Adjusting to remote working and an increase in daily cyber security attacks, has only amplified the necessity of regular security patching. Consequently, our most recent blog takes a look at this month’s Microsoft, Patch Tuesday updates. Here’s our friendly reminder to install them as soon as possible (if you do them manually!) and ensure you mitigate the chance of any security risks.
Firstly, what is Patch Tuesday?
Originally introduced in 2003, Patch Tuesday occurs on the second Tuesday of every month, and it’s on this day that Microsoft release the security and software updates for their Windows operating systems.
So, why every second Tuesday and not as and when they detect them?
Rather than releasing updates as and when they detect vulnerabilities, Microsoft gathers them into one large regular update, so businesses and IT administrators can prepare in advance. Essentially this regularity results in less downtime, and the ability to plan for testing and installing – Just Microsoft living up to their efficient reputation as ever!
Patch Tuesday June 2020
In this month’s Patch Tuesday, Microsoft fixed a total of 129 security vulnerabilities, making June the largest Patch Tuesday in the company’s history – a record number of fixes in one go for the software giant! Out of the 129 CVEs (Common Vulnerabilities and Exposures), 11 were rated as critical.
Despite the high volume of vulnerabilities, Microsoft released the patches before any of these bugs had been exploited in the wild, and there were no zero-day vulnerabilities or known unpatched exposures for this month – crazy!
June is the fourth month in a row that Microsoft has had to fix more than 100 CVEs, bringing the total number of patches released in 2020 to 616… Almost the total number of patches for the entire of 2017… This can undoubtedly be attributed to the huge spike in cybercriminals taking advantage of the global pandemic and the newfound challenges in securing devices that are now being used for remote work. Luckily, the fast and effective way in which Microsoft consistently closes these vulnerabilities puts our minds at ease somewhat.
Highlights of this month’s release
Out of the 129 vulnerabilities addressed, the breakdown based on severity is as follows:
- 11: Critical
- 109: Important
- 7: Moderate
- 2: Low
You can see the full list of common vulnerabilities and exposures here, but for a quick overview, security updates were released for the following products:
- Microsoft Windows
- Microsoft Edge (EdgeHTML-based)
- Microsoft Edge (Chromium-based) in IE Mode
- Microsoft ChakraCore
- Internet Explorer
- Microsoft Office and Microsoft Office Services and Web Apps
- Windows Defender
- Microsoft Dynamics
- Visual Studio
- Adobe Flash Player
- Microsoft Apps for Android
- Windows App Store
- System Center
For those who are IT savvy, of the 11 vulnerabilities considered critical, Microsoft disclosed that 3 existed in Microsoft Edge (CVE-2020-1219) and VBScript (CVE-2020-1216 and CVE-2020-1213). Without Microsoft’s quick patching, these vulnerabilities could have potentially allowed an attacker to implement remote code execution by tricking the victim into visiting a malicious website!
If you’re curious, other noteworthy exposures included CVE-2020-1248, CVE-2020-1281, CVE-2020-1299. These would require a user accidentally downloading malicious files through potential phishing campaigns. The remaining critical vulnerabilities included:
- CVE-2020-1181 (Microsoft Office SharePoint)
- CVE-2020-1073 (Microsoft Scripting Engine)
- CVE-2020-1300 (Windows Print Spooler Component)
- CVE-2020-1286 (Windows Shell)
- ADV200010 (Adobe Flash Player Security Advisory)
At Stripe, we love the fact these updates are delivered in bulk, it means we can fix all 129 security vulnerabilities for our clients at once!
The Importance of Patching
Patches essentially cover up security holes in order to keep hackers out, which is why it’s so essential to keep them up to date! Following Microsoft’s Patch Tuesday releases, regular patching of your software is a crucial part of keeping data safe – Hacker’s thrive on security vulnerabilities and will take advantage of any weaknesses that they can find!
At Stripe, we would always recommend backing up your system and any important files before installing these patches, just to be on the safe side.
Microsoft’s next Patch Tuesday falls on July 14th, so keep your eye out for more releases and updates. In the meantime, if you are concerned about your security posture and want to know if your systems are up to date, get in touch with one of our experts today. Alternatively, take a look at our Vulnerability Assessment offering – This assessment is the first step towards understanding where you currently stand, and how to improve your existing cyber-security posture.