انتشار وصله های امنیتی ماه ژوئن 2020 مایکروسافت، پوشش 129 آسیب پذیری

Patch june
این هفته وصله های امنیتی ماه ژوئن مایکروسافت منتشر شد. در این به روزرسانی، مایکروسافت 129 آسیب پذیری موجود در محصولات خود را رفع نموده است که 11 مورد از آنها در دسته بندی حیاتی و 109 مورد در دسته بندی مهم، قرار گرفته اند.

این به روزرسانی بزرگترین به روزرسانی مایکروسافت می باشد و به ترتیب بعد از آن، به روزسانی ماه مارس 2020 با 115 مورد آسیب پذیری و به روزسانی آپریل 2020 با 113مورد رفع آسیب پذیری بزرگترین وصله های منتشر شده مایکروسافت بوده اند.
در این به روزرسانی آسیب پذیری Zero-Day وجود ندارد.


آسیب پذیری های حیاتی


3 آسیب پذیری حیاتی مربوط به Microsoft Edge و موتور VBScript است که به مهاجم اجازه ی اجرای کد از راه دور، از طریق ترغیب کاربر به بازدید از وبسایت های مخرب را می دهد.


•    CVE-2020-1219 - Microsoft Browser Memory Corruption Vulnerability
•    CVE-2020-1216 | VBScript Remote Code Execution Vulnerability
•    CVE-2020-1216 | VBScript Remote Code Execution Vulnerability

در صورت بهره برداری موفق از این آسیب پذیری ها مهاجم می تواند دستورات اجرایی خود را بر روی کامپیوتر هدف با امتیازات کاربر اجرا کند.


مهاجم کاربران را ترغیب به دانلود یک فایل مخرب می کند و با بهره برداری از این آسیب پذیری ها، قادر به انجام حملات فیشینگ و وبی خواهد بود.


•    CVE-2020-1248 - GDI+ Remote Code Execution Vulnerability
•    CVE-2020-1281 - Windows OLE Remote Code Execution Vulnerability
•    CVE-2020-1299 - LNK Remote Code Execution Vulnerability

وصله های امنیتی ماه ژوئن 2020

در جدول زیر لیست کامل آسیب پذیری های رفع شده و وصله های امنیتی منشتر شده در این ماه را می توانید مشاهده نمایید :

TagCVE IDCVE TitleSeverity
Adobe Flash Player ADV200010 June 2020 Adobe Flash Security Update Critical
Android App CVE-2020-1223 Word for Android Remote Code Execution Vulnerability Important
Apps CVE-2020-1329 Microsoft Bing Search Spoofing Vulnerability Important
Azure DevOps CVE-2020-1327 Azure DevOps Server HTML Injection Vulnerability Important
Diagnostics Hub CVE-2020-1278 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Important
Diagnostics Hub CVE-2020-1203 Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability Important
Diagnostics Hub CVE-2020-1202 Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability Important
HoloLens CVE-2020-1199 Windows Feedback Hub Elevation of Privilege Vulnerability Important
Internet Explorer CVE-2020-1315 Internet Explorer Information Disclosure Vulnerability Important
Microsoft Browsers CVE-2020-1219 Microsoft Browser Memory Corruption Vulnerability Critical
Microsoft Edge CVE-2020-1242 Microsoft Edge Information Disclosure Vulnerability Important
Microsoft Edge (Chromium-based) in IE Mode CVE-2020-1220 Microsoft Edge (Chromium-based) in IE Mode Spoofing Vulnerability Important
Microsoft Graphics Component CVE-2020-1207 Win32k Elevation of Privilege Vulnerability Important
Microsoft Graphics Component CVE-2020-1258 DirectX Elevation of Privilege Vulnerability Important
Microsoft Graphics Component CVE-2020-1251 Win32k Elevation of Privilege Vulnerability Important
Microsoft Graphics Component CVE-2020-1160 Microsoft Graphics Component Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2020-0915 Windows GDI Elevation of Privilege Vulnerability Important
Microsoft Graphics Component CVE-2020-1253 Win32k Elevation of Privilege Vulnerability Important
Microsoft Graphics Component CVE-2020-1348 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2020-0986 Windows Kernel Elevation of Privilege Vulnerability Important
Microsoft Graphics Component CVE-2020-0916 Windows GDI Elevation of Privilege Vulnerability Important
Microsoft JET Database Engine CVE-2020-1236 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2020-1208 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft Malware Protection Engine CVE-2020-1163 Microsoft Windows Defender Elevation of Privilege Vulnerability Important
Microsoft Malware Protection Engine CVE-2020-1170 Microsoft Windows Defender Elevation of Privilege Vulnerability Important
Microsoft Office CVE-2020-1226 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office CVE-2020-1225 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office CVE-2020-1229 Microsoft Outlook Security Feature Bypass Vulnerability Important
Microsoft Office CVE-2020-1321 Microsoft Office Remote Code Execution Vulnerability Important
Microsoft Office CVE-2020-1322 Microsoft Project Information Disclosure Vulnerability Important
Microsoft Office SharePoint CVE-2020-1289 Microsoft SharePoint Spoofing Vulnerability Important
Microsoft Office SharePoint CVE-2020-1181 Microsoft SharePoint Server Remote Code Execution Vulnerability Critical
Microsoft Office SharePoint CVE-2020-1148 Microsoft SharePoint Spoofing Vulnerability Important
Microsoft Office SharePoint CVE-2020-1183 Microsoft Office SharePoint XSS Vulnerability Important
Microsoft Office SharePoint CVE-2020-1318 Microsoft Office SharePoint XSS Vulnerability Important
Microsoft Office SharePoint CVE-2020-1295 Microsoft SharePoint Elevation of Privilege Vulnerability Important
Microsoft Office SharePoint CVE-2020-1298 Microsoft Office SharePoint XSS Vulnerability Important
Microsoft Office SharePoint CVE-2020-1323 SharePoint Open Redirect Vulnerability Important
Microsoft Office SharePoint CVE-2020-1297 Microsoft Office SharePoint XSS Vulnerability Important
Microsoft Office SharePoint CVE-2020-1178 Microsoft SharePoint Server Elevation of Privilege Vulnerability Important
Microsoft Office SharePoint CVE-2020-1177 Microsoft Office SharePoint XSS Vulnerability Important
Microsoft Office SharePoint CVE-2020-1320 Microsoft Office SharePoint XSS Vulnerability Important
Microsoft Scripting Engine CVE-2020-1260 VBScript Remote Code Execution Vulnerability Moderate
Microsoft Scripting Engine CVE-2020-1215 VBScript Remote Code Execution Vulnerability Low
Microsoft Scripting Engine CVE-2020-1230 VBScript Remote Code Execution Vulnerability Low
Microsoft Scripting Engine CVE-2020-1073 Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2020-1214 VBScript Remote Code Execution Vulnerability Important
Microsoft Scripting Engine CVE-2020-1216 VBScript Remote Code Execution Vulnerability Critical
Microsoft Scripting Engine CVE-2020-1213 VBScript Remote Code Execution Vulnerability Critical
Microsoft Windows CVE-2020-1324 Windows Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1162 Windows Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1305 Windows State Repository Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1313 Windows Update Orchestrator Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1316 Windows Kernel Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1309 Microsoft Store Runtime Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1312 Windows Installer Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1306 Windows Runtime Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1296 Windows Diagnostics & feedback Information Disclosure Vulnerability Important
Microsoft Windows CVE-2020-1270 Windows WLAN Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1255 Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1283 Windows Denial of Service Vulnerability Important
Microsoft Windows CVE-2020-1263 Windows Error Reporting Information Disclosure Vulnerability Important
Microsoft Windows CVE-2020-1259 Windows Host Guardian Service Security Feature Bypass Vulnerability Important
Microsoft Windows CVE-2020-1268 Windows Service Information Disclosure Vulnerability Important
Microsoft Windows CVE-2020-1290 Win32k Information Disclosure Vulnerability Important
Microsoft Windows CVE-2020-1291 Windows Network Connections Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1292 OpenSSH for Windows Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1317 Group Policy Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1244 Connected User Experiences and Telemetry Service Denial of Service Vulnerability Important
Microsoft Windows CVE-2020-1241 Windows Kernel Security Feature Bypass Vulnerability Important
Microsoft Windows CVE-2020-1314 Windows Text Service Framework Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1271 Windows Backup Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1222 Microsoft Store Runtime Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1120 Connected User Experiences and Telemetry Service Denial of Service Vulnerability Important
Microsoft Windows CVE-2020-1201 Windows Now Playing Session Manager Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1233 Windows Runtime Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1246 Windows Kernel Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1235 Windows Runtime Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1234 Windows Error Reporting Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1197 Windows Error Reporting Manager Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1194 Windows Registry Denial of Service Vulnerability Important
Microsoft Windows CVE-2020-1231 Windows Runtime Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1209 Windows Network List Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1204 Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1307 Windows Kernel Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1211 Connected Devices Platform Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1196 Windows Print Configuration Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1334 Windows Runtime Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-1217 Windows Runtime Information Disclosure Vulnerability Important
Microsoft Windows PDF CVE-2020-1248 GDI+ Remote Code Execution Vulnerability Critical
Open Source Software CVE-2020-1340 NuGetGallery Spoofing Vulnerability Important
System Center CVE-2020-1331 System Center Operations Manager Spoofing Vulnerability Important
Visual Studio CVE-2020-1343 Visual Studio Code Live Share Information Disclosure Vulnerability Important
Windows COM CVE-2020-1311 Component Object Model Elevation of Privilege Vulnerability Important
Windows Diagnostic Hub CVE-2020-1293 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Important
Windows Diagnostic Hub CVE-2020-1257 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Important
Windows Error Reporting CVE-2020-1261 Windows Error Reporting Information Disclosure Vulnerability Important
Windows Installer CVE-2020-1272 Windows Installer Elevation of Privilege Vulnerability Important
Windows Installer CVE-2020-1302 Windows Installer Elevation of Privilege Vulnerability Important
Windows Installer CVE-2020-1277 Windows Installer Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2020-1276 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2020-1310 Win32k Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2020-1273 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2020-1280 Windows Bluetooth Service Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2020-1275 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2020-1247 Win32k Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2020-1274 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2020-1262 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2020-1237 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2020-1266 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2020-1269 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2020-1282 Windows Runtime Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2020-1264 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2020-1265 Windows Runtime Elevation of Privilege Vulnerability Important
Windows Lock Screen CVE-2020-1279 Windows Lockscreen Elevation of Privilege Vulnerability Important
Windows Media CVE-2020-1238 Media Foundation Memory Corruption Vulnerability Important
Windows Media CVE-2020-1304 Windows Runtime Elevation of Privilege Vulnerability Important
Windows Media Player CVE-2020-1239 Media Foundation Memory Corruption Vulnerability Important
Windows Media Player CVE-2020-1232 Media Foundation Information Disclosure Vulnerability Important
Windows OLE CVE-2020-1281 Windows OLE Remote Code Execution Vulnerability Critical
Windows OLE CVE-2020-1212 OLE Automation Elevation of Privilege Vulnerability Important
Windows Print Spooler Components CVE-2020-1300 Windows Remote Code Execution Vulnerability Critical
Windows Shell CVE-2020-1299 LNK Remote Code Execution Vulnerability Critical
Windows Shell CVE-2020-1286 Windows Shell Remote Code Execution Vulnerability Critical
Windows SMB CVE-2020-1206 Windows SMBv3 Client/Server Information Disclosure Vulnerability Important
Windows SMB CVE-2020-1284 Windows SMBv3 Client/Server Denial of Service Vulnerability Important
Windows SMB CVE-2020-1301 Windows SMB Remote Code Execution Vulnerability Important
Windows Update Stack CVE-2020-1254 Windows Modules Installer Service Elevation of Privilege Vulnerability Important
Windows Wallet Service CVE-2020-1294 Windows WalletService Elevation of Privilege Vulnerability Important
Windows Wallet Service CVE-2020-1287 Windows WalletService Elevation of Privilege Vulnerability Important

 

منبع :

https://www.bleepingcomputer.com

افزودن دیدگاه جدید

نظر خودتان را ارسال کنید

کاربر گرامی چنانچه تمایل دارید، نقد یا نظر شما به نام خودتان در سایت ثبت شود، لطفا وارد سایت شوید.

طراحی سایت طراحی سایت طراحی سایت طراحی سایت

کلیه حقوق این سایت محفوظ و متعلق به شرکت مهندسی تحقیق و توسعه ارتباط پانا می باشد.

گفتگوی آنلاین