs, and patch-diff the security updates to identify the exact bug that Microsoft fixed, then weaponize it as quickly as possible for fraudulent purposes.
More About The Microsoft Security Updates
A trio of fixes (CVE-2020-1284), (CVE-2020-1206), and (CVE-2020-1301) became outstanding in the Patch Tuesday update due to being rated as “exploitation more likely” according to Microsoft’s Exploitability Index with two of these bugs (CVE-2020-1284), and (CVE-2020-1206) subsist in Microsoft Server Message Block 3.1.1 (SMBV3). This was made known by Satnam Narang, Tenable’s staff research engineer.
READ ALSO: Android releases June 2020 Patches for Critical RCE vulnerabilities
Narang continued by saying the third bug (CVE-2020-1301) “may likely create a sense of déjà vu” for another remote code-execution bug in SMBv1, EternalBlue, as used in the WannaCry 2017 ransomware attacks.
He also strongly recommends disabling SMBv1 irrespective of the aforementioned, being a legacy protocol that should be discarded,”. He also advises organizations to upgrade from Windows 7, and Windows 8 since Microsoft no longer releases patches for unsupported operating systems.
System administrators who control multiple computers mostly found in enterprises and government organizations are advised to evaluate the recent updates for any vulnerability and deploy them on time.
- Security Alert: The Most Common COVID-19 Online Frauds and Scams
- Here Are The Best Windows 7 Antivirus After Support Ends
- Microsoft offers $100,000 for Azure Sphere OS hack
- How To Uninstall Programs On Various Windows OS [Windows 10, 8, 7, Vista, & XP]
- Microsoft-Intel collaboration converts malware into images