Virtual Administrator’s June 2020 Patch Recommendations

This month Microsoft released patches for 129 vulnerabilities with 11 rated “Critical” and 118 “Important” in severity.

All patches have been approved in our patch policy.

June brings patches for 129 vulnerabilities which is apparently a record for Microsoft.  Additionally there is an severe Adobe Flash remote code execution vulnerability (CVE-2020-9633/ADV200010/KB4561600). None of the vulnerabilities are public or reported as actively exploited. New SSUs across the board this month.  A couple of new Security Advisories.  Only a few new known issue but be on alert for potential issues with Ricoh, Brother and Canon printers – see “Known Issues” below.  The new Windows 10 version 2004 (OS Build 19041) was release at the end of May.

 

FYI: New Windows 10 formally released on May 27, 2020

Version 2004 “May 2020 Update” (OS Build 19041)

Windows 10 May 2020 Update

https://blogs.windows.com/windowsexperience/2020/05/27/how-to-get-the-windows-10-may-2020-update/

What’s new for IT pros in Windows 10, version 2004

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-new-for-it-pros-in-windows-10-version-2004/ba-p/1419764

 

Disclosed: None

Exploited: None

 

Security Update Guide

https://portal.msrc.microsoft.com/en-us/security-guidance

 

Morphus Labs patch dashboard here: https://patchtuesdaydashboard.com

 

Affected software include:

  • Microsoft Windows
  • Microsoft Edge (EdgeHTML-based)
  • Microsoft Edge (Chromium-based)
  • Microsoft ChakraCore
  • Internet Explorer
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Windows Defender
  • Visual Studio
  • Microsoft Dynamics
  • Visual Studio
  • Azure DevOps
  • HoloLens
  • Adobe Flash Player
  • Microsoft Apps for Android
  • Windows App Store
  • System Center
  • Android App

 

Microsoft Security Advisories

ADV990001 | Latest Servicing Stack Updates (Published:11/13/2018 | Last Updated:06/09/2020)

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001

Reason for Revision: A Servicing Stack Update has been released for some versions of Windows.

 

ADV200009 | Windows DNS Server Denial of Service Vulnerability (Published:05/19/2020 | Last Updated:05/29/2020)

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200009

Microsoft is aware of a vulnerability involving packet amplification that affects Windows DNS servers.

An attacker who successfully exploited this vulnerability could cause the DNS Server service to become nonresponsive.

To exploit this vulnerability an attacker would need to have access to at least one client and a domain that replies with a large volume of referral records, without glue records, that point to external victim sub domains. While resolving a name from the attacker client, for each referral record found, the resolver contacts the victim domain. This action can generate a large number of communications between the recursive resolver and the victim’s authoritative DNS server to cause a Distributed Denial of Service (DDoS) attack.

For more information see the Mitigations and Workaround sections of this advisory.

 

ADV200010 | June 2020 Adobe Flash Security Update (Published:06/09/2020)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200010

This security update addresses the following vulnerability, which is described in Adobe Security Bulletin APSB20-30: CVE-2020-9633.

Please note that in the event of any discrepancies. the definitive source of information (for example, vulnerability severity and impact) is the Adobe Flash bulletin as referenced.

 

Known Issues

Windows 10 (1903/1909) has a known issue with LTE modem connectivity. The Windows 7 and Server 2008 ESU update may show a “Failure to configure Windows updates.” if you do not have a properly configure ESU license. We have seen reports of printing issues with Ricoh, Brother and Canon – although Microsoft has not confirmed any.

 

Microsoft continues to list unresolved older problems under the Known Issues for new patches. So if you have not yet experienced one of these issues it is unlikely it will occur now.

 

Windows 10 version 1903/1909 (KB4560960)

https://support.microsoft.com/en-us/help/4560960

Symptom: After installing this update on a Windows 10 device with a wireless wide area network (WWAN) LTE modem, reaching the internet might not be possible. However, the Network Connectivity Status Indicator (NCSI) in the notification area might still indicate that you are connected to the internet.

Workaround: We are working on a resolution and will provide an update in an upcoming release.

 

Windows 7, Server 2008/2008R2 (KB4561643,KB4561645,KB4561669,KB4561670)

https://support.microsoft.com/en-us/help/4561669/windows-7-update-kb4561669

Symptom: After installing this update and restarting your device, you might receive the error, “Failure to configure Windows updates. Reverting Changes. Do not turn off your computer,” and the update might show as Failed in Update History.

Workaround: This is expected in the following circumstances:

  • If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see KB4497181.
  • If you do not have an ESU MAK add-on key installed and activated.

If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this blog post. For information on the prerequisites, see the “How to get this update” section of this article.

 

Windows 10 (1903/1909/2004) KB4560960/KB4557957 causing issues with Ricoh, Brother and Canon printers

“Windows 10 KB4560960 & KB4557957 causing major issues”

https://www.windowslatest.com/2020/06/12/windows-10-kb4557957-kb4560960-issues/

“Windows 10 printer mystery: More complain June Patch Tuesday is causing havoc”

https://www.zdnet.com/article/windows-10-printer-mystery-more-complain-june-patch-tuesday-is-causing-havoc/

 

Good resource for known issues with Windows 10 patches. Click on the version in the left column for the status of known issues.

Windows 10 release information

https://docs.microsoft.com/en-us/windows/release-information/

 

Monthly Rollup/Security Only/Windows 10/Server 2016,2019 KBs

Links are https://support.microsoft.com/en-us/help/####### with the KB number only.

 

Security and Quality Rollup

  • KB4561643 – Windows 7, Windows Server 2008 R2 (ESU)
  • KB4561666 – Windows 8.1, Windows Server 2012 R2
  • KB4561612 – Windows Server 2012
  • KB4561670 – Windows Server 2008 (ESU)

 

Security Only Update

  • KB4561669 – Windows 7, Windows Server 2008 R2 (ESU)
  • KB4561673 – Windows 8.1, Windows Server 2012 R2
  • KB4561674 – Windows Server 2012
  • KB4561645 – Windows Server 2008 (ESU)

 

Cumulative Update for Windows 10

  • KB4561649 – Original release version 1507 (OS Build 10240)
  • None – Version 1511 (OS Build 10586)
  • KB4561616 – Version 1607 “Anniversary Update” (OS Build 14393)
  • KB4561605 – Version 1703 “Creators Update” (OS Build 15063)
  • KB4561602 – Version 1709 “Fall Creators Update” (OS Build 16299)
  • KB4561621 – Version 1803 “Spring Creators Update” (OS Build 17134)
  • KB4561608 – Version 1809 “October 2018 Update” (OS Build 17763)
  • KB4560960 – Version 1903 “May 2019 Update” (OS Build 18362)
  • KB4560960 – Version 1909 “November 2019 Update” (OS Build 18363)
  • KB4557957 – Version 2004 “May 2020 Update” (OS Build 19041)

Note: Server 2016 uses the same KB as Windows 10 Version 1607. Server 2019 uses the same KB as Windows 10 Version 1809.

 

KB4561603 – Cumulative Security Update for Internet Explorer 9/10/11

This cumulative update is included in the monthly updates listed above. It can be installed instead of the monthly to secure Internet Explorer otherwise it is “superseded” by the monthly update.

 

KB4561600 – Security Update for Adobe Flash Player

 

June 2020 updates for Microsoft Office

https://support.microsoft.com/en-us/help/4559448/june-2020-updates-for-microsoft-office

 

Notable CVEs

CVE-2020-1229 | Microsoft Outlook Security Feature Bypass Vulnerability

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1229

A security feature bypass vulnerability exists in Microsoft Outlook when Office fails to enforce security settings configured on a system. An attacker who successfully exploited this vulnerability could cause a system to load remote images. These images could disclose the IP address of the targeted system to the attacker.

Exploitation of the vulnerability requires that a user open a specially crafted image with an affected version of Microsoft Office software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted image to the user.

The update addresses the vulnerability by changing how remote images are processed in Outlook.

 

CVE-2020-1281 | Windows OLE Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1281

A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code.

To exploit the vulnerability, an attacker would have to convince a user to open either a specially crafted file or a program from either a webpage or an email message.

The update addresses the vulnerability by correcting how Windows OLE validates user input.

 

CVE-2020-1299 | LNK Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1299

A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.

An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

The attacker could present to the user a removable drive, or remote share, that contains a malicious .LNK file and an associated malicious binary. When the user opens this drive(or remote share) in Windows Explorer, or any other application that parses the .LNK file, the malicious binary will execute code of the attacker’s choice, on the target system.

The security update addresses the vulnerability by correcting the processing of shortcut LNK references.

 

CVE-2020-1300 | Windows Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1300

A remote code execution vulnerability exists when Microsoft Windows fails to properly handle cabinet files.

To exploit the vulnerability, an attacker would have to convince a user to either open a specially crafted cabinet file or spoof a network printer and trick a user into installing a malicious cabinet file disguised as a printer driver.

The update addresses the vulnerability by correcting how Windows handles cabinet files.