Microsoft Security Bulletin Coverage for June 2020

By

SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of June 2020. A list of issues reported, along with SonicWall coverage information are as follows:

CVE-2020-0915 Windows GDI Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0916 Windows GDI Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0986 Windows Kernel Elevation of Privilege Vulnerability
ASPY 5954 :Malformed-File exe.MP.143
CVE-2020-1073 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-1120 Connected User Experiences and Telemetry Service Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-1148 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-1160 Microsoft Graphics Component Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1162 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1163 Microsoft Windows Defender Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1170 Microsoft Windows Defender Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1177 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-1178 Microsoft SharePoint Server Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1181 Microsoft SharePoint Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1183 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-1194 Windows Registry Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-1196 Windows Print Configuration Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1197 Windows Error Reporting Manager Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1199 Windows Feedback Hub Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1201 Windows Now Playing Session Manager Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1202 Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1203 Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1204 Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1206 Windows SMBv3 Client/Server Information Disclosure Vulnerability
ASPY 5952:Malformed-File exe.MP.142
CVE-2020-1207 Win32k Elevation of Privilege Vulnerability
ASPY 5951:Malformed-File exe.MP.141
CVE-2020-1208 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1209 Windows Network List Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1211 Connected Devices Platform Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1212 OLE Automation Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1213 VBScript Remote Code Execution Vulnerability
IPS 15042:VBScript Remote Code Execution Vulnerability (CVE-2020-1213)
CVE-2020-1214 VBScript Remote Code Execution Vulnerability
IPS 15041:VBScript Remote Code Execution Vulnerability (CVE-2020-1214)
CVE-2020-1215 VBScript Remote Code Execution Vulnerability
IPS 15040:VBScript Remote Code Execution Vulnerability (CVE-2020-1215)
CVE-2020-1216 VBScript Remote Code Execution Vulnerability
IPS 15035:VBScript Remote Code Execution Vulnerability (CVE-2020-1216)
CVE-2020-1217 Windows Runtime Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1219 Microsoft Browser Memory Corruption Vulnerability
IPS 15036:Microsoft Browser Memory Corruption Vulnerability (CVE-2020-1219)
CVE-2020-1220 Microsoft Edge (Chromium-based) in IE Mode Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-1222 Microsoft Store Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1223 Word for Android Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1225 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1226 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1229 Microsoft Outlook Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-1230 VBScript Remote Code Execution Vulnerability
IPS 15037:VBScript Remote Code Execution Vulnerability (CVE-2020-1230)
CVE-2020-1231 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1232 Media Foundation Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1233 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1234 Windows Error Reporting Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1235 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1236 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1237 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1238 Media Foundation Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-1239 Media Foundation Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-1241 Windows Kernel Security Feature Bypass Vulnerability
ASPY 5949:Malformed-File exe.MP.140
CVE-2020-1242 Microsoft Edge Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1244 Connected User Experiences and Telemetry Service Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-1246 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1247 Win32k Elevation of Privilege Vulnerability
IPS 2282:Suspicious Executable File Download 9
CVE-2020-1248 GDI+ Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1251 Win32k Elevation of Privilege Vulnerability
ASPY 5947:Malformed-File exe.MP.138
CVE-2020-1253 Win32k Elevation of Privilege Vulnerability
ASPY 5948:Malformed-File exe.MP.139
CVE-2020-1254 Windows Modules Installer Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1255 Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1257 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1258 DirectX Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1259 Windows Host Guardian Service Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-1260 VBScript Remote Code Execution Vulnerability
IPS 15034:VBScript Remote Code Execution Vulnerability (CVE-2020-1260)
CVE-2020-1261 Windows Error Reporting Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1262 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1263 Windows Error Reporting Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1264 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1265 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1266 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1268 Windows Service Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1269 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1270 Windows WLAN Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1271 Windows Backup Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1272 Windows Installer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1273 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1274 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1275 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1276 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1277 Windows Installer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1278 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1279 Windows Lockscreen Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1280 Windows Bluetooth Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1281 Windows OLE Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1282 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1283 Windows Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-1284 Windows SMBv3 Client/Server Denial of Service Vulnerability
IPS 15038:Windows SMBv3 Denial of Service (CVE-2020-1284) 1
CVE-2020-1286 Windows Shell Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1287 Windows WalletService Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1289 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-1290 Win32k Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1291 Windows Network Connections Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1292 OpenSSH for Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1293 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1294 Windows WalletService Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1295 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1296 Windows Diagnostics & feedback Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1297 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-1298 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-1299 LNK Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1300 Windows Remote Code Execution Vulnerability
ASPY 5960 Malformed-File cab.TL.5
CVE-2020-1301 Windows SMB Remote Code Execution Vulnerability
IPS 15039:Windows SMB Remote Code Execution (CVE-2020-1301)
CVE-2020-1302 Windows Installer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1304 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1305 Windows State Repository Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1306 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1307 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1309 Microsoft Store Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1310 Win32k Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1311 Component Object Model Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1312 Windows Installer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1313 Windows Update Orchestrator Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1314 Windows Text Service Framework Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1315 Internet Explorer Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1316 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1317 Group Policy Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1318 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-1320 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-1321 Microsoft Office Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1322 Microsoft Project Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1323 SharePoint Open Redirect Vulnerability
There are no known exploits in the wild.
CVE-2020-1324 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1327 Azure DevOps Server HTML Injection Vulnerability
There are no known exploits in the wild.
CVE-2020-1329 Microsoft Bing Search Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-1331 System Center Operations Manager Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-1334 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1340 NuGetGallery Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-1343 Visual Studio Code Live Share Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1348 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.