The June edition of Microsoft Patch Tuesday covers 129 security vulnerabilities, 11 of which received the ‘critical’ rating.
The good news is that none of them are known to have been exploited to date.
First off, we have CVE-2020-1301, which is related to file-sharing technology.
This one is of particular importance to those running Windows 7 or Windows 2008 systems (note that both of these operating systems are no longer supported as of January 2020).
As potentially dangerous as it may be, there is one mitigating factor: an attacker would have to be already authenticated on the network for the attack to go through.
This month, Excel got several fixes, with CVE-2020-1225 and CVE-2020-1226 being of particular importance.
By tricking the victim into opening a booby-trapped file, the attacker could gain control over a computer running the Office suite.
Furthermore, exploiting CVE-2020-1229 grants the attacker the ability to bypass built-in security features in Office.
The most concerning aspect of this is the fact that all it takes to execute the attack is the victim previewing an infected file.
Office suite for Mac is also susceptible to the attack, but unfortunately, no fixes are available yet for this platform.
At the same time as the rest of the updates are being released, Adobe is releasing a critical patch for its Flash Player.
Both Chrome and Firefox have opted to disable it by default though.
Adobe is planning to retire it by the end of the year.
Adobe has also released patches for those using its Experience Manager and FrameMaker products.
In any case, it is recommended that you back up your data before proceeding with these updates as this will allow you to avoid potential problems with corrupted or erased files.