Skip to main content
Patch ManagementPatch Tuesday

Microsoft’s May Patch Tuesday Addresses 111 Vulnerabilities

By May 12, 2020November 9th, 2022No Comments

Microsoft’s May Patch Tuesday Addresses 111 Vulnerabilities

As the third-largest Patch Tuesday in Microsoft's history, this month's massive update includes 111 fixes across 12 different products.

May Patch Tuesday Has Arrived

Microsoft have released 111 patches today, the third largest release of 2020. So far this year, there have been 487 patches released and we are only in May.

There are 16 Critical patches with the remaining 95 marked Important. Support for Windows 7 and Windows Server 2008 (including R2) was officially ended after January, but there are plenty of updates released this month for customers who have purchased an extension agreement.

Robert Brown, Director of Services for Syxsense said, “For the previous 4 months, we have had on average over 100 updates each month – that is almost 2GB per device per month. Now is the time to start building a patching strategy which does not depend on VPN or patching in line of sight of your servers. Users who are now working from home remain more vulnerable than they have ever been.”

Patches of Interest

  1. CVE-2020-1126: This vulnerability is a buffer overflow advisory which impacts both Windows 7, 8.1, 10 and the Server 2012. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system, although there are no known exploits at the moment but the vulnerability can be exploited by a non-authenticated user remotely via the internet.
  2. CVE-2020-1117: This vulnerability is incredibly dangerous for users who have more than Power User rights, as convincing the user to run a malicious link will expose that system and the attacker can have free access to the system. This can include the installation of ransomware or the infection of other systems on the network.
  3. CVE-2020-1118: Although this has a severity of Important not Critical, this carries a CVSS score of 8.6 (one of the highest of this release). Without a countermeasure for this vulnerability, an attacker can install ransomware, steal data or even trigger a continuous shutdown loop which could cause countless problems for any company.

Experience the Power of Syxsense

Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

I am text block. Click edit button to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Leave a Reply