Microsoft June 2020 Security Updates

Release Notes
June 2020 Security Updates
Release Date: June 09, 2020


The June security release consists of security updates for the following software:

Microsoft Windows
Microsoft Edge (EdgeHTML-based)
Microsoft Edge (Chromium-based) in IE Mode
Microsoft ChakraCore
Internet Explorer
Microsoft Office and Microsoft Office Services and Web Apps
Windows Defender
Microsoft Dynamics
Visual Studio
Azure DevOps
HoloLens
Adobe Flash Player
Microsoft Apps for Android
Windows App Store
System Center
Android App
Please note the following information regarding the security updates:

For information regarding enabling Windows 10, version 1909 features, please see Windows 10, version 1909 delivery options. Note that Windows 10, versions 1903 and 1909 share a common core operating system with an identical set of system files. They will also share the same security update KBs.
Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.
The following CVEs have FAQs, Mitigations and Workarounds with additional information and may include * further steps to take after installing the updates. Please note that this is not a complete list of CVEs for this release.

ADV200010 *
CVE-2020-1148
CVE-2020-1160
CVE-2020-1163 *
CVE-2020-1170 *
CVE-2020-1177
CVE-2020-1178
CVE-2020-1181
CVE-2020-1183
CVE-2020-1206 *
CVE-2020-1217
CVE-2020-1220 *
CVE-2020-1223 *
CVE-2020-1225 *
CVE-2020-1226 *
CVE-2020-1229 *
CVE-2020-1232
CVE-2020-1242
CVE-2020-1261
CVE-2020-1263
CVE-2020-1268
CVE-2020-1284 *
CVE-2020-1289
CVE-2020-1290
CVE-2020-1295
CVE-2020-1296
CVE-2020-1297
CVE-2020-1298
CVE-2020-1315
CVE-2020-1301 *
CVE-2020-1318
CVE-2020-1320
CVE-2020-1321 *
CVE-2020-1322
CVE-2020-1323
CVE-2020-1329 *
Known Issues

The following KBs contain information about known issues with the security updates. For a complete list of security update KBs, please see 20200609. For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To
4560960 Windows 10, version 1903, Windows Server version 1903, Windows 10, version 1909, Windows Server version 1909
4561608 Windows 10 Version 1809, Windows Server 2019
4561616 Windows 10, version 1607, Windows Server 2016
4561643 Windows 7, Windows Server 2008 R2 (Monthly Rollup)
4561645 Windows Server 2008 (Security-only update)
4561669 Windows 7, Windows Server 2008 R2 (Security-only update)
4561670 Windows Server 2008 (Monthly Rollup)

https://portal.msrc.microsoft.com/en-us/security-gui...

Title: Microsoft Security Advisory Notification
Issued: June 9, 2020
**************************************************************************************

Security Advisories Released or Updated on June 9, 2020
======================================================================================

* Microsoft Security Advisory ADV200010

- ADV200010 | June 2020 Adobe Flash Security Update
- https://portal.msrc.microsoft.com/en-us/security-gui...
- Reason for Revision: Information published.
- Originally posted: June 9, 2020
- Updated: N/A
- Version: 1.0


* Microsoft Security Advisory ADV990001

- ADV990001 | Latest Servicing Stack Updates
- https://portal.msrc.microsoft.com/en-us/security-gui...
- Reason for Revision: A Servicing Stack Update has been released for all supported
versions of Windows. See the FAQ section for more information.
- Originally posted: November 13, 2018
- Updated: June 9, 2020
- Version: 23.0

Title: Microsoft Security Update Releases
Issued: June 9, 2020
**************************************************************************************

Summary
=======

The following CVE and advisory have undergone a major revision increment:

* CVE-2020-0762
* CVE-2020-0763
* CVE-2020-1108
* CVE-2020-1221
* CVE-2020-1328


Revision Information:
=====================

* CVE-2020-0762

- CVE-2020-0762 | Windows Defender Security Center Elevation of Privilege
Vulnerability
- https://portal.msrc.microsoft.com/en-us/security-gui...
- Version: 2.0
- Reason for Revision: To comprehensively address CVE-2020-0762 and CVE-2020-0763,
Microsoft has released security updates for Windows Defender Security Center engine.
Microsoft recommends that customers install the updates to be fully protected from
the vulnerability. Customers whose systems are configured to receive automatic
updates do not need to take any further action.
- Originally posted: March 10, 2020
- Updated: June 9, 2020
- Aggregate CVE Severity Rating: Important

* CVE-2020-0763

- CVE-2020-0763 | Windows Defender Security Center Elevation of Privilege
Vulnerability
- https://portal.msrc.microsoft.com/en-us/security-gui...
- Version: 2.0
- Reason for Revision: To comprehensively address CVE-2020-0762 and CVE-2020-0763,
Microsoft has released security updates for Windows Defender Security Center engine.
Microsoft recommends that customers install the updates to be fully protected from
the vulnerability. Customers whose systems are configured to receive automatic
updates do not need to take any further action.
- Originally posted: March 10, 2020
- Updated: June 9, 2020
- Aggregate CVE Severity Rating: Important

* CVE-2020-1108

- CVE-2020-1108 | .NET Core & .NET Framework Denial of Service Vulnerability
- https://portal.msrc.microsoft.com/en-us/security-gui...
- Version: 4.0
- Reason for Revision: To comprehensively address CVE-2020-1108, Microsoft has
released updates for .NET Core 2.1 and .NET Core 3.1. Customers who use any of
these versions of .NET Core should install the latest version of .NET Core. See
the Release Notes (https://github.com/dotnet/announcements/issues/156) for the
latest version numbers and instructions for updating .NET Core.
- Originally posted: May 12, 2020
- Updated: June 9, 2020
- Aggregate CVE Severity Rating: Important

* CVE-2020-1221

- CVE-2020-1221 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting
Vulnerability
- https://portal.msrc.microsoft.com/en-us/security-gui...
- Version: 1.0
- Reason for Revision: Information published. This CVE was addressed by updates that
were released in April 2020, but the CVE was inadvertently omitted from the April
2020 Security Updates. This is an informational change only. Customers who have
already installed the April 2020 update do not need to take any further action.
- Originally posted: June 9, 2020
- Updated: N/A
- Aggregate CVE Severity Rating: Important

* CVE-2020-1328

- CVE-2020-1328 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting
Vulnerability
- https://portal.msrc.microsoft.com/en-us/security-gui...
- Version: 1.0
- Reason for Revision: Information published. This CVE was addressed by updates that
were released in May 2020, but the CVE was inadvertently omitted from the May 2020
Security Updates. This is an informational change only. Customers who have already
installed the May 2020 updates do not need to take any further action.
- Originally posted: June 9, 2020
- Updated: N/A
- Aggregate CVE Severity Rating: Important