Published: June 15, 2020 Last Update: June 15, 2020 Author: SecureAuth Product Security Incident Response Team (psirt@secureauth.com) On June 9, 2020, Microsoft released their monthly patches for Windows Operating Systems and applications. The SecureAuth Product Security Team has reviewed the announced critical patches and determined that none of the announced vulnerabilities should be a high risk to the SecureAuth® Identity Platform (formerly SecureAuth IdP) as long as customers follow good security practices which include, but are not limited to: It is the recommendation of SecureAuth that the patches do not need to be applied immediately and customers can wait until further testing and analysis of the potential impacts to the server are better known throughout the security and Microsoft Communities. Identity Platform Version OS Version 9.x 19.07.x The June 2020 Microsoft Windows Patches identified 5 critical vulnerabilities and subsequent patches for all versions of Windows Server 2012 R2 and newer. The 5 patches involved the following Windows components: None of the above components are directly related to the functionality of the Identity Platform and typically are only exploitable when a user is tricked into opening a malicious document or visiting a malicious web site. Due to the nature of the Identity Platform server, it should never be used to open documents, visit websites other than to download authorized support or patch files, or be used for general web surfing. CVE Number(s) Component Impacted Impact to Identity Platform CVE-2020-1281 Windows OLE None if good security practices are followed CVE-2020-1299 LNK Files None if good security practices are followed CVE-2020-1300 Windows CAB Files None if good security practices are followed CVE-2020-1248 Windows GDI None if good security practices are followed CVE-2020-1286 Windows Shell None if good security practices are followedIssue
Recommendation
Applies To
Summary
Patch Information
References