{"id":9518,"date":"2020-06-11T14:28:26","date_gmt":"2020-06-11T21:28:26","guid":{"rendered":"https:\/\/www.coretechnologies.com\/blog\/?p=9518"},"modified":"2022-04-19T21:57:21","modified_gmt":"2022-04-20T04:57:21","slug":"memory-fix-june-2020-patch","status":"publish","type":"post","link":"https:\/\/www.coretechnologies.com\/blog\/windows-services\/memory-fix-june-2020-patch\/","title":{"rendered":"Windows Services Memory Fix (Microsoft June 2020 Patch Tuesday)"},"content":{"rendered":"<div align=\"center\"><img loading=\"lazy\" decoding=\"async\" class=\"no-lazy-load image-padding\" src=\"\/blog\/images\/software-bug.webp\" class=\"image-padding\" title=\"Windows Services Memory Fix\" alt=\"Windows Services Memory Fix\" border=\"0\" width=\"315\" height=\"213\" \/><\/div>\n<p>On the second Tuesday of each month, Microsoft releases the latest security updates for Windows, Windows Server, and other products. This monthly event is dubbed <a href=\"https:\/\/en.wikipedia.org\/wiki\/Patch_Tuesday\" target=\"_blank\" rel=\"noopener noreferrer\">Patch Tuesday<\/a>.<\/p>\n<p>The <a href=\"https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\/releasenotedetail\/2020-Jun\" target=\"_blank\" rel=\"noopener noreferrer\">June 2020 Patch Tuesday update<\/a> fixes a whopping 129 important defects. It&#8217;s the largest Patch Tuesday update ever!<\/p>\n<p>As usual, we&#8217;ve scoured the list of vulnerabilities to identify fixes focused on Windows Services. Fortunately there is just one item &mdash; <a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2020-1268\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2020-1268<\/a>.<\/p>\n<h2 class=\"blog-caption\">CVE-2020-1268: Windows Service Information Disclosure Vulnerability<\/h2>\n<p>According to Microsoft, an attacker could leverage CVE-2020-1268 to read private areas of a service&#8217;s memory. These kind of &#8220;memory exploits&#8221; are quite serious.<\/p>\n<p>The patch fixes the problem by correcting how a Windows Service handles objects in memory.<\/p>\n<h2 class=\"blog-caption\">How can an attacker exploit this defect?<\/h2>\n<p>To exploit the defect, an attacker would have to:<\/p>\n<ul>\n<li>\n<p>Log in to your Windows computer<\/p>\n<\/li>\n<li>\n<p>Run a &#8220;specially crafted application&#8221;<\/p>\n<\/li>\n<li>\n<p>Locate something of value in the service&#8217;s memory<\/p>\n<\/li>\n<\/ul>\n<p>That is, the defect is only exploitable by an authorized person with sophisticated programming experience.<\/p>\n<p>Nevertheless, it presents a significant security hole.<\/p>\n<p>For example, suppose your service caches a user&#8217;s credit card information securely in RAM. A rogue employee could craft a program that invades your service&#8217;s memory space and extracts the card details. The same stealing could happen with passwords, personally identifiable information and other sensitive data that your application records in memory.<\/p>\n<h2 class=\"blog-caption\">Which versions of Windows does CVE-2020-1268 affect?<\/h2>\n<p>Microsoft has identified and developed patches for the operating systems impacted &mdash; <b>Windows 10 (Versions 1903, 1909, 2004)<\/b> and <b>Windows Server 2019 (Versions 1903, 1909, 2004)<\/b>.<\/p>\n<p>Apparently the flaw does not exist in Windows 8 or Windows Server 2016, Microsoft&#8217;s other supported operating systems.<\/p>\n<h2 class=\"blog-caption\">What else do you know about CVE-2020-1268?<\/h2>\n<ul>\n<li>\n<p>The vulnerability was not publicly disclosed prior to June 2020.<\/p>\n<\/li>\n<li>\n<p>There are no reports of exploits in the wild.<\/p>\n<\/li>\n<li>\n<p>CVE-2020-1268 does not allow an attacker to execute code or to elevate user rights directly.<\/p>\n<\/li>\n<li>\n<p>Because it requires access and sophistication to exploit, Microsoft classifies it as <a href=\"https:\/\/www.microsoft.com\/en-us\/msrc\/exploitability-index\" target=\"_blank\" rel=\"noopener noreferrer\">&#8220;Exploitation less likely&#8221;<\/a>.<\/p>\n<\/li>\n<\/ul>\n<h2 class=\"blog-caption\">Should I apply the patch?<\/h2>\n<p>Yes. We agree with Microsoft&#8217;s recommendation to apply the patch.<\/p>\n<p>Because, as the folks at ZDNet <a href=\"https:\/\/www.zdnet.com\/article\/microsoft-june-2020-patch-tuesday-fixes-129-vulnerabilities\/\" target=\"_blank\" rel=\"noopener noreferrer\">wisely point out<\/a>:<\/p>\n<div class=\"blog-qa-question-box\"><img decoding=\"async\" src=\"\/images\/quotes-transparent-21x21.png\" \/>  Malware authors are known to keep on eye out on Microsoft&#8217;s monthly security updates, select the most useful bugs, and patch-diff the security updates to find the exact bug that Microsoft fixed &mdash; so they can weaponize it as soon as possible.<\/p>\n<\/div>\n<h2 class=\"blog-caption\">Questions? Problems?<\/h2>\n<p>If you would like to know more about CVE-2020-1268 or the enormous June 2020 Patch Tuesday update, please feel free to <a href=\"\/support\/\">get in touch<\/a>. We will do our best to help you.<\/p>\n<p>Be safe out there!<\/p>\n<!-- relpost-thumb-wrapper --><div class=\"relpost-thumb-wrapper\"><!-- filter-class --><div class=\"relpost-thumb-container\"><style>.relpost-block-single-image, .relpost-post-image { margin-bottom: 10px; }<\/style><h3>You may also like...<\/h3><div style=\"clear: both\"><\/div><div style=\"clear: both\"><\/div><!-- relpost-block-container --><div class=\"relpost-block-container relpost-block-column-layout\" style=\"--relposth-columns: 3;--relposth-columns_t: 2; --relposth-columns_m: 2\"><a href=\"https:\/\/www.coretechnologies.com\/blog\/alwaysup\/turbocharge-windows-services\/\"class=\"relpost-block-single\" ><div class=\"relpost-custom-block-single\"><img decoding=\"async\" loading=\"lazy\" class=\"relpost-block-single-image\" alt=\"Turbocharge your Applications Running as Windows Services with AlwaysUp\"  src=\"https:\/\/www.coretechnologies.com\/blog\/wp-content\/uploads\/turbocharge-windows-service-thumbnail.png\" style=\"aspect-ratio:1\/1\" style=\"aspect-ratio:1\/1\"><\/img><div class=\"relpost-block-single-text\"  style=\"height: 75px;font-family: Arial;  font-size: 12px;  color: #333333;\"><h2 class=\"relpost_card_title\">Turbocharge your Applications Running as Windows Services with AlwaysUp<\/h2><\/div><\/div><\/a><a href=\"https:\/\/www.coretechnologies.com\/blog\/windows-services\/sc-service-fails-to-start\/\"class=\"relpost-block-single\" ><div class=\"relpost-custom-block-single\"><img decoding=\"async\" loading=\"lazy\" class=\"relpost-block-single-image\" alt=\"Q&amp;A: I created a Windows Service with SC. Why won&#039;t it Start?\"  src=\"https:\/\/www.coretechnologies.com\/blog\/wp-content\/uploads\/sc-service-fails-to-start-150x150-1.png\" style=\"aspect-ratio:1\/1\" style=\"aspect-ratio:1\/1\"><\/img><div class=\"relpost-block-single-text\"  style=\"height: 75px;font-family: Arial;  font-size: 12px;  color: #333333;\"><h2 class=\"relpost_card_title\">Q&amp;A: I created a Windows Service with SC. Why won&#039;t it Start?<\/h2><\/div><\/div><\/a><a href=\"https:\/\/www.coretechnologies.com\/blog\/windows-services\/windows-service-vs-regular-application\/\"class=\"relpost-block-single\" ><div class=\"relpost-custom-block-single\"><img decoding=\"async\" loading=\"lazy\" class=\"relpost-block-single-image\" alt=\"Top 10 differences between a Windows Service and a regular application\"  src=\"https:\/\/www.coretechnologies.com\/blog\/wp-content\/uploads\/top-10-150x150.png\" style=\"aspect-ratio:1\/1\" style=\"aspect-ratio:1\/1\"><\/img><div class=\"relpost-block-single-text\"  style=\"height: 75px;font-family: Arial;  font-size: 12px;  color: #333333;\"><h2 class=\"relpost_card_title\">Top 10 differences between a Windows Service and a regular application<\/h2><\/div><\/div><\/a><\/div><!-- close relpost-block-container --><div style=\"clear: both\"><\/div><\/div><!-- close filter class --><\/div><!-- close relpost-thumb-wrapper -->","protected":false},"excerpt":{"rendered":"<p>On the second Tuesday of each month, Microsoft releases the latest security updates for Windows, Windows Server, and other products. This monthly event is dubbed Patch Tuesday. The June 2020 Patch Tuesday update fixes a whopping 129 important defects. It&#8217;s &hellip; <a href=\"https:\/\/www.coretechnologies.com\/blog\/windows-services\/memory-fix-june-2020-patch\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":9547,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[18],"tags":[219,143,220,184,194,196],"class_list":["post-9518","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-windows-services","tag-patch-tuesday","tag-security","tag-security-vulnerability","tag-windows-10","tag-windows-server-2019","tag-windows-services-2"],"_links":{"self":[{"href":"https:\/\/www.coretechnologies.com\/blog\/wp-json\/wp\/v2\/posts\/9518","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.coretechnologies.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.coretechnologies.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.coretechnologies.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.coretechnologies.com\/blog\/wp-json\/wp\/v2\/comments?post=9518"}],"version-history":[{"count":40,"href":"https:\/\/www.coretechnologies.com\/blog\/wp-json\/wp\/v2\/posts\/9518\/revisions"}],"predecessor-version":[{"id":11235,"href":"https:\/\/www.coretechnologies.com\/blog\/wp-json\/wp\/v2\/posts\/9518\/revisions\/11235"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.coretechnologies.com\/blog\/wp-json\/wp\/v2\/media\/9547"}],"wp:attachment":[{"href":"https:\/\/www.coretechnologies.com\/blog\/wp-json\/wp\/v2\/media?parent=9518"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.coretechnologies.com\/blog\/wp-json\/wp\/v2\/categories?post=9518"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.coretechnologies.com\/blog\/wp-json\/wp\/v2\/tags?post=9518"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}