Microsoft May 2020 Patch Tuesday fixes 111 flaws, 13 Critical

Pierluigi Paganini May 13, 2020

Microsoft May 2020 Patch Tuesday security updates address 111 vulnerabilities impacting 12 different products, including Windows, Edge, IE, and Office,

Microsoft issued May 2020 Patch Tuesday security updates that addressed 111 vulnerabilities impacting 12 products, including Microsoft Windows, Microsoft Edge, ChakraCore, Internet Explorer, Microsoft Office, and Microsoft Office Services and Web Apps, Visual Studio, Microsoft Dynamics, .NET Framework, .NET Core, and Power BI.

16 of 111vulnerabilities are rated as Critical severity, and 95 are rated as Important in severity.

“Eleven of these CVEs were reported through the ZDI program. None of the bugs being patched are listed as being publicly known or under active attack at the time of release.” reported ZDI. “That makes three months in a row that Microsoft has released patches for more than 110 CVEs.”

None of the flaws addressed by Microsoft are being exploited in attacks in the wild.

Below a list of the most severe issues fixed by Microsoft with May 2020 Patch Tuesday security updates:

–      CVE-2020-1071 – Windows Remote Access Common Dialog Elevation of Privilege Vulnerability – An attacker could exploit the bug in the Remote Access Common Dialog to run arbitrary code with elevated privileges.

 –       CVE-2020-1135 – Windows Graphics Component Elevation of Privilege Vulnerability – This issue was demonstrated at the Pwn2Own by white-hat hackers from the Fluoroacetate team. The flaw could allow a logged-on user to take over a system by running a specially crafted program.

–       CVE-2020-1067 – Windows Remote Code Execution Vulnerability – The RCE issue impact Windows OS and could be exploited by an attacker to execute arbitrary code with elevated permissions on affected systems. The issue could be exploited only by attacker with a domain user account, the issue could be used for lateral movements once inside a target network.

Other severe bugs that could be exploited by attackers are:

Below the full list of vulnerabilities addressed by Microsoft:

TagCVE IDCVE Title
.NET CoreCVE-2020-1161ASP.NET Core Denial of Service Vulnerability
.NET CoreCVE-2020-1108.NET Core & .NET Framework Denial of Service Vulnerability
.NET FrameworkCVE-2020-1066.NET Framework Elevation of Privilege Vulnerability
Active DirectoryCVE-2020-1055Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability
Common Log File System DriverCVE-2020-1154Windows Common Log File System Driver Elevation of Privilege Vulnerability
Internet ExplorerCVE-2020-1092Internet Explorer Memory Corruption Vulnerability
Internet ExplorerCVE-2020-1064MSHTML Engine Remote Code Execution Vulnerability
Internet ExplorerCVE-2020-1062Internet Explorer Memory Corruption Vulnerability
Internet ExplorerCVE-2020-1093VBScript Remote Code Execution Vulnerability
Microsoft DynamicsCVE-2020-1063Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
Microsoft EdgeCVE-2020-1059Microsoft Edge Spoofing Vulnerability
Microsoft EdgeCVE-2020-1056Microsoft Edge Elevation of Privilege Vulnerability
Microsoft EdgeCVE-2020-1096Microsoft Edge PDF Remote Code Execution Vulnerability
Microsoft Graphics ComponentCVE-2020-1145Windows GDI Information Disclosure Vulnerability
Microsoft Graphics ComponentCVE-2020-1135Windows Graphics Component Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2020-1179Windows GDI Information Disclosure Vulnerability
Microsoft Graphics ComponentCVE-2020-1153Microsoft Graphics Components Remote Code Execution Vulnerability
Microsoft Graphics ComponentCVE-2020-1140DirectX Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2020-0963Windows GDI Information Disclosure Vulnerability
Microsoft Graphics ComponentCVE-2020-1054Win32k Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2020-1142Windows GDI Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2020-1117Microsoft Color Management Remote Code Execution Vulnerability
Microsoft Graphics ComponentCVE-2020-1141Windows GDI Information Disclosure Vulnerability
Microsoft JET Database EngineCVE-2020-1176Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database EngineCVE-2020-1051Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database EngineCVE-2020-1175Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database EngineCVE-2020-1174Jet Database Engine Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-0901Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office SharePointCVE-2020-1069Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft Office SharePointCVE-2020-1100Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePointCVE-2020-1105Microsoft SharePoint Spoofing Vulnerability
Microsoft Office SharePointCVE-2020-1102Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePointCVE-2020-1024Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePointCVE-2020-1023Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePointCVE-2020-1104Microsoft SharePoint Spoofing Vulnerability
Microsoft Office SharePointCVE-2020-1101Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePointCVE-2020-1099Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePointCVE-2020-1103Microsoft SharePoint Information Disclosure Vulnerability
Microsoft Office SharePointCVE-2020-1107Microsoft SharePoint Spoofing Vulnerability
Microsoft Office SharePointCVE-2020-1106Microsoft Office SharePoint XSS Vulnerability
Microsoft Scripting EngineCVE-2020-1060VBScript Remote Code Execution Vulnerability
Microsoft Scripting EngineCVE-2020-1065Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2020-1037Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2020-1035VBScript Remote Code Execution Vulnerability
Microsoft Scripting EngineCVE-2020-1058VBScript Remote Code Execution Vulnerability
Microsoft WindowsCVE-2020-1111Windows Clipboard Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1112Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1082Windows Error Reporting Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1086Windows Runtime Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1048Windows Print Spooler Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1090Windows Runtime Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1088Windows Error Reporting Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1166Windows Clipboard Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1021Windows Error Reporting Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1164Windows Runtime Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1165Windows Clipboard Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1184Windows State Repository Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1188Windows State Repository Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1191Windows State Repository Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1185Windows State Repository Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1187Windows State Repository Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1125Windows Runtime Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1131Windows State Repository Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1121Windows Clipboard Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1123Connected User Experiences and Telemetry Service Denial of Service Vulnerability
Microsoft WindowsCVE-2020-1132Windows Error Reporting Manager Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1010Microsoft Windows Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1028Media Foundation Memory Corruption Vulnerability
Microsoft WindowsCVE-2020-1136Media Foundation Memory Corruption Vulnerability
Microsoft WindowsCVE-2020-1139Windows Runtime Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1144Windows State Repository Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1149Windows Runtime Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1076Windows Denial of Service Vulnerability
Microsoft WindowsCVE-2020-1143Win32k Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1071Windows Remote Access Common Dialog Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1155Windows Runtime Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1150Media Foundation Memory Corruption Vulnerability
Microsoft WindowsCVE-2020-1151Windows Runtime Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1138Windows Storage Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1118Microsoft Windows Transport Layer Security Denial of Service Vulnerability
Microsoft WindowsCVE-2020-1124Windows State Repository Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1084Connected User Experiences and Telemetry Service Denial of Service Vulnerability
Microsoft WindowsCVE-2020-1116Windows CSRSS Information Disclosure Vulnerability
Microsoft WindowsCVE-2020-1078Windows Installer Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1137Windows Push Notification Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1126Media Foundation Memory Corruption Vulnerability
Microsoft WindowsCVE-2020-1134Windows State Repository Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1070Windows Print Spooler Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1068Microsoft Windows Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1067Windows Remote Code Execution Vulnerability
Microsoft WindowsCVE-2020-1072Windows Kernel Information Disclosure Vulnerability
Microsoft WindowsCVE-2020-1081Windows Printer Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1079Microsoft Windows Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1077Windows Runtime Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1190Windows State Repository Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1158Windows Runtime Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1157Windows Runtime Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1186Windows State Repository Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1156Windows Runtime Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-1189Windows State Repository Service Elevation of Privilege Vulnerability
Power BICVE-2020-1173Microsoft Power BI Report Server Spoofing Vulnerability
Visual StudioCVE-2020-1192Visual Studio Code Python Extension Remote Code Execution Vulnerability
Visual StudioCVE-2020-1171Visual Studio Code Python Extension Remote Code Execution Vulnerability
Windows Hyper-VCVE-2020-0909Windows Hyper-V Denial of Service Vulnerability
Windows KernelCVE-2020-1114Windows Kernel Elevation of Privilege Vulnerability
Windows KernelCVE-2020-1087Windows Kernel Elevation of Privilege Vulnerability
Windows ScriptingCVE-2020-1061Microsoft Script Runtime Remote Code Execution Vulnerability
Windows Subsystem for LinuxCVE-2020-1075Windows Subsystem for Linux Information Disclosure Vulnerability
Windows Task SchedulerCVE-2020-1113Windows Task Scheduler Security Feature Bypass Vulnerability
Windows Update StackCVE-2020-1109Windows Update Stack Elevation of Privilege Vulnerability
Windows Update StackCVE-2020-1110Windows Update Stack Elevation of Privilege Vulnerability
[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Microsoft May 2020 Patch Tuesday, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment