این هفته وصله های امنیتی ماه ژوئن مایکروسافت منتشر شد. در این به روزرسانی، مایکروسافت 129 آسیب پذیری موجود در محصولات خود را رفع نموده است که 11 مورد از آنها در دسته بندی حیاتی و 109 مورد در دسته بندی مهم، قرار گرفته اند.
این به روزرسانی بزرگترین به روزرسانی مایکروسافت می باشد و به ترتیب بعد از آن، به روزسانی ماه مارس 2020 با 115 مورد آسیب پذیری و به روزسانی آپریل 2020 با 113مورد رفع آسیب پذیری بزرگترین وصله های منتشر شده مایکروسافت بوده اند.
در این به روزرسانی آسیب پذیری Zero-Day وجود ندارد.
آسیب پذیری های حیاتی
3 آسیب پذیری حیاتی مربوط به Microsoft Edge و موتور VBScript است که به مهاجم اجازه ی اجرای کد از راه دور، از طریق ترغیب کاربر به بازدید از وبسایت های مخرب را می دهد.
• CVE-2020-1219 – Microsoft Browser Memory Corruption Vulnerability
• CVE-2020-1216 | VBScript Remote Code Execution Vulnerability
• CVE-2020-1216 | VBScript Remote Code Execution Vulnerability
در صورت بهره برداری موفق از این آسیب پذیری ها مهاجم می تواند دستورات اجرایی خود را بر روی کامپیوتر هدف با امتیازات کاربر اجرا کند.
مهاجم کاربران را ترغیب به دانلود یک فایل مخرب می کند و با بهره برداری از این آسیب پذیری ها، قادر به انجام حملات فیشینگ و وبی خواهد بود.
• CVE-2020-1248 – GDI+ Remote Code Execution Vulnerability
• CVE-2020-1281 – Windows OLE Remote Code Execution Vulnerability
• CVE-2020-1299 – LNK Remote Code Execution Vulnerability
وصله های امنیتی ماه ژوئن 2020
در جدول زیر لیست کامل آسیب پذیری های رفع شده و وصله های امنیتی منشتر شده در این ماه را می توانید مشاهده نمایید :
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| Adobe Flash Player | ADV200010 | June 2020 Adobe Flash Security Update | Critical |
| Android App | CVE-2020-1223 | Word for Android Remote Code Execution Vulnerability | Important |
| Apps | CVE-2020-1329 | Microsoft Bing Search Spoofing Vulnerability | Important |
| Azure DevOps | CVE-2020-1327 | Azure DevOps Server HTML Injection Vulnerability | Important |
| Diagnostics Hub | CVE-2020-1278 | Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | Important |
| Diagnostics Hub | CVE-2020-1203 | Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability | Important |
| Diagnostics Hub | CVE-2020-1202 | Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability | Important |
| HoloLens | CVE-2020-1199 | Windows Feedback Hub Elevation of Privilege Vulnerability | Important |
| Internet Explorer | CVE-2020-1315 | Internet Explorer Information Disclosure Vulnerability | Important |
| Microsoft Browsers | CVE-2020-1219 | Microsoft Browser Memory Corruption Vulnerability | Critical |
| Microsoft Edge | CVE-2020-1242 | Microsoft Edge Information Disclosure Vulnerability | Important |
| Microsoft Edge (Chromium-based) in IE Mode | CVE-2020-1220 | Microsoft Edge (Chromium-based) in IE Mode Spoofing Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-1207 | Win32k Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-1258 | DirectX Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-1251 | Win32k Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-1160 | Microsoft Graphics Component Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-0915 | Windows GDI Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-1253 | Win32k Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-1348 | Windows GDI Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-0986 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-0916 | Windows GDI Elevation of Privilege Vulnerability | Important |
| Microsoft JET Database Engine | CVE-2020-1236 | Jet Database Engine Remote Code Execution Vulnerability | Important |
| Microsoft JET Database Engine | CVE-2020-1208 | Jet Database Engine Remote Code Execution Vulnerability | Important |
| Microsoft Malware Protection Engine | CVE-2020-1163 | Microsoft Windows Defender Elevation of Privilege Vulnerability | Important |
| Microsoft Malware Protection Engine | CVE-2020-1170 | Microsoft Windows Defender Elevation of Privilege Vulnerability | Important |
| Microsoft Office | CVE-2020-1226 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2020-1225 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2020-1229 | Microsoft Outlook Security Feature Bypass Vulnerability | Important |
| Microsoft Office | CVE-2020-1321 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2020-1322 | Microsoft Project Information Disclosure Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1289 | Microsoft SharePoint Spoofing Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1181 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Critical |
| Microsoft Office SharePoint | CVE-2020-1148 | Microsoft SharePoint Spoofing Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1183 | Microsoft Office SharePoint XSS Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1318 | Microsoft Office SharePoint XSS Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1295 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1298 | Microsoft Office SharePoint XSS Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1323 | SharePoint Open Redirect Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1297 | Microsoft Office SharePoint XSS Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1178 | Microsoft SharePoint Server Elevation of Privilege Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1177 | Microsoft Office SharePoint XSS Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-1320 | Microsoft Office SharePoint XSS Vulnerability | Important |
| Microsoft Scripting Engine | CVE-2020-1260 | VBScript Remote Code Execution Vulnerability | Moderate |
| Microsoft Scripting Engine | CVE-2020-1215 | VBScript Remote Code Execution Vulnerability | Low |
| Microsoft Scripting Engine | CVE-2020-1230 | VBScript Remote Code Execution Vulnerability | Low |
| Microsoft Scripting Engine | CVE-2020-1073 | Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2020-1214 | VBScript Remote Code Execution Vulnerability | Important |
| Microsoft Scripting Engine | CVE-2020-1216 | VBScript Remote Code Execution Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2020-1213 | VBScript Remote Code Execution Vulnerability | Critical |
| Microsoft Windows | CVE-2020-1324 | Windows Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1162 | Windows Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1305 | Windows State Repository Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1313 | Windows Update Orchestrator Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1316 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1309 | Microsoft Store Runtime Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1312 | Windows Installer Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1306 | Windows Runtime Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1296 | Windows Diagnostics & feedback Information Disclosure Vulnerability | Important |
| Microsoft Windows | CVE-2020-1270 | Windows WLAN Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1255 | Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1283 | Windows Denial of Service Vulnerability | Important |
| Microsoft Windows | CVE-2020-1263 | Windows Error Reporting Information Disclosure Vulnerability | Important |
| Microsoft Windows | CVE-2020-1259 | Windows Host Guardian Service Security Feature Bypass Vulnerability | Important |
| Microsoft Windows | CVE-2020-1268 | Windows Service Information Disclosure Vulnerability | Important |
| Microsoft Windows | CVE-2020-1290 | Win32k Information Disclosure Vulnerability | Important |
| Microsoft Windows | CVE-2020-1291 | Windows Network Connections Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1292 | OpenSSH for Windows Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1317 | Group Policy Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1244 | Connected User Experiences and Telemetry Service Denial of Service Vulnerability | Important |
| Microsoft Windows | CVE-2020-1241 | Windows Kernel Security Feature Bypass Vulnerability | Important |
| Microsoft Windows | CVE-2020-1314 | Windows Text Service Framework Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1271 | Windows Backup Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1222 | Microsoft Store Runtime Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1120 | Connected User Experiences and Telemetry Service Denial of Service Vulnerability | Important |
| Microsoft Windows | CVE-2020-1201 | Windows Now Playing Session Manager Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1233 | Windows Runtime Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1246 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1235 | Windows Runtime Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1234 | Windows Error Reporting Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1197 | Windows Error Reporting Manager Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1194 | Windows Registry Denial of Service Vulnerability | Important |
| Microsoft Windows | CVE-2020-1231 | Windows Runtime Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1209 | Windows Network List Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1204 | Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1307 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1211 | Connected Devices Platform Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1196 | Windows Print Configuration Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1334 | Windows Runtime Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-1217 | Windows Runtime Information Disclosure Vulnerability | Important |
| Microsoft Windows PDF | CVE-2020-1248 | GDI+ Remote Code Execution Vulnerability | Critical |
| Open Source Software | CVE-2020-1340 | NuGetGallery Spoofing Vulnerability | Important |
| System Center | CVE-2020-1331 | System Center Operations Manager Spoofing Vulnerability | Important |
| Visual Studio | CVE-2020-1343 | Visual Studio Code Live Share Information Disclosure Vulnerability | Important |
| Windows COM | CVE-2020-1311 | Component Object Model Elevation of Privilege Vulnerability | Important |
| Windows Diagnostic Hub | CVE-2020-1293 | Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | Important |
| Windows Diagnostic Hub | CVE-2020-1257 | Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | Important |
| Windows Error Reporting | CVE-2020-1261 | Windows Error Reporting Information Disclosure Vulnerability | Important |
| Windows Installer | CVE-2020-1272 | Windows Installer Elevation of Privilege Vulnerability | Important |
| Windows Installer | CVE-2020-1302 | Windows Installer Elevation of Privilege Vulnerability | Important |
| Windows Installer | CVE-2020-1277 | Windows Installer Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2020-1276 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2020-1310 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2020-1273 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2020-1280 | Windows Bluetooth Service Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2020-1275 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2020-1247 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2020-1274 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2020-1262 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2020-1237 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2020-1266 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2020-1269 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2020-1282 | Windows Runtime Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2020-1264 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2020-1265 | Windows Runtime Elevation of Privilege Vulnerability | Important |
| Windows Lock Screen | CVE-2020-1279 | Windows Lockscreen Elevation of Privilege Vulnerability | Important |
| Windows Media | CVE-2020-1238 | Media Foundation Memory Corruption Vulnerability | Important |
| Windows Media | CVE-2020-1304 | Windows Runtime Elevation of Privilege Vulnerability | Important |
| Windows Media Player | CVE-2020-1239 | Media Foundation Memory Corruption Vulnerability | Important |
| Windows Media Player | CVE-2020-1232 | Media Foundation Information Disclosure Vulnerability | Important |
| Windows OLE | CVE-2020-1281 | Windows OLE Remote Code Execution Vulnerability | Critical |
| Windows OLE | CVE-2020-1212 | OLE Automation Elevation of Privilege Vulnerability | Important |
| Windows Print Spooler Components | CVE-2020-1300 | Windows Remote Code Execution Vulnerability | Critical |
| Windows Shell | CVE-2020-1299 | LNK Remote Code Execution Vulnerability | Critical |
| Windows Shell | CVE-2020-1286 | Windows Shell Remote Code Execution Vulnerability | Critical |
| Windows SMB | CVE-2020-1206 | Windows SMBv3 Client/Server Information Disclosure Vulnerability | Important |
| Windows SMB | CVE-2020-1284 | Windows SMBv3 Client/Server Denial of Service Vulnerability | Important |
| Windows SMB | CVE-2020-1301 | Windows SMB Remote Code Execution Vulnerability | Important |
| Windows Update Stack | CVE-2020-1254 | Windows Modules Installer Service Elevation of Privilege Vulnerability | Important |
| Windows Wallet Service | CVE-2020-1294 | Windows WalletService Elevation of Privilege Vulnerability | Important |
| Windows Wallet Service | CVE-2020-1287 | Windows WalletService Elevation of Privilege Vulnerability | Important |
منبع :
