Microsoft patches 123 vulnerabilities in July 2020 Patch Tuesday update

Eighteen of them are listed as 'Critical'

Microsoft has released its July 2020 Patch Tuesday update, addressing a total of 123 security vulnerabilities across 13 products.

This is the second-largest security update ever released by Microsoft. The largest one was released last month with 129 fixes.

Of the 123 security bugs fixed this month, 18 are listed as 'Critical', while 105 flaws are 'Important' in severity.

The July 2020 security release covers a wide range of products, including Windows 10, Office and Office Services and Web Apps, Internet Explorer, Chromium-based Edge browser, Skype for Business, Windows Defender, Visual Studio, OneDrive, .NET Framework, Azure DevOp and Open Source Software.

None of the vulnerabilities fixed this month has been noticed being exploited in the real world.

The most newsworthy fix this month is for a critical rated bug in Windows DNS Server, which could allow hackers to perform remote code execution. Indexed as CVE-2020-1350, this vulnerability can be easily weaponised to create wormable malware, according to researchers. The bug earned the highest-severity CVSS score of 10 from Microsoft security team.

CVE-2020-1463 is an elevation-of-privilege bug, impacting Windows 10 and Windows Server SharedStream Library component. This publically-known bug stems from the way the objects are handled in the memory. While the vulnerability has received a less-severe "important" rating, the researchers are worried that it could soon be exploited by the attackers.

According to Microsoft, three 'Critical' vulnerabilities impact Microsoft Edge and VBScript engine, potentially allowing a hacker to perform remote code execution by tricking a target user into visiting a maliciously crafted website.

Moreover, six critical vulnerabilities impact the RemoteFX vGPU component of Microsoft's Hyper-V hypervisor technology and could allow an attacker on a guest operating to execute commands on the host.

Other notable bugs patched this month also include RCE vulnerabilities in Microsoft Word (CVE-2020-1446, CVE-2020-1447, CVE-2020-1448); Microsoft Outlook (CVE-2020-1349); Microsoft Excel (CVE-2020-1240); Windows LNK shortcut files (CVE-2020-1421); Microsoft Sharepoint (CVE-2020-1444); and Jet Database Engine (CVE-2020-1407, CVE-2020-1400, CVE-2020-1401).

CVE-2020-1408, CVE-2020-1435, CVE-2020-1409, CVE-2020-1412, CVE-2020-1436, and CVE-2020-1355 were found impacting various Windows graphics components.

System admins have been advised to patch the bugs as soon as possible to protect their systems from known security risks.