Microsoft Releases July Updates

Last Updated: 07/16/2020

Security Notice Level

SEVERE

Microsoft has released the July updates to their software. Some of these updates address vulnerabilities that may allow a remote attacker to take control of a system. This includes a “wormable” remote code execution (RCE) vulnerability that affects all Windows Server versions configured as a DNS server. [1]

Affected Software

The IT Security Office advises owners of the software listed below to update as soon as possible.

  • Microsoft Windows
  • Microsoft Edge (EdgeHTML-based)
  • Microsoft Edge (Chromium-based) in IE Mode
  • Microsoft ChakraCore
  • Internet Explorer
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Windows Defender
  • Skype for Business
  • Visual Studio
  • Microsoft OneDrive
  • Open Source Software
  • .NET Framework
  • Azure DevOps

Security Bulletin Name

Release Notes: July 2020 Security Updates

CVE-2020-1350 | Windows DNS Server Remote Code Execution Vulnerability

Additional Information

Additional information about these vulnerabilities can be viewed at:

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Jul

[1] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350

If you have any questions, please contact the IT Service Center at 303-735-4357 or oithelp@colorado.edu. IT Service Center Hours.

Definitions for this notice:
Urgent: severity represents a broad threat to the entire campus community including remotely exploitable administrator or root type attacks.
Severe: severity includes worms & web or email based exploits. 
Important: severity includes viruses and local exploits for commonly used services