D

on't miss a single vulnerability this Patch Tuesday. The latest patches and updates from Microsoft and multiple third-party applications can be found in July's Patch Tuesday Index below. Ensure you're minimizing your attack surface by joining our Automating Patch Tuesday Webinar this Wednesday. Patch Tuesday expert Jay Goodman will give recommended remediation strategies for current vulnerabilities and exploits.

Microsoft has released 123 new security vulnerabilities, 18 of which are deemed Critical. One vulnerability is particularly concerning. CVE-2020-1350 is a Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server and is classified as a ‘wormable’ vulnerability with a CVSS base score of 10.0. This issue results from a flaw in Microsoft’s DNS server role implementation and affects all Windows Server versions. View our blog on this vulnerability here and the Worklet for an alternative workaround here.

Previous to Patch Tuesday, Microsoft released 2 out-of-band patches addressing two remote code execution (RCE) vulnerabilities. Adobe released multiple security vulnerabilities for a variety of products while Mozilla released a large number of patches for Firefox, Firefox ESR, and Thunderbird. More updates to come throughout the day.

Updated Live. Last Update 1:21 PM EST July 14 2020.

firefoxAdobe
Product
Title
Identifier
Severity
Creative Cloud 4 Security Vulnerabilities fixed in Creative Cloud Desktop Application APSB20-33 High
Media Encoder 3 Security Vulnerabilities fixed in Adobe Media Encoder APSB20-36 Medium
Genuine Service 3 Security Vulnerabilities fixed in Adobe Genuine Service APSB20-42 Medium
ColdFusion 2 Security Vulnerabilities fixed in Adobe ColdFusion APSB20-43 Medium
Adobe Download Manager 1 Security Vulnerability fixed in Adobe Download Manager APSB20-49 Medium
firefoxMozilla Firefox
Product
Title
Identifier
Severity
Firefox 1 Security Vulnerability fixed in Firefox 78.0.2 MFSA 2020-28 Medium
Firefox for Android 1 Security Vulnerability fixed in Firefox for Android 68.10.1 MFSA 2020-27 Critical
Thunderbird 6 Security Vulnerabilities fixed in Thunderbird 68.10.0 MFSA 2020-26 High
Firefox ESR 5 Security Vulnerabilities fixed in Firefox ESR 68.10 MFSA 2020-25 High
Firefox 13 Security Vulnerabilities fixed in Firefox 78 MFSA 2020-24 High
microsoftMicrosoft
Product
Title
Identifier
Severity
Microsoft Windows Windows DNS Server Remote Code Execution Vulnerability CVE-2020-1350 Critical
.NET Framework .NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability CVE-2020-1147 Critical
Microsoft Graphics Component Windows Font Library Remote Code Execution Vulnerability CVE-2020-1436 Critical
Microsoft Graphics Component GDI+ Remote Code Execution Vulnerability CVE-2020-1435 Critical
Microsoft Graphics Component DirectWrite Remote Code Execution Vulnerability CVE-2020-1409 Critical
Microsoft Office PerformancePoint Services Remote Code Execution Vulnerability CVE-2020-1439 Critical
Microsoft Office Microsoft Outlook Remote Code Execution Vulnerability CVE-2020-1349 Critical
Microsoft Scripting Engine VBScript Remote Code Execution Vulnerability CVE-2020-1403 Critical
Microsoft Windows Window Address Book Remote Code Execution Vulnerability CVE-2020-1410 Critical
Microsoft Windows LNK Remote Code Execution Vulnerability CVE-2020-1421 Critical
Microsoft Windows Remote Desktop Client Remote Code Execution Vulnerability CVE-2020-1374 Critical
Skype for Business Microsoft Office Elevation of Privilege Vulnerability CVE-2020-1025 Critical
Windows Hyper-V Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability CVE-2020-1040 Critical
Windows Hyper-V Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability CVE-2020-1032 Critical
Windows Hyper-V Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability CVE-2020-1043 Critical
Windows Hyper-V Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability CVE-2020-1042 Critical
Windows Hyper-V Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability CVE-2020-1036 Critical
Windows Hyper-V Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability CVE-2020-1041 Critical
Azure DevOps Team Foundation Server Cross-site Scripting Vulnerability CVE-2020-1326 High
Internet Explorer Skype for Business via Internet Explorer Information Disclosure Vulnerability CVE-2020-1432 High
Microsoft Edge Skype for Business via Microsoft Edge (EdgeHTML-based) Information Disclosure Vulnerability CVE-2020-1462 High
Microsoft Edge Microsoft Edge PDF Information Disclosure Vulnerability CVE-2020-1433 High
Microsoft Graphics Component Windows Imaging Component Information Disclosure Vulnerability CVE-2020-1397 High
Microsoft Graphics Component Windows GDI Information Disclosure Vulnerability CVE-2020-1468 High
Microsoft Graphics Component Microsoft Graphics Remote Code Execution Vulnerability CVE-2020-1408 High
Microsoft Graphics Component Microsoft Graphics Components Remote Code Execution Vulnerability CVE-2020-1412 High
Microsoft Graphics Component Windows Font Driver Host Remote Code Execution Vulnerability CVE-2020-1355 High
Microsoft JET Database Engine Jet Database Engine Remote Code Execution Vulnerability CVE-2020-1407 High
Microsoft JET Database Engine Jet Database Engine Remote Code Execution Vulnerability CVE-2020-1400 High
Microsoft Malware Protection Engine Microsoft Defender Elevation of Privilege Vulnerability CVE-2020-1461 High
Microsoft Office Microsoft Word Remote Code Execution Vulnerability CVE-2020-1448 High
Microsoft Office Microsoft Office Information Disclosure Vulnerability CVE-2020-1445 High
Microsoft Office Microsoft Word Remote Code Execution Vulnerability CVE-2020-1446 High
Microsoft Office Microsoft Word Remote Code Execution Vulnerability CVE-2020-1447 High
Microsoft Office Office Web Apps XSS Vulnerability CVE-2020-1442 High
Microsoft Office Microsoft Project Remote Code Execution Vulnerability CVE-2020-1449 High
Microsoft Office Microsoft Excel Remote Code Execution Vulnerability CVE-2020-1240 High
Microsoft Office Microsoft Office Remote Code Execution Vulnerability CVE-2020-1458 High
Microsoft Office SharePoint Microsoft Office SharePoint XSS Vulnerability CVE-2020-1450 High
Microsoft Office SharePoint Microsoft Office Information Disclosure Vulnerability CVE-2020-1342 High
Microsoft Office SharePoint Microsoft Office SharePoint XSS Vulnerability CVE-2020-1456 High
Microsoft Office SharePoint Microsoft SharePoint Spoofing Vulnerability CVE-2020-1443 High
Microsoft Office SharePoint Microsoft SharePoint Remote Code Execution Vulnerability CVE-2020-1444 High
Microsoft Office SharePoint Microsoft SharePoint Reflective XSS Vulnerability CVE-2020-1454 High
Microsoft Office SharePoint Microsoft Office SharePoint XSS Vulnerability CVE-2020-1451 High
Microsoft OneDrive Microsoft OneDrive Elevation of Privilege Vulnerability CVE-2020-1465 High
Microsoft Windows Windows ActiveX Installer Service Elevation of Privilege Vulnerability CVE-2020-1402 High
Microsoft Windows Local Security Authority Subsystem Service Denial of Service Vulnerability CVE-2020-1267 High
Microsoft Windows Windows Runtime Elevation of Privilege Vulnerability CVE-2020-1404 High
Microsoft Windows Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability CVE-2020-1405 High
Microsoft Windows Windows Network List Service Elevation of Privilege Vulnerability CVE-2020-1406 High
Microsoft Windows Group Policy Services Policy Processing Elevation of Privilege Vulnerability CVE-2020-1333 High
Microsoft Windows Windows Function Discovery Service Elevation of Privilege Vulnerability CVE-2020-1085 High
Microsoft Windows Windows Network Connections Service Elevation of Privilege Vulnerability CVE-2020-1428 High
Microsoft Windows Windows Runtime Elevation of Privilege Vulnerability CVE-2020-1413 High
Microsoft Windows Windows Kernel Information Disclosure Vulnerability CVE-2020-1426 High
Microsoft Windows Windows Network Connections Service Elevation of Privilege Vulnerability CVE-2020-1427 High
Microsoft Windows Windows Error Reporting Manager Elevation of Privilege Vulnerability CVE-2020-1429 High
Microsoft Windows Windows UPnP Device Host Elevation of Privilege Vulnerability CVE-2020-1430 High
Microsoft Windows Windows AppX Deployment Extensions Elevation of Privilege Vulnerability CVE-2020-1431 High
Microsoft Windows Windows Sync Host Service Elevation of Privilege Vulnerability CVE-2020-1434 High
Microsoft Windows Windows SharedStream Library Elevation of Privilege Vulnerability CVE-2020-1463 High
Microsoft Windows Windows Network Location Awareness Service Elevation of Privilege Vulnerability CVE-2020-1437 High
Microsoft Windows Windows Network Connections Service Elevation of Privilege Vulnerability CVE-2020-1438 High
Microsoft Windows Windows Runtime Elevation of Privilege Vulnerability CVE-2020-1399 High
Microsoft Windows Windows Runtime Elevation of Privilege Vulnerability CVE-2020-1249 High
Microsoft Windows Jet Database Engine Remote Code Execution Vulnerability CVE-2020-1401 High
Microsoft Windows Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability CVE-2020-1330 High
Microsoft Windows Windows Event Logging Service Elevation of Privilege Vulnerability CVE-2020-1371 High
Microsoft Windows Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability CVE-2020-1372 High
Microsoft Windows Windows Runtime Elevation of Privilege Vulnerability CVE-2020-1370 High
Microsoft Windows Windows WalletService Elevation of Privilege Vulnerability CVE-2020-1369 High
Microsoft Windows Windows Error Reporting Information Disclosure Vulnerability CVE-2020-1420 High
Microsoft Windows Windows Kernel Information Disclosure Vulnerability CVE-2020-1367 High
Microsoft Windows Windows Print Workflow Service Elevation of Privilege Vulnerability CVE-2020-1366 High
Microsoft Windows Windows Event Logging Service Elevation of Privilege Vulnerability CVE-2020-1365 High
Microsoft Windows Windows Picker Platform Elevation of Privilege Vulnerability CVE-2020-1363 High
Microsoft Windows Windows Lockscreen Elevation of Privilege Vulnerability CVE-2020-1398 High
Microsoft Windows Windows CNG Key Isolation Service Elevation of Privilege Vulnerability CVE-2020-1359 High
Microsoft Windows Windows iSCSI Target Service Elevation of Privilege Vulnerability CVE-2020-1356 High
Microsoft Windows Windows UPnP Device Host Elevation of Privilege Vulnerability CVE-2020-1354 High
Microsoft Windows Windows Runtime Elevation of Privilege Vulnerability CVE-2020-1353 High
Microsoft Windows Microsoft Graphics Component Information Disclosure Vulnerability CVE-2020-1351 High
Microsoft Windows Windows Storage Services Elevation of Privilege Vulnerability CVE-2020-1347 High
Microsoft Windows Windows Runtime Elevation of Privilege Vulnerability CVE-2020-1422 High
Microsoft Windows Windows Network Connections Service Elevation of Privilege Vulnerability CVE-2020-1373 High
Microsoft Windows Windows Subsystem for Linux Elevation of Privilege Vulnerability CVE-2020-1423 High
Microsoft Windows Windows Graphics Component Elevation of Privilege Vulnerability CVE-2020-1381 High
Microsoft Windows Windows Kernel Information Disclosure Vulnerability CVE-2020-1389 High
Microsoft Windows Windows COM Server Elevation of Privilege Vulnerability CVE-2020-1375 High
Microsoft Windows Windows Diagnostics Hub Elevation of Privilege Vulnerability CVE-2020-1393 High
Microsoft Windows Windows Elevation of Privilege Vulnerability CVE-2020-1394 High
Microsoft Windows Windows Push Notification Service Elevation of Privilege Vulnerability CVE-2020-1387 High
Microsoft Windows Connected User Experiences and Telemetry Service Information Disclosure Vulnerability CVE-2020-1386 High
Microsoft Windows Windows Agent Activation Runtime Information Disclosure Vulnerability CVE-2020-1391 High
Microsoft Windows Windows Credential Picker Elevation of Privilege Vulnerability CVE-2020-1385 High
Microsoft Windows Windows CNG Key Isolation Service Elevation of Privilege Vulnerability CVE-2020-1384 High
Microsoft Windows Windows Graphics Component Elevation of Privilege Vulnerability CVE-2020-1382 High
Microsoft Windows Windows Diagnostics Hub Elevation of Privilege Vulnerability CVE-2020-1418 High
Microsoft Windows Windows Kernel Information Disclosure Vulnerability CVE-2020-1419 High
Microsoft Windows Windows Elevation of Privilege Vulnerability CVE-2020-1395 High
Microsoft Windows Windows Network Connections Service Elevation of Privilege Vulnerability CVE-2020-1390 High
Open Source Software Bond Denial of Service Vulnerability CVE-2020-1469 High
Visual Studio Visual Studio Code Elevation of Privilege Vulnerability CVE-2020-1416 High
Visual Studio Visual Studio Code Remote Code Execution Vulnerability CVE-2020-1481 High
Windows Kernel Windows Kernel Elevation of Privilege Vulnerability CVE-2020-1336 High
Windows Kernel Windows ALPC Elevation of Privilege Vulnerability CVE-2020-1396 High
Windows Kernel Windows System Events Broker Elevation of Privilege Vulnerability CVE-2020-1357 High
Windows Kernel Windows Resource Policy Information Disclosure Vulnerability CVE-2020-1358 High
Windows Kernel Windows Kernel Elevation of Privilege Vulnerability CVE-2020-1411 High
Windows Kernel Windows Elevation of Privilege Vulnerability CVE-2020-1388 High
Windows Shell Windows Profile Service Elevation of Privilege Vulnerability CVE-2020-1360 High
Windows Shell Windows Credential Enrollment Manager Service Elevation of Privilege Vulnerability CVE-2020-1368 High
Windows Shell Windows Runtime Elevation of Privilege Vulnerability CVE-2020-1415 High
Windows Shell Windows Runtime Elevation of Privilege Vulnerability CVE-2020-1414 High
Windows Update Stack Windows Modules Installer Elevation of Privilege Vulnerability CVE-2020-1346 High
Windows Update Stack Windows USO Core Worker Elevation of Privilege Vulnerability CVE-2020-1352 High
Windows Update Stack Windows Elevation of Privilege Vulnerability CVE-2020-1392 High
Windows Update Stack Windows Update Stack Elevation of Privilege Vulnerability CVE-2020-1424 High
Windows Wallet Service Windows WalletService Elevation of Privilege Vulnerability CVE-2020-1344 High
Windows Wallet Service Windows Wallet Service Information Disclosure Vulnerability CVE-2020-1361 High
Windows Wallet Service Windows Wallet Service Denial of Service Vulnerability CVE-2020-1364 High
Windows Wallet Service Windows WalletService Elevation of Privilege Vulnerability CVE-2020-1362 High

About Automox

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.

# of endpoints

15-day free trial. No credit card required.

By submitting this form you agree to our terms of service.

Already have an account?