
Microsofts May Patch Tuesday Addresses 111 Vulnerabilities
As the third-largest Patch Tuesday in Microsoft's history, this month's massive update includes 111 fixes across 12 different products.
[vc_empty_space]May Patch Tuesday Has Arrived
Microsoft have released 111 patches today, the third largest release of 2020. So far this year, there have been 487 patches released and we are only in May.
There are 16 Critical patches with the remaining 95 marked Important. Support for Windows 7 and Windows Server 2008 (including R2) was officially ended after January, but there are plenty of updates released this month for customers who have purchased an extension agreement.
Robert Brown, Director of Services for Syxsense said, For the previous 4 months, we have had on average over 100 updates each month that is almost 2GB per device per month. Now is the time to start building a patching strategy which does not depend on VPN or patching in line of sight of your servers. Users who are now working from home remain more vulnerable than they have ever been.
Patches of Interest
- CVE-2020-1126: This vulnerability is a buffer overflow advisory which impacts both Windows 7, 8.1, 10 and the Server 2012. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system, although there are no known exploits at the moment but the vulnerability can be exploited by a non-authenticated user remotely via the internet.
- CVE-2020-1117: This vulnerability is incredibly dangerous for users who have more than Power User rights, as convincing the user to run a malicious link will expose that system and the attacker can have free access to the system. This can include the installation of ransomware or the infection of other systems on the network.
- CVE-2020-1118: Although this has a severity of Important not Critical, this carries a CVSS score of 8.6 (one of the highest of this release). Without a countermeasure for this vulnerability, an attacker can install ransomware, steal data or even trigger a continuous shutdown loop which could cause countless problems for any company.
Experience the Power of Syxsense
Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.
Syxsense Recommendations
Based on the vendor severity and CVSS score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are Publicly Aware and / or Weaponized.
CVE Ref. | Title | Vendor Severity | CVSS Score | Weaponised | Publicly Aware | Countermeasure | Syxsense Recommended |
CVE-2020-1126 | Media Foundation Memory Corruption Vulnerability | Critical | 8.8 | No | No | No | Yes |
CVE-2020-1117 | Microsoft Colour Management Remote Code Execution Vulnerability | Critical | 8.8 | No | No | No | Yes |
CVE-2020-1118 | Microsoft Windows Transport Layer Security Denial of Service Vulnerability | Important | 8.6 | No | No | No | Yes |
CVE-2020-1112 | Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability | Important | 8.5 | No | No | No | Yes |
CVE-2020-1028 | Media Foundation Memory Corruption Vulnerability | Critical | 7.8 | No | No | No | Yes |
CVE-2020-1136 | Media Foundation Memory Corruption Vulnerability | Critical | 7.8 | No | No | No | Yes |
CVE-2020-1153 | Microsoft Graphics Components Remote Code Execution Vulnerability | Critical | 7.8 | No | No | No | Yes |
CVE-2020-1062 | Internet Explorer Memory Corruption Vulnerability | Critical | 7.5 | No | No | No | Yes |
CVE-2020-1064 | MSHTML Engine Remote Code Execution Vulnerability | Critical | 7.5 | No | No | No | Yes |
CVE-2020-1093 | VBScript Remote Code Execution Vulnerability | Critical | 7.5 | No | No | No | Yes |
CVE-2020-1056 | Microsoft Edge Elevation of Privilege Vulnerability | Critical | 5.4 | No | No | No | Yes |
CVE-2020-1037 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 | No | No | No | Yes |
CVE-2020-1065 | Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 | No | No | No | Yes |
CVE-2020-1023 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical | TBA | No | No | No | Yes |
CVE-2020-1024 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical | TBA | No | No | No | Yes |
CVE-2020-1102 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical | TBA | No | No | No | Yes |
CVE-2020-1069 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Critical | TBA | No | No | No | Yes |
CVE-2020-1192 | Visual Studio Code Python Extension Remote Code Execution Vulnerability | Critical | TBA | No | No | No | Yes |
CVE-2020-1140 | DirectX Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1051 | Jet Database Engine Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1174 | Jet Database Engine Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1175 | Jet Database Engine Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1176 | Jet Database Engine Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1150 | Media Foundation Memory Corruption Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1010 | Microsoft Windows Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1068 | Microsoft Windows Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1079 | Microsoft Windows Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1111 | Windows Clipboard Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1165 | Windows Clipboard Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1166 | Windows Clipboard Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1154 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1021 | Windows Error Reporting Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1082 | Windows Error Reporting Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1088 | Windows Error Reporting Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1142 | Windows GDI Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1135 | Windows Graphics Component Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1078 | Windows Installer Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1087 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1114 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1048 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1070 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1081 | Windows Printer Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1137 | Windows Push Notification Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1067 | Windows Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1077 | Windows Runtime Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1086 | Windows Runtime Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1090 | Windows Runtime Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1139 | Windows Runtime Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1155 | Windows Runtime Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1156 | Windows Runtime Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1157 | Windows Runtime Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1158 | Windows Runtime Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1124 | Windows State Repository Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1134 | Windows State Repository Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1144 | Windows State Repository Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1184 | Windows State Repository Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1185 | Windows State Repository Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1186 | Windows State Repository Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1187 | Windows State Repository Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1188 | Windows State Repository Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1189 | Windows State Repository Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1190 | Windows State Repository Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1191 | Windows State Repository Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1109 | Windows Update Stack Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1110 | Windows Update Stack Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | |
CVE-2020-1092 | Internet Explorer Memory Corruption Vulnerability | Important | 7.5 | No | No | No | |
CVE-2020-1061 | Microsoft Script Runtime Remote Code Execution Vulnerability | Important | 7.5 | No | No | No | |
CVE-2020-1035 | VBScript Remote Code Execution Vulnerability | Important | 7.5 | No | No | No | |
CVE-2020-1058 | VBScript Remote Code Execution Vulnerability | Important | 7.5 | No | No | No | |
CVE-2020-1060 | VBScript Remote Code Execution Vulnerability | Important | 7.5 | No | No | No | |
CVE-2020-0909 | Windows Hyper-V Denial of Service Vulnerability | Important | 7.5 | No | No | No | |
CVE-2020-1054 | Win32k Elevation of Privilege Vulnerability | Important | 7 | No | No | No | |
CVE-2020-1143 | Win32k Elevation of Privilege Vulnerability | Important | 7 | No | No | No | |
CVE-2020-1121 | Windows Clipboard Service Elevation of Privilege Vulnerability | Important | 7 | No | No | No | |
CVE-2020-1132 | Windows Error Reporting Manager Elevation of Privilege Vulnerability | Important | 7 | No | No | No | |
CVE-2020-1125 | Windows Runtime Elevation of Privilege Vulnerability | Important | 7 | No | No | No | |
CVE-2020-1149 | Windows Runtime Elevation of Privilege Vulnerability | Important | 7 | No | No | No | |
CVE-2020-1151 | Windows Runtime Elevation of Privilege Vulnerability | Important | 7 | No | No | No | |
CVE-2020-1164 | Windows Runtime Elevation of Privilege Vulnerability | Important | 7 | No | No | No | |
CVE-2020-1138 | Windows Storage Service Elevation of Privilege Vulnerability | Important | 7 | No | No | No | |
CVE-2020-1071 | Windows Remote Access Common Dialog Elevation of Privilege Vulnerability | Important | 6.8 | No | No | No | |
CVE-2020-1084 | Connected User Experiences and Telemetry Service Denial of Service Vulnerability | Important | 5.5 | No | No | No | |
CVE-2020-1123 | Connected User Experiences and Telemetry Service Denial of Service Vulnerability | Important | 5.5 | No | No | No | |
CVE-2020-1116 | Windows CSRSS Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
CVE-2020-1076 | Windows Denial of Service Vulnerability | Important | 5.5 | No | No | No | |
CVE-2020-0963 | Windows GDI Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
CVE-2020-1141 | Windows GDI Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
CVE-2020-1145 | Windows GDI Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
CVE-2020-1072 | Windows Kernel Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
CVE-2020-1131 | Windows State Repository Service Elevation of Privilege Vulnerability | Important | 5.5 | No | No | No | |
CVE-2020-1075 | Windows Subsystem for Linux Information Disclosure Vulnerability | Important | 5.5 | No | No | No | |
CVE-2020-1113 | Windows Task Scheduler Security Feature Bypass Vulnerability | Important | 5.3 | No | No | No | |
CVE-2020-1059 | Microsoft Edge Spoofing Vulnerability | Important | 4.3 | No | No | No | |
CVE-2020-1096 | Microsoft Edge PDF Remote Code Execution Vulnerability | Important | 4.2 | No | No | No | |
CVE-2020-1108 | .NET Core Denial of Service Vulnerability | Important | TBA | No | No | No | |
CVE-2020-1066 | .NET Framework Elevation of Privilege Vulnerability | Important | TBA | No | No | No | |
CVE-2020-1161 | ASP.NET Core Denial of Service Vulnerability | Important | TBA | No | No | No | |
CVE-2020-1055 | Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability | Important | TBA | No | No | No | |
CVE-2020-1063 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability | Important | TBA | No | No | No | |
CVE-2020-0901 | Microsoft Excel Remote Code Execution Vulnerability | Important | TBA | No | No | No | |
CVE-2020-1099 | Microsoft Office SharePoint XSS Vulnerability | Important | TBA | No | No | No | |
CVE-2020-1100 | Microsoft Office SharePoint XSS Vulnerability | Important | TBA | No | No |