Skip to main content
Patch ManagementPatch Tuesday

Microsoft’s May Patch Tuesday Addresses 111 Vulnerabilities

By May 12, 2020June 22nd, 2022No Comments

Microsoft’s May Patch Tuesday Addresses 111 Vulnerabilities

As the third-largest Patch Tuesday in Microsoft's history, this month's massive update includes 111 fixes across 12 different products.

[vc_empty_space]
[vc_single_image image=”38127″ img_size=”full”]

May Patch Tuesday Has Arrived

Microsoft have released 111 patches today, the third largest release of 2020. So far this year, there have been 487 patches released and we are only in May.

There are 16 Critical patches with the remaining 95 marked Important. Support for Windows 7 and Windows Server 2008 (including R2) was officially ended after January, but there are plenty of updates released this month for customers who have purchased an extension agreement.

Robert Brown, Director of Services for Syxsense said, “For the previous 4 months, we have had on average over 100 updates each month – that is almost 2GB per device per month. Now is the time to start building a patching strategy which does not depend on VPN or patching in line of sight of your servers. Users who are now working from home remain more vulnerable than they have ever been.”

Patches of Interest

  1. CVE-2020-1126: This vulnerability is a buffer overflow advisory which impacts both Windows 7, 8.1, 10 and the Server 2012. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system, although there are no known exploits at the moment but the vulnerability can be exploited by a non-authenticated user remotely via the internet.
  2. CVE-2020-1117: This vulnerability is incredibly dangerous for users who have more than Power User rights, as convincing the user to run a malicious link will expose that system and the attacker can have free access to the system. This can include the installation of ransomware or the infection of other systems on the network.
  3. CVE-2020-1118: Although this has a severity of Important not Critical, this carries a CVSS score of 8.6 (one of the highest of this release). Without a countermeasure for this vulnerability, an attacker can install ransomware, steal data or even trigger a continuous shutdown loop which could cause countless problems for any company.
[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Experience the Power of Syxsense

Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1589318415287{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Syxsense Recommendations

Based on the vendor severity and CVSS score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are Publicly Aware and / or Weaponized.

Leave a Reply

CVE Ref. Title Vendor Severity CVSS Score Weaponised Publicly Aware Countermeasure Syxsense Recommended
CVE-2020-1126 Media Foundation Memory Corruption Vulnerability Critical 8.8 No No No Yes
CVE-2020-1117 Microsoft Colour Management Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2020-1118 Microsoft Windows Transport Layer Security Denial of Service Vulnerability Important 8.6 No No No Yes
CVE-2020-1112 Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability Important 8.5 No No No Yes
CVE-2020-1028 Media Foundation Memory Corruption Vulnerability Critical 7.8 No No No Yes
CVE-2020-1136 Media Foundation Memory Corruption Vulnerability Critical 7.8 No No No Yes
CVE-2020-1153 Microsoft Graphics Components Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2020-1062 Internet Explorer Memory Corruption Vulnerability Critical 7.5 No No No Yes
CVE-2020-1064 MSHTML Engine Remote Code Execution Vulnerability Critical 7.5 No No No Yes
CVE-2020-1093 VBScript Remote Code Execution Vulnerability Critical 7.5 No No No Yes
CVE-2020-1056 Microsoft Edge Elevation of Privilege Vulnerability Critical 5.4 No No No Yes
CVE-2020-1037 Chakra Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-1065 Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-1023 Microsoft SharePoint Remote Code Execution Vulnerability Critical TBA No No No Yes
CVE-2020-1024 Microsoft SharePoint Remote Code Execution Vulnerability Critical TBA No No No Yes
CVE-2020-1102 Microsoft SharePoint Remote Code Execution Vulnerability Critical TBA No No No Yes
CVE-2020-1069 Microsoft SharePoint Server Remote Code Execution Vulnerability Critical TBA No No No Yes
CVE-2020-1192 Visual Studio Code Python Extension Remote Code Execution Vulnerability Critical TBA No No No Yes
CVE-2020-1140 DirectX Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1051 Jet Database Engine Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2020-1174 Jet Database Engine Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2020-1175 Jet Database Engine Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2020-1176 Jet Database Engine Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2020-1150 Media Foundation Memory Corruption Vulnerability Important 7.8 No No No
CVE-2020-1010 Microsoft Windows Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1068 Microsoft Windows Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1079 Microsoft Windows Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1111 Windows Clipboard Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1165 Windows Clipboard Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1166 Windows Clipboard Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1154 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1021 Windows Error Reporting Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1082 Windows Error Reporting Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1088 Windows Error Reporting Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1142 Windows GDI Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1135 Windows Graphics Component Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1078 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1087 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1114 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1048 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1070 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1081 Windows Printer Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1137 Windows Push Notification Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1067 Windows Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2020-1077 Windows Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1086 Windows Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1090 Windows Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1139 Windows Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1155 Windows Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1156 Windows Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1157 Windows Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1158 Windows Runtime Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1124 Windows State Repository Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1134 Windows State Repository Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1144 Windows State Repository Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1184 Windows State Repository Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1185 Windows State Repository Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1186 Windows State Repository Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1187 Windows State Repository Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1188 Windows State Repository Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1189 Windows State Repository Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1190 Windows State Repository Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1191 Windows State Repository Service Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1109 Windows Update Stack Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1110 Windows Update Stack Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2020-1092 Internet Explorer Memory Corruption Vulnerability Important 7.5 No No No
CVE-2020-1061 Microsoft Script Runtime Remote Code Execution Vulnerability Important 7.5 No No No
CVE-2020-1035 VBScript Remote Code Execution Vulnerability Important 7.5 No No No
CVE-2020-1058 VBScript Remote Code Execution Vulnerability Important 7.5 No No No
CVE-2020-1060 VBScript Remote Code Execution Vulnerability Important 7.5 No No No
CVE-2020-0909 Windows Hyper-V Denial of Service Vulnerability Important 7.5 No No No
CVE-2020-1054 Win32k Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-1143 Win32k Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-1121 Windows Clipboard Service Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-1132 Windows Error Reporting Manager Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-1125 Windows Runtime Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-1149 Windows Runtime Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-1151 Windows Runtime Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-1164 Windows Runtime Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-1138 Windows Storage Service Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-1071 Windows Remote Access Common Dialog Elevation of Privilege Vulnerability Important 6.8 No No No
CVE-2020-1084 Connected User Experiences and Telemetry Service Denial of Service Vulnerability Important 5.5 No No No
CVE-2020-1123 Connected User Experiences and Telemetry Service Denial of Service Vulnerability Important 5.5 No No No
CVE-2020-1116 Windows CSRSS Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-1076 Windows Denial of Service Vulnerability Important 5.5 No No No
CVE-2020-0963 Windows GDI Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-1141 Windows GDI Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-1145 Windows GDI Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-1072 Windows Kernel Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-1131 Windows State Repository Service Elevation of Privilege Vulnerability Important 5.5 No No No
CVE-2020-1075 Windows Subsystem for Linux Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-1113 Windows Task Scheduler Security Feature Bypass Vulnerability Important 5.3 No No No
CVE-2020-1059 Microsoft Edge Spoofing Vulnerability Important 4.3 No No No
CVE-2020-1096 Microsoft Edge PDF Remote Code Execution Vulnerability Important 4.2 No No No
CVE-2020-1108 .NET Core Denial of Service Vulnerability Important TBA No No No
CVE-2020-1066 .NET Framework Elevation of Privilege Vulnerability Important TBA No No No
CVE-2020-1161 ASP.NET Core Denial of Service Vulnerability Important TBA No No No
CVE-2020-1055 Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability Important TBA No No No
CVE-2020-1063 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Important TBA No No No
CVE-2020-0901 Microsoft Excel Remote Code Execution Vulnerability Important TBA No No No
CVE-2020-1099 Microsoft Office SharePoint XSS Vulnerability Important TBA No No No
CVE-2020-1100 Microsoft Office SharePoint XSS Vulnerability Important TBA No No