Posted on

Microsoft’s Patch Tuesday breaks record with 129 patches including CVEs for 11 critical remote-code execution vulnerabilities.

image thumb31

If you’re computer took forever to reboot, here’s why. Microsoft rolled out patches for a whopping 129 vulnerabilities in June’s Patch Tuesday. The patches covered vulnerabilities in Windows 10, Office, Microsoft Edge, and other Microsoft software. It marked the 4th month in a row that MS released patches for more than 110 CVEs. MS has already patched 616 CVEs – and it’s only June!

One patch in particular, CVE-2020-1299 in Windows 10, stands out from the rest as it could allow remote code execution when a .LNK file, which is a shortcut or “link”, is processed. If an attacker were to embed a malicious shortcut in a removable drive or remote share and convince a user to open it, then the malicious binary will be able to execute code.

Here’s the full list.

CVETitleSeverityPublicExploitedXI – LatestXI – OlderType
CVE-2020-1248GDI+ Remote Code Execution VulnerabilityCriticalNoNo22RCE
CVE-2020-1299LNK Remote Code Execution VulnerabilityCriticalNoNo22RCE
CVE-2020-1219Microsoft Browser Memory Corruption VulnerabilityCriticalNoNo11RCE
CVE-2020-1181Microsoft SharePoint Server Remote Code Execution VulnerabilityCriticalNoNo22RCE
CVE-2020-1073Scripting Engine Memory Corruption VulnerabilityCriticalNoNo22RCE
CVE-2020-1213VBScript Remote Code Execution VulnerabilityCriticalNoNo11RCE
CVE-2020-1216VBScript Remote Code Execution VulnerabilityCriticalNoNo11RCE
CVE-2020-1260VBScript Remote Code Execution VulnerabilityCriticalNoNo11RCE
CVE-2020-1281Windows OLE Remote Code Execution VulnerabilityCriticalNoNo22RCE
CVE-2020-1300Windows Remote Code Execution VulnerabilityCriticalNoNo22RCE
CVE-2020-1286Windows Shell Remote Code Execution VulnerabilityCriticalNoNo22RCE
CVE-2020-1311Component Object Model Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1211Connected Devices Platform Service Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1120Connected User Experiences and Telemetry Service Denial of Service VulnerabilityImportantNoNo22DoS
CVE-2020-1244Connected User Experiences and Telemetry Service Denial of Service VulnerabilityImportantNoNo22DoS
CVE-2020-1202Diagnostic Hub Standard Collector Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1203Diagnostic Hub Standard Collector Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1257Diagnostics Hub Standard Collector Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1278Diagnostics Hub Standard Collector Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1293Diagnostics Hub Standard Collector Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1317Group Policy Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1315Internet Explorer Information Disclosure VulnerabilityImportantNoNo22Info
CVE-2020-1208Jet Database Engine Remote Code Execution VulnerabilityImportantNoNo22RCE
CVE-2020-1236Jet Database Engine Remote Code Execution VulnerabilityImportantNoNo22RCE
CVE-2020-1232Media Foundation Information Disclosure VulnerabilityImportantNoNo22Info
CVE-2020-1238Media Foundation Memory Corruption VulnerabilityImportantNoNo22RCE
CVE-2020-1239Media Foundation Memory Corruption VulnerabilityImportantNoNo22RCE
CVE-2020-1329Microsoft Bing Search Spoofing VulnerabilityImportantNoNo22Spoof
CVE-2020-1220Microsoft Edge (Chromium-based) in IE Mode Spoofing VulnerabilityImportantNoNo22Spoof
CVE-2020-1242Microsoft Edge Information Disclosure VulnerabilityImportantNoNo22Info
CVE-2020-1225Microsoft Excel Remote Code Execution VulnerabilityImportantNoNo22RCE
CVE-2020-1226Microsoft Excel Remote Code Execution VulnerabilityImportantNoNo22RCE
CVE-2020-1160Microsoft Graphics Component Information Disclosure VulnerabilityImportantNoNo22Info
CVE-2020-1321Microsoft Office Remote Code Execution VulnerabilityImportantNoNo22RCE
CVE-2020-1177Microsoft Office SharePoint XSS VulnerabilityImportantNoNo22XSS
CVE-2020-1183Microsoft Office SharePoint XSS VulnerabilityImportantNoNo22XSS
CVE-2020-1297Microsoft Office SharePoint XSS VulnerabilityImportantNoNo22XSS
CVE-2020-1298Microsoft Office SharePoint XSS VulnerabilityImportantNoNo22XSS
CVE-2020-1318Microsoft Office SharePoint XSS VulnerabilityImportantNoNo22XSS
CVE-2020-1320Microsoft Office SharePoint XSS VulnerabilityImportantNoNo22XSS
CVE-2020-1229Microsoft Outlook Security Feature Bypass VulnerabilityImportantNoNo22SFB
CVE-2020-1322Microsoft Project Information Disclosure VulnerabilityImportantNoNo22Info
CVE-2020-1295Microsoft SharePoint Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1178Microsoft SharePoint Server Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1148Microsoft SharePoint Spoofing VulnerabilityImportantNoNo22Spoof
CVE-2020-1289Microsoft SharePoint Spoofing VulnerabilityImportantNoNo22Spoof
CVE-2020-1222Microsoft Store Runtime Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1309Microsoft Store Runtime Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1163Microsoft Windows Defender Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1170Microsoft Windows Defender Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1340NuGetGallery Spoofing VulnerabilityImportantNoNo22Spoof
CVE-2020-1212OLE Automation Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1292OpenSSH for Windows Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1323SharePoint Open Redirect VulnerabilityImportantNoNo22Spoof
CVE-2020-1331System Center Spoofing VulnerabilityImportantNoNo22Spoof
CVE-2020-1327Team Foundation Server HTML Injection VulnerabilityImportantNoNo22Spoof
CVE-2020-1214VBScript Remote Code Execution VulnerabilityImportantNoNo11RCE
CVE-2020-1215VBScript Remote Code Execution VulnerabilityImportantNoNo11RCE
CVE-2020-1230VBScript Remote Code Execution VulnerabilityImportantNoNo11RCE
CVE-2020-1343Visual Studio Code Information Disclosure VulnerabilityImportantNoNo22Info
CVE-2020-1207Win32k Elevation of Privilege VulnerabilityImportantNoNo11EoP
CVE-2020-1247Win32k Elevation of Privilege VulnerabilityImportantNoNo11EoP
CVE-2020-1251Win32k Elevation of Privilege VulnerabilityImportantNoNo11EoP
CVE-2020-1253Win32k Elevation of Privilege VulnerabilityImportantNoNo11EoP
CVE-2020-1258Win32k Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1310Win32k Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1290Win32k Information Disclosure VulnerabilityImportantNoNo22Info
CVE-2020-1255Windows Background Intelligent Transfer Service Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1271Windows Backup Service Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1280Windows Bluetooth Service Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1283Windows Denial of Service VulnerabilityImportantNoNo22DoS
CVE-2020-1296Windows Diagnostics & feedback Information Disclosure VulnerabilityImportantNoNo22Info
CVE-2020-1162Windows Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1324Windows Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1234Windows Error Reporting Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1261Windows Error Reporting Information Disclosure VulnerabilityImportantNoNo22Info
CVE-2020-1263Windows Error Reporting Information Disclosure VulnerabilityImportantNoNo22Info
CVE-2020-1197Windows Error Reporting Manager Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1199Windows Feedback Hub Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-0915Windows GDI Elevation of Privilege VulnerabilityImportantNo*No22EoP
CVE-2020-0916Windows GDI Elevation of Privilege VulnerabilityImportantNo*No22EoP
CVE-2020-1348Windows GDI Information Disclosure VulnerabilityImportantNoNo22Info
CVE-2020-1259Windows Host Guardian Service Security Feature Bypass VulnerabilityImportantNoNo22SFB
CVE-2020-1272Windows Installer Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1277Windows Installer Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1302Windows Installer Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1312Windows Installer Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-0986Windows Kernel Elevation of Privilege VulnerabilityImportantNo*No22EoP
CVE-2020-1237Windows Kernel Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1246Windows Kernel Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1262Windows Kernel Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1264Windows Kernel Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1266Windows Kernel Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1269Windows Kernel Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1273Windows Kernel Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1274Windows Kernel Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1275Windows Kernel Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1276Windows Kernel Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1307Windows Kernel Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1316Windows Kernel Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1241Windows Kernel Security Feature Bypass VulnerabilityImportantNoNo11SFB
CVE-2020-1279Windows Lockscreen Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1204Windows Mobile Device Management Diagnostics Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1254Windows Modules Installer Service Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1291Windows Network Connections Service Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1209Windows Network List Service Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1201Windows Now Playing Session Manager Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1196Windows Print Configuration Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1194Windows Registry Denial of Service VulnerabilityImportantNoNo22DoS
CVE-2020-1231Windows Runtime Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1233Windows Runtime Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1235Windows Runtime Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1265Windows Runtime Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1282Windows Runtime Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1304Windows Runtime Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1306Windows Runtime Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1334Windows Runtime Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1217Windows Runtime Information Disclosure VulnerabilityImportantNoNo22Info
CVE-2020-1268Windows Service Information Disclosure VulnerabilityImportantNoNo22Info
CVE-2020-1301Windows SMB Remote Code Execution VulnerabilityImportantNoNo11RCE
CVE-2020-1284Windows SMBv3 Client/Server Denial of Service VulnerabilityImportantNoNo11DoS
CVE-2020-1206Windows SMBv3 Client/Server Information Disclosure VulnerabilityImportantNoNo11Info
CVE-2020-1305Windows State Repository Service Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1314Windows Text Service Framework Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1313Windows Update Orchestrator Service Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1287Windows WalletService Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1294Windows WalletService Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1270Windows WLAN Service Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2020-1223Word for Android Remote Code Execution VulnerabilityImportantNoNo22RCE
CVEs released by Microsoft for June 2020