Microsoft Security Bulletin Coverage for June 2020

June 9, 2020

SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of June 2020. A list of issues reported, along with SonicWall coverage information are as follows:

CVE-2020-0915 Windows GDI Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0916 Windows GDI Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0986 Windows Kernel Elevation of Privilege Vulnerability
ASPY 5954 :Malformed-File exe.MP.143
CVE-2020-1073 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-1120 Connected User Experiences and Telemetry Service Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-1148 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-1160 Microsoft Graphics Component Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1162 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1163 Microsoft Windows Defender Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1170 Microsoft Windows Defender Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1177 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-1178 Microsoft SharePoint Server Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1181 Microsoft SharePoint Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1183 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-1194 Windows Registry Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-1196 Windows Print Configuration Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1197 Windows Error Reporting Manager Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1199 Windows Feedback Hub Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1201 Windows Now Playing Session Manager Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1202 Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1203 Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1204 Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1206 Windows SMBv3 Client/Server Information Disclosure Vulnerability
ASPY 5952:Malformed-File exe.MP.142
CVE-2020-1207 Win32k Elevation of Privilege Vulnerability
ASPY 5951:Malformed-File exe.MP.141
CVE-2020-1208 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1209 Windows Network List Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1211 Connected Devices Platform Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1212 OLE Automation Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1213 VBScript Remote Code Execution Vulnerability
IPS 15042:VBScript Remote Code Execution Vulnerability (CVE-2020-1213)
CVE-2020-1214 VBScript Remote Code Execution Vulnerability
IPS 15041:VBScript Remote Code Execution Vulnerability (CVE-2020-1214)
CVE-2020-1215 VBScript Remote Code Execution Vulnerability
IPS 15040:VBScript Remote Code Execution Vulnerability (CVE-2020-1215)
CVE-2020-1216 VBScript Remote Code Execution Vulnerability
IPS 15035:VBScript Remote Code Execution Vulnerability (CVE-2020-1216)
CVE-2020-1217 Windows Runtime Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1219 Microsoft Browser Memory Corruption Vulnerability
IPS 15036:Microsoft Browser Memory Corruption Vulnerability (CVE-2020-1219)
CVE-2020-1220 Microsoft Edge (Chromium-based) in IE Mode Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-1222 Microsoft Store Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1223 Word for Android Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1225 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1226 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1229 Microsoft Outlook Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-1230 VBScript Remote Code Execution Vulnerability
IPS 15037:VBScript Remote Code Execution Vulnerability (CVE-2020-1230)
CVE-2020-1231 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1232 Media Foundation Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1233 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1234 Windows Error Reporting Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1235 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1236 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1237 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1238 Media Foundation Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-1239 Media Foundation Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-1241 Windows Kernel Security Feature Bypass Vulnerability
ASPY 5949:Malformed-File exe.MP.140
CVE-2020-1242 Microsoft Edge Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1244 Connected User Experiences and Telemetry Service Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-1246 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1247 Win32k Elevation of Privilege Vulnerability
IPS 2282:Suspicious Executable File Download 9
CVE-2020-1248 GDI+ Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1251 Win32k Elevation of Privilege Vulnerability
ASPY 5947:Malformed-File exe.MP.138
CVE-2020-1253 Win32k Elevation of Privilege Vulnerability
ASPY 5948:Malformed-File exe.MP.139
CVE-2020-1254 Windows Modules Installer Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1255 Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1257 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1258 DirectX Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1259 Windows Host Guardian Service Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-1260 VBScript Remote Code Execution Vulnerability
IPS 15034:VBScript Remote Code Execution Vulnerability (CVE-2020-1260)
CVE-2020-1261 Windows Error Reporting Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1262 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1263 Windows Error Reporting Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1264 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1265 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1266 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1268 Windows Service Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1269 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1270 Windows WLAN Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1271 Windows Backup Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1272 Windows Installer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1273 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1274 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1275 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1276 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1277 Windows Installer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1278 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1279 Windows Lockscreen Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1280 Windows Bluetooth Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1281 Windows OLE Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1282 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1283 Windows Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-1284 Windows SMBv3 Client/Server Denial of Service Vulnerability
IPS 15038:Windows SMBv3 Denial of Service (CVE-2020-1284) 1
CVE-2020-1286 Windows Shell Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1287 Windows WalletService Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1289 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-1290 Win32k Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1291 Windows Network Connections Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1292 OpenSSH for Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1293 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1294 Windows WalletService Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1295 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1296 Windows Diagnostics & feedback Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1297 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-1298 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-1299 LNK Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1300 Windows Remote Code Execution Vulnerability
ASPY 5960 Malformed-File cab.TL.5
CVE-2020-1301 Windows SMB Remote Code Execution Vulnerability
IPS 15039:Windows SMB Remote Code Execution (CVE-2020-1301)
CVE-2020-1302 Windows Installer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1304 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1305 Windows State Repository Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1306 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1307 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1309 Microsoft Store Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1310 Win32k Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1311 Component Object Model Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1312 Windows Installer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1313 Windows Update Orchestrator Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1314 Windows Text Service Framework Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1315 Internet Explorer Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1316 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1317 Group Policy Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1318 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-1320 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-1321 Microsoft Office Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1322 Microsoft Project Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1323 SharePoint Open Redirect Vulnerability
There are no known exploits in the wild.
CVE-2020-1324 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1327 Azure DevOps Server HTML Injection Vulnerability
There are no known exploits in the wild.
CVE-2020-1329 Microsoft Bing Search Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-1331 System Center Operations Manager Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-1334 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1340 NuGetGallery Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-1343 Visual Studio Code Live Share Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1348 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.