Your hacker Blog

May 2020 Patch Tuesday: Microsoft fixes 111 flaws, 13 Critical

Microsoft May 2020 Patch Tuesday security updates address 111 vulnerabilities impacting 12 different products, including Windows, Edge, IE, and Office,

Microsoft issued May 2020 Patch Tuesday security updates that addressed 111 vulnerabilities impacting 12 products, including Microsoft Windows, Microsoft Edge, ChakraCore, Internet Explorer, Microsoft Office, and Microsoft Office Services and Web Apps, Visual Studio, Microsoft Dynamics, .NET Framework, .NET Core, and Power BI.

16 of 111vulnerabilities are rated as Critical severity, and 95 are rated as Important in severity.

“Eleven of these CVEs were reported through the ZDI program. None of the bugs being patched are listed as being publicly known or under active attack at the time of release.” reported ZDI. “That makes three months in a row that Microsoft has released patches for more than 110 CVEs.”

None of the flaws addressed by Microsoft are being exploited in attacks in the wild.

Below a list of the most severe issues fixed by Microsoft with May 2020 Patch Tuesday security updates:

–      CVE-2020-1071 – Windows Remote Access Common Dialog Elevation of Privilege Vulnerability – An attacker could exploit the bug in the Remote Access Common Dialog to run arbitrary code with elevated privileges.

 –       CVE-2020-1135 – Windows Graphics Component Elevation of Privilege Vulnerability – This issue was demonstrated at the Pwn2Own by white-hat hackers from the Fluoroacetate team. The flaw could allow a logged-on user to take over a system by running a specially crafted program.

–       CVE-2020-1067 – Windows Remote Code Execution Vulnerability – The RCE issue impact Windows OS and could be exploited by an attacker to execute arbitrary code with elevated permissions on affected systems. The issue could be exploited only by attacker with a domain user account, the issue could be used for lateral movements once inside a target network.

Other severe bugs that could be exploited by attackers are:

CVE-2020-1023, CVE-2020-1024, and CVE-2020-1102 – Microsoft SharePoint Remote Code Execution VulnerabilityCVE-2020-1051, CVE-2020-1174, CVE-2020-1175, and CVE-2020-1176 – Jet Database Engine Remote Code Execution VulnerabilityCVE-2020-1064 – MSHTML Engine Remote Code Execution VulnerabilityCVE-2020-1096 – Microsoft Edge PDF Remote Code Execution VulnerabilityBelow the full list of vulnerabilities addressed by Microsoft:

TagCVE IDCVE Title.NET CoreCVE-2020-1161ASP.NET Core Denial of Service Vulnerability.NET CoreCVE-2020-1108.NET Core & .NET Framework Denial of Service Vulnerability.NET FrameworkCVE-2020-1066.NET Framework Elevation of Privilege VulnerabilityActive DirectoryCVE-2020-1055Microsoft Active Directory Federation Services Cross-Site Scripting VulnerabilityCommon Log File System DriverCVE-2020-1154Windows Common Log File System Driver Elevation of Privilege VulnerabilityInternet ExplorerCVE-2020-1092Internet Explorer Memory Corruption VulnerabilityInternet ExplorerCVE-2020-1064MSHTML Engine Remote Code Execution VulnerabilityInternet ExplorerCVE-2020-1062Internet Explorer Memory Corruption VulnerabilityInternet ExplorerCVE-2020-1093VBScript Remote Code Execution VulnerabilityMicrosoft DynamicsCVE-2020-1063Microsoft Dynamics 365 (On-Premise) Cross Site Scripting VulnerabilityMicrosoft EdgeCVE-2020-1059Microsoft Edge Spoofing VulnerabilityMicrosoft EdgeCVE-2020-1056Microsoft Edge Elevation of Privilege VulnerabilityMicrosoft EdgeCVE-2020-1096Microsoft Edge PDF Remote Code Execution VulnerabilityMicrosoft Graphics ComponentCVE-2020-1145Windows GDI Information Disclosure VulnerabilityMicrosoft Graphics ComponentCVE-2020-1135Windows Graphics Component Elevation of Privilege VulnerabilityMicrosoft Graphics ComponentCVE-2020-1179Windows GDI Information Disclosure VulnerabilityMicrosoft Graphics ComponentCVE-2020-1153Microsoft Graphics Components Remote Code Execution VulnerabilityMicrosoft Graphics ComponentCVE-2020-1140DirectX Elevation of Privilege VulnerabilityMicrosoft Graphics ComponentCVE-2020-0963Windows GDI Information Disclosure VulnerabilityMicrosoft Graphics ComponentCVE-2020-1054Win32k Elevation of Privilege VulnerabilityMicrosoft Graphics ComponentCVE-2020-1142Windows GDI Elevation of Privilege VulnerabilityMicrosoft Graphics ComponentCVE-2020-1117Microsoft Color Management Remote Code Execution VulnerabilityMicrosoft Graphics ComponentCVE-2020-1141Windows GDI Information Disclosure VulnerabilityMicrosoft JET Database EngineCVE-2020-1176Jet Database Engine Remote Code Execution VulnerabilityMicrosoft JET Database EngineCVE-2020-1051Jet Database Engine Remote Code Execution VulnerabilityMicrosoft JET Database EngineCVE-2020-1175Jet Database Engine Remote Code Execution VulnerabilityMicrosoft JET Database EngineCVE-2020-1174Jet Database Engine Remote Code Execution VulnerabilityMicrosoft OfficeCVE-2020-0901Microsoft Excel Remote Code Execution VulnerabilityMicrosoft Office SharePointCVE-2020-1069Microsoft SharePoint Server Remote Code Execution VulnerabilityMicrosoft Office SharePointCVE-2020-1100Microsoft Office SharePoint XSS VulnerabilityMicrosoft Office SharePointCVE-2020-1105Microsoft SharePoint Spoofing VulnerabilityMicrosoft Office SharePointCVE-2020-1102Microsoft SharePoint Remote Code Execution VulnerabilityMicrosoft Office SharePointCVE-2020-1024Microsoft SharePoint Remote Code Execution VulnerabilityMicrosoft Office SharePointCVE-2020-1023Microsoft SharePoint Remote Code Execution VulnerabilityMicrosoft Office SharePointCVE-2020-1104Microsoft SharePoint Spoofing VulnerabilityMicrosoft Office SharePointCVE-2020-1101Microsoft Office SharePoint XSS VulnerabilityMicrosoft Office SharePointCVE-2020-1099Microsoft Office SharePoint XSS VulnerabilityMicrosoft Office SharePointCVE-2020-1103Microsoft SharePoint Information Disclosure VulnerabilityMicrosoft Office SharePointCVE-2020-1107Microsoft SharePoint Spoofing VulnerabilityMicrosoft Office SharePointCVE-2020-1106Microsoft Office SharePoint XSS VulnerabilityMicrosoft Scripting EngineCVE-2020-1060VBScript Remote Code Execution VulnerabilityMicrosoft Scripting EngineCVE-2020-1065Scripting Engine Memory Corruption VulnerabilityMicrosoft Scripting EngineCVE-2020-1037Chakra Scripting Engine Memory Corruption VulnerabilityMicrosoft Scripting EngineCVE-2020-1035VBScript Remote Code Execution VulnerabilityMicrosoft Scripting EngineCVE-2020-1058VBScript Remote Code Execution VulnerabilityMicrosoft WindowsCVE-2020-1111Windows Clipboard Service Elevation of Privilege VulnerabilityMicrosoft WindowsCVE-2020-1112Windows Background Intelligent Transfer Service Elevation of Privilege VulnerabilityMicrosoft WindowsCVE-2020-1082Windows Error Reporting Elevation of Privilege VulnerabilityMicrosoft WindowsCVE-2020-1086Windows Runtime Elevation of Privilege VulnerabilityMicrosoft WindowsCVE-2020-1048Windows Print Spooler Elevation of Privilege VulnerabilityMicrosoft WindowsCVE-2020-1090Windows Runtime Elevation of Privilege VulnerabilityMicrosoft WindowsCVE-2020-1088Windows Error Reporting Elevation of Privilege VulnerabilityMicrosoft WindowsCVE-2020-1166Windows Clipboard Service Elevation of Privilege VulnerabilityMicrosoft WindowsCVE-2020-1021Windows Error Reporting Elevation of Privilege VulnerabilityMicrosoft WindowsCVE-2020-1164Windows Runtime Elevation of Privilege VulnerabilityMicrosoft WindowsCVE-2020-1165Windows Clipboard Service Elevation of Privilege VulnerabilityMicrosoft WindowsCVE-2020-1184Windows State Repository Service Elevation of Privilege VulnerabilityMicrosoft WindowsCVE-2020-1188Windows State Repository Service Elevation of Privilege VulnerabilityMicrosoft WindowsCVE-2020-1191Windows State Repository Service Elevation of Privilege VulnerabilityMicrosoft WindowsCVE-2020-1185Windows State Repository Service Elevation of Privilege VulnerabilityMicrosoft WindowsCVE-2020-1187Windows State Repository Service Elevation of Privilege VulnerabilityMicrosoft WindowsCVE-2020-1125Windows Runtime Elevation of Privilege VulnerabilityMicrosoft WindowsCVE-2020-1131Windows State Repository Service Elevation of Privilege VulnerabilityMicrosoft WindowsCVE-2020-1121Windows Clipboard Service Elevation of Privilege VulnerabilityMicrosoft WindowsCVE-2020-1123Connected User Experiences and Telemetry Service Denial of Service VulnerabilityMicrosoft WindowsCVE-2020-1132Windows Error Reporting Manager Elevation of Privilege VulnerabilityMicrosoft WindowsCVE-2020-1010Microsoft Windows Elevation of Privilege VulnerabilityMicrosoft WindowsCVE-2020-1028Media Foundation Memory Corruption VulnerabilityMicrosoft WindowsCVE-2020-1136Media Foundation Memory Corruption VulnerabilityMicrosoft WindowsCVE-2020-1139Windows Runtime Elevation of Privilege VulnerabilityMicrosoft WindowsCVE-2020-1144Windows State Repository Service Elevation of Privilege VulnerabilityMicrosoft WindowsCVE-2020-1149Windows Runtime Elevation of Privilege VulnerabilityMicrosoft WindowsCVE-2020-1076Windows Denial of Service VulnerabilityMicrosoft WindowsCVE-2020-1143Win32k Elevation of Privilege VulnerabilityMicrosoft WindowsCVE-2020-1071Windows Remote Access Common Dialog Elevation of Privilege VulnerabilityMicrosoft WindowsCVE-2020-1155Windows Runtime Elevation of Privilege VulnerabilityMicrosoft WindowsCVE-2020-1150Media Foundation Memory Corruption VulnerabilityMicrosoft WindowsCVE-2020-1151Windows Runtime Elevation of Privilege VulnerabilityMicrosoft WindowsCVE-2020-1138Windows Storage Service Elevation of Privilege VulnerabilityMicrosoft WindowsCVE-2020-1118Microsoft Windows Transport Layer Security Denial of Service VulnerabilityMicrosoft WindowsCVE-2020-1124Windows State Repository Service Elevation of Privilege VulnerabilityMicrosoft WindowsCVE-2020-1084Connected User Experiences and Telemetry Service Denial of Service VulnerabilityMicrosoft WindowsCVE-2020-1116Windows CSRSS Information Disclosure VulnerabilityMicrosoft WindowsCVE-2020-1078Windows Installer Elevation of Privilege VulnerabilityMicrosoft WindowsCVE-2020-1137Windows Push Notification Service Elevation of Privilege VulnerabilityMicrosoft WindowsCVE-2020-1126Media Foundation Memory Corruption VulnerabilityMicrosoft WindowsCVE-2020-1134Windows State Repository Service Elevation of Privilege VulnerabilityMicrosoft WindowsCVE-2020-1070Windows Print Spooler Elevation of Privilege VulnerabilityMicrosoft WindowsCVE-2020-1068Microsoft Windows Elevation of Privilege VulnerabilityMicrosoft WindowsCVE-2020-1067Windows Remote Code Execution VulnerabilityMicrosoft WindowsCVE-2020-1072Windows Kernel Information Disclosure VulnerabilityMicrosoft WindowsCVE-2020-1081Windows Printer Service Elevation of Privilege VulnerabilityMicrosoft WindowsCVE-2020-1079Microsoft Windows Elevation of Privilege VulnerabilityMicrosoft WindowsCVE-2020-1077Windows Runtime Elevation of Privilege VulnerabilityMicrosoft WindowsCVE-2020-1190Windows State Repository Service Elevation of Privilege VulnerabilityMicrosoft WindowsCVE-2020-1158Windows Runtime Elevation of Privilege VulnerabilityMicrosoft WindowsCVE-2020-1157Windows Runtime Elevation of Privilege VulnerabilityMicrosoft WindowsCVE-2020-1186Windows State Repository Service Elevation of Privilege VulnerabilityMicrosoft WindowsCVE-2020-1156Windows Runtime Elevation of Privilege VulnerabilityMicrosoft WindowsCVE-2020-1189Windows State Repository Service Elevation of Privilege VulnerabilityPower BICVE-2020-1173Microsoft Power BI Report Server Spoofing VulnerabilityVisual StudioCVE-2020-1192Visual Studio Code Python Extension Remote Code Execution VulnerabilityVisual StudioCVE-2020-1171Visual Studio Code Python Extension Remote Code Execution VulnerabilityWindows Hyper-VCVE-2020-0909Windows Hyper-V Denial of Service VulnerabilityWindows KernelCVE-2020-1114Windows Kernel Elevation of Privilege VulnerabilityWindows KernelCVE-2020-1087Windows Kernel Elevation of Privilege VulnerabilityWindows ScriptingCVE-2020-1061Microsoft Script Runtime Remote Code Execution VulnerabilityWindows Subsystem for LinuxCVE-2020-1075Windows Subsystem for Linux Information Disclosure VulnerabilityWindows Task SchedulerCVE-2020-1113Windows Task Scheduler Security Feature Bypass VulnerabilityWindows Update StackCVE-2020-1109Windows Update Stack Elevation of Privilege VulnerabilityWindows Update StackCVE-2020-1110Windows Update Stack Elevation of Privilege Vulnerability

window._mNHandle = window._mNHandle || {};
window._mNHandle.queue = window._mNHandle.queue || [];
medianet_versionId = “3121199”;

try {
window._mNHandle.queue.push(function () {
window._mNDetails.loadTag(“762221962”, “300×250”, “762221962”);
});
}
catch (error) {}

Pierluigi Paganini

(SecurityAffairs – Microsoft May 2020 Patch Tuesday, hacking)

The post May 2020 Patch Tuesday: Microsoft fixes 111 flaws, 13 Critical appeared first on Security Affairs.