Patch Tuesday June 2020: Update Highlights and Known Issues
Patch Tuesday June 2020 Edition
Microsoft rolled out the June 2020 Patch Tuesday updates on June 12, 2020. As always, with this batch of updates, the Redmond giant focuses on improving the overall functionality of the OS and fixing existing bugs.
This month’s updates are all about improving the security of most Windows components and apps. If you want to install the latest updates, you can check out this guide where you’ll also find the direct download links.
We already covered the key changes in these posts. Do check them out to learn what’s new:
- Get the Windows 10 June Patch Tuesday updates today
- Windows 10 June Patch Tuesday [DIRECT DOWNLOAD LINKS]
- 139 CVEs get fixed in the June Patch Tuesday Updates
- KB4560960 patch for Windows 10 might disconnect your modem
- Windows 7 Update KB4561643 fails to install for some users
Microsoft rolls out different Patch Tuesday updates for all the Windows 10 versions currently supported. For more information on the latest updates, check out our Windows 10 Patch Tuesday update history page.
What are the main fixes?
- Adobe products
The June Patch Tuesday updates bring fixes to 10 Adobe-related CVEs, most of which target Adobe Flash, Experience Manager, and Framemaker.
2 of the CVEs were rated as being Critical, while 1 was deemed to be just Important.
- Microsoft Outlook Security
One of the CVEs covered and fixed in the June 2020 Patch Tuesday updates involve a Microsoft Outlook Security Vulnerability. If exploited, CVE-2020-1229 could allow attackers to automatically load remote images.
Those using Windows-based versions of Office can rest assured that patches to fix this issue is already available. However, those still using Office 2016 for Mac and Office 2019 for Mac will have to wait a bit longer.
- LNK
It seems that one of the CVEs fixed this month is one related to the LNK feature. Curiously enough, it seems to be the third time this year a CVE relate to this component gets discovered.
More so, CVE-2020-1299 behaves pretty much like the past ones, where an attacker could potentially exploit it to get code execution.
- OLE data structures
CVE-2020-1281 is a bit more special compared to the rest since it can be used on all versions of Windows 10.
By exploiting this vulnerability, an attacked could get code execution rights if they can manage to make the user open certain files or programs.
- CAB files
Another nasty CVE fixed this month is CVE-2020-1300 where attackers could gain code execution rights to certain systems by simply making users open modified CAB files.
Patch Tuesday list of CVEs
If you want to learn more about this month’s list of common vulnerabilities and exposures, you can check out the table below:
| Title | CVE | Severity |
| GDI+ Remote Code Execution Vulnerability | CVE-2020-1248 | Critical |
| LNK Remote Code Execution Vulnerability | CVE-2020-1299 | Critical |
| Microsoft Browser Memory Corruption Vulnerability | CVE-2020-1219 | Critical |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | CVE-2020-1181 | Critical |
| Scripting Engine Memory Corruption Vulnerability | CVE-2020-1073 | Critical |
| VBScript Remote Code Execution Vulnerability | CVE-2020-1213 | Critical |
| VBScript Remote Code Execution Vulnerability | CVE-2020-1216 | Critical |
| VBScript Remote Code Execution Vulnerability | CVE-2020-1260 | Critical |
| Windows OLE Remote Code Execution Vulnerability | CVE-2020-1281 | Critical |
| Windows Remote Code Execution Vulnerability | CVE-2020-1300 | Critical |
| Windows Shell Remote Code Execution Vulnerability | CVE-2020-1286 | Critical |
| Component Object Model Elevation of Privilege Vulnerability | CVE-2020-1311 | Important |
| Connected Devices Platform Service Elevation of Privilege Vulnerability | CVE-2020-1211 | Important |
| Connected User Experiences and Telemetry Service Denial of Service Vulnerability | CVE-2020-1120 | Important |
| Connected User Experiences and Telemetry Service Denial of Service Vulnerability | CVE-2020-1244 | Important |
| Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability | CVE-2020-1202 | Important |
| Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability | CVE-2020-1203 | Important |
| Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | CVE-2020-1257 | Important |
| Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | CVE-2020-1278 | Important |
| Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | CVE-2020-1293 | Important |
| Group Policy Elevation of Privilege Vulnerability | CVE-2020-1317 | Important |
| Internet Explorer Information Disclosure Vulnerability | CVE-2020-1315 | Important |
| Jet Database Engine Remote Code Execution Vulnerability | CVE-2020-1208 | Important |
| Jet Database Engine Remote Code Execution Vulnerability | CVE-2020-1236 | Important |
| Media Foundation Information Disclosure Vulnerability | CVE-2020-1232 | Important |
| Media Foundation Memory Corruption Vulnerability | CVE-2020-1238 | Important |
| Media Foundation Memory Corruption Vulnerability | CVE-2020-1239 | Important |
| Microsoft Bing Search Spoofing Vulnerability | CVE-2020-1329 | Important |
| Microsoft Edge (Chromium-based) in IE Mode Spoofing Vulnerability | CVE-2020-1220 | Important |
| Microsoft Edge Information Disclosure Vulnerability | CVE-2020-1242 | Important |
| Microsoft Excel Remote Code Execution Vulnerability | CVE-2020-1225 | Important |
| Microsoft Excel Remote Code Execution Vulnerability | CVE-2020-1226 | Important |
| Microsoft Graphics Component Information Disclosure Vulnerability | CVE-2020-1160 | Important |
| Microsoft Office Remote Code Execution Vulnerability | CVE-2020-1321 | Important |
| Microsoft Office SharePoint XSS Vulnerability | CVE-2020-1177 | Important |
| Microsoft Office SharePoint XSS Vulnerability | CVE-2020-1183 | Important |
| Microsoft Office SharePoint XSS Vulnerability | CVE-2020-1297 | Important |
| Microsoft Office SharePoint XSS Vulnerability | CVE-2020-1298 | Important |
| Microsoft Office SharePoint XSS Vulnerability | CVE-2020-1318 | Important |
| Microsoft Office SharePoint XSS Vulnerability | CVE-2020-1320 | Important |
| Microsoft Outlook Security Feature Bypass Vulnerability | CVE-2020-1229 | Important |
| Microsoft Project Information Disclosure Vulnerability | CVE-2020-1322 | Important |
| Microsoft SharePoint Elevation of Privilege Vulnerability | CVE-2020-1295 | Important |
| Microsoft SharePoint Server Elevation of Privilege Vulnerability | CVE-2020-1178 | Important |
| Microsoft SharePoint Spoofing Vulnerability | CVE-2020-1148 | Important |
| Microsoft SharePoint Spoofing Vulnerability | CVE-2020-1289 | Important |
| Microsoft Store Runtime Elevation of Privilege Vulnerability | CVE-2020-1222 | Important |
| Microsoft Store Runtime Elevation of Privilege Vulnerability | CVE-2020-1309 | Important |
| Microsoft Windows Defender Elevation of Privilege Vulnerability | CVE-2020-1163 | Important |
| Microsoft Windows Defender Elevation of Privilege Vulnerability | CVE-2020-1170 | Important |
| NuGetGallery Spoofing Vulnerability | CVE-2020-1340 | Important |
| OLE Automation Elevation of Privilege Vulnerability | CVE-2020-1212 | Important |
| OpenSSH for Windows Elevation of Privilege Vulnerability | CVE-2020-1292 | Important |
| SharePoint Open Redirect Vulnerability | CVE-2020-1323 | Important |
| System Center Spoofing Vulnerability | CVE-2020-1331 | Important |
| Team Foundation Server HTML Injection Vulnerability | CVE-2020-1327 | Important |
| VBScript Remote Code Execution Vulnerability | CVE-2020-1214 | Important |
| VBScript Remote Code Execution Vulnerability | CVE-2020-1215 | Important |
| VBScript Remote Code Execution Vulnerability | CVE-2020-1230 | Important |
| Visual Studio Code Information Disclosure Vulnerability | CVE-2020-1343 | Important |
| Win32k Elevation of Privilege Vulnerability | CVE-2020-1207 | Important |
| Win32k Elevation of Privilege Vulnerability | CVE-2020-1247 | Important |
| Win32k Elevation of Privilege Vulnerability | CVE-2020-1251 | Important |
| Win32k Elevation of Privilege Vulnerability | CVE-2020-1253 | Important |
| Win32k Elevation of Privilege Vulnerability | CVE-2020-1258 | Important |
| Win32k Elevation of Privilege Vulnerability | CVE-2020-1310 | Important |
| Win32k Information Disclosure Vulnerability | CVE-2020-1290 | Important |
| Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability | CVE-2020-1255 | Important |
| Windows Backup Service Elevation of Privilege Vulnerability | CVE-2020-1271 | Important |
| Windows Bluetooth Service Elevation of Privilege Vulnerability | CVE-2020-1280 | Important |
| Windows Denial of Service Vulnerability | CVE-2020-1283 | Important |
| Windows Diagnostics & feedback Information Disclosure Vulnerability | CVE-2020-1296 | Important |
| Windows Elevation of Privilege Vulnerability | CVE-2020-1162 | Important |
| Windows Elevation of Privilege Vulnerability | CVE-2020-1324 | Important |
| Windows Error Reporting Elevation of Privilege Vulnerability | CVE-2020-1234 | Important |
| Windows Error Reporting Information Disclosure Vulnerability | CVE-2020-1261 | Important |
| Windows Error Reporting Information Disclosure Vulnerability | CVE-2020-1263 | Important |
| Windows Error Reporting Manager Elevation of Privilege Vulnerability | CVE-2020-1197 | Important |
| Windows Feedback Hub Elevation of Privilege Vulnerability | CVE-2020-1199 | Important |
| Windows GDI Elevation of Privilege Vulnerability | CVE-2020-0915 | Important |
| Windows GDI Elevation of Privilege Vulnerability | CVE-2020-0916 | Important |
| Windows GDI Information Disclosure Vulnerability | CVE-2020-1348 | Important |
| Windows Host Guardian Service Security Feature Bypass Vulnerability | CVE-2020-1259 | Important |
| Windows Installer Elevation of Privilege Vulnerability | CVE-2020-1272 | Important |
| Windows Installer Elevation of Privilege Vulnerability | CVE-2020-1277 | Important |
| Windows Installer Elevation of Privilege Vulnerability | CVE-2020-1302 | Important |
| Windows Installer Elevation of Privilege Vulnerability | CVE-2020-1312 | Important |
| Windows Kernel Elevation of Privilege Vulnerability | CVE-2020-0986 | Important |
| Windows Kernel Elevation of Privilege Vulnerability | CVE-2020-1237 | Important |
| Windows Kernel Elevation of Privilege Vulnerability | CVE-2020-1246 | Important |
| Windows Kernel Elevation of Privilege Vulnerability | CVE-2020-1262 | Important |
| Windows Kernel Elevation of Privilege Vulnerability | CVE-2020-1264 | Important |
| Windows Kernel Elevation of Privilege Vulnerability | CVE-2020-1266 | Important |
| Windows Kernel Elevation of Privilege Vulnerability | CVE-2020-1269 | Important |
| Windows Kernel Elevation of Privilege Vulnerability | CVE-2020-1273 | Important |
| Windows Kernel Elevation of Privilege Vulnerability | CVE-2020-1274 | Important |
| Windows Kernel Elevation of Privilege Vulnerability | CVE-2020-1275 | Important |
| Windows Kernel Elevation of Privilege Vulnerability | CVE-2020-1276 | Important |
| Windows Kernel Elevation of Privilege Vulnerability | CVE-2020-1307 | Important |
| Windows Kernel Elevation of Privilege Vulnerability | CVE-2020-1316 | Important |
| Windows Kernel Security Feature Bypass Vulnerability | CVE-2020-1241 | Important |
| Windows Lockscreen Elevation of Privilege Vulnerability | CVE-2020-1279 | Important |
| Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability | CVE-2020-1204 | Important |
| Windows Modules Installer Service Elevation of Privilege Vulnerability | CVE-2020-1254 | Important |
| Windows Network Connections Service Elevation of Privilege Vulnerability | CVE-2020-1291 | Important |
| Windows Network List Service Elevation of Privilege Vulnerability | CVE-2020-1209 | Important |
| Windows Now Playing Session Manager Elevation of Privilege Vulnerability | CVE-2020-1201 | Important |
| Windows Print Configuration Elevation of Privilege Vulnerability | CVE-2020-1196 | Important |
| Windows Registry Denial of Service Vulnerability | CVE-2020-1194 | Important |
| Windows Runtime Elevation of Privilege Vulnerability | CVE-2020-1231 | Important |
| Windows Runtime Elevation of Privilege Vulnerability | CVE-2020-1233 | Important |
| Windows Runtime Elevation of Privilege Vulnerability | CVE-2020-1235 | Important |
| Windows Runtime Elevation of Privilege Vulnerability | CVE-2020-1265 | Important |
| Windows Runtime Elevation of Privilege Vulnerability | CVE-2020-1282 | Important |
| Windows Runtime Elevation of Privilege Vulnerability | CVE-2020-1304 | Important |
| Windows Runtime Elevation of Privilege Vulnerability | CVE-2020-1306 | Important |
| Windows Runtime Elevation of Privilege Vulnerability | CVE-2020-1334 | Important |
| Windows Runtime Information Disclosure Vulnerability | CVE-2020-1217 | Important |
| Windows Service Information Disclosure Vulnerability | CVE-2020-1268 | Important |
| Windows SMB Remote Code Execution Vulnerability | CVE-2020-1301 | Important |
| Windows SMBv3 Client/Server Denial of Service Vulnerability | CVE-2020-1284 | Important |
| Windows SMBv3 Client/Server Information Disclosure Vulnerability | CVE-2020-1206 | Important |
| Windows State Repository Service Elevation of Privilege Vulnerability | CVE-2020-1305 | Important |
| Windows Text Service Framework Elevation of Privilege Vulnerability | CVE-2020-1314 | Important |
| Windows Update Orchestrator Service Elevation of Privilege Vulnerability | CVE-2020-1313 | Important |
| Windows WalletService Elevation of Privilege Vulnerability | CVE-2020-1287 | Important |
| Windows WalletService Elevation of Privilege Vulnerability | CVE-2020-1294 | Important |
| Windows WLAN Service Elevation of Privilege Vulnerability | CVE-2020-1270 | Important |
| Word for Android Remote Code Execution Vulnerability | CVE-2020-1223 | Important |
What are the best practices for Patch Tuesday?
There are a few things that you can do in order to make sure that your computer installs the latest Patch Tuesday updates without any issues. We all know that Windows updates often trigger errors.
In extreme cases, they may even render your PC completely unusable. Follow these tips to make sure the update install process goes as smoothly as possible.
How to download the latest PT updates
We have a special category where we keep track of all the monthly releases for the products that you are interested in.
Exploit Wednesday & Uninstall Thursday
Right after Patch Tuesday, hackers try to exploit the vulnerabilities left unpatched by Microsoft. This leads to an increase in the number of cyber-attacks.
On the other hand, many users often decide to uninstall the Patch Tuesday updates a few hours after install due to the large number of issues they triggered — hence the name Uninstall Thursday.
Check out this guide to learn more on how to stay safe after Patch Tuesday and make sure the updates don’t brick your computer.
Patch Tuesday: All your Questions Answered
- When is Patch Tuesday released?
Microsoft rolls out new Patch Tuesday updates on the second Tuesday of each month. The next Patch Tuesday Update is expected to arrive on July 14, 2020.
- How does Patch Tuesday work?
We already answered this question in this quick guide. Do check it out to learn more on the mechanisms behind Patch Tuesday.
- What is the bandwidth impact of Patch Tuesday?
When actively downloading updates, you may experience slow connection issues on your Windows 10 computer. This happens especially when updating multiple PCs at the same time.
The solution is to distribute the updates locally via WSUS. This means downloading the updates from Microsoft Servers.
Then, your Windows 10 computers can share the updates in a peer-to-peer manner over the local network resulting in a faster update process.
Patch Tuesday Troubleshooting
Oftentimes, Patch Tuesday updates trigger various errors on Windows computers. These may range from minor glitches to technical issues that may render your computer unusable.
We covered extensively Patch Tuesday issues we compiled hundreds of troubleshooting guides to help you solve these problems quickly.
