Microsoft has released May Patch Tuesday security updates, addressing a total of 111 vulnerabilities in the family of Windows operating systems and related products. Out of these, 16 are classified as Critical and 95 as Important which includes Microsoft Windows, Edge EdgeHTML-based, Chromium-based, ChakraCore, Internet Explorer, Microsoft Office, and Microsoft Office Services and Web Apps, Windows Defender, Visual Studio, Microsoft Dynamics, .NET Framework, .NET Core, and Power BI.

All of the critical bugs are Elevation Of Privilege (EoP) and Remote Code Execution (RCE) that resides in the Internet Explorer, ChakraCore, Windows, Microsoft SharePoint, and Visual Studio Code, to name a few.

At the time of the release of updates, there were no zero-days and no vulnerabilities that had been publicly disclosed or under active attack.


Interesting Vulnerabilities:

Elevation of privilege vulnerabilities primarily impacting various Windows components that received a rating of “Exploitation More Likely” marked by Microsoft gives us a point to talk about it. These include a total of three of “Important” rated severity in Win32k (CVE-2020-1054, CVE-2020-1143) and one in the Windows Graphics Component (CVE-2020-1135).

Win32k Elevation of Privilege Vulnerability | CVE-2020-1054|CVE-2020-1143:

  • Elevation of privilege (EoP) vulnerability exists when a boundary error is triggered while handling objects in memory by the Windows kernel-mode driver.
  • Successful exploitation of the vulnerability could allow an attacker logged in as a local user to run arbitrary code in kernel mode, and thus, could install specially crafted applications, view, modify or delete data and also create new user accounts with full user rights.

Windows Graphics Component Elevation of Privilege Vulnerability | CVE-2020-1135:

  • Elevation of privilege (EoP) vulnerability exists when a use-after-free error is triggered while handling the DirectComposition SetReferenceArrayProperty function in the Windows kernel driver.
  • Successful exploitation of the vulnerability could allow an attacker logged in as a local user to a specially crafted program to trigger a use-after-free error and execute arbitrary code with the highest privileges.

Now coming to RCE’s there are two remote code execution vulnerabilities that exist in Microsoft Color Management (CVE-2020-1117), and Microsoft SharePoint Server (CVE-2020-1069).


Microsoft Color Management (ICM32.dll) Remote Code Execution Vulnerability | CVE-2020-1117:

  • A remote code execution (RCE) vulnerability exists when a boundary error is triggered while handling objects in memory within the Color Management Module (ICM32.dll).
  • Successful exploitation of the vulnerability could allow a remote attacker to trick a user to visit a maliciously crafted website, to trigger memory corruption, and execute arbitrary code on the target system and take over the system.
  • Although accounts that are configured to have fewer privileges on the system could be less impacted than that of high privileges.

Microsoft SharePoint Server Remote Code Execution Vulnerability | CVE-2020-1069:

  • A remote code execution vulnerability allows a remote attacker to perform a spoofing attack. The vulnerability exists due to improper sanitization of a specially crafted web request and filter unsafe ASP.Net web controls to an affected SharePoint server allowing a remote attacker to perform spoofing attack.
  • Successful exploitation of the vulnerability could allow a remote authenticated attacker to send a maliciously crafted request and spoof page content and perform actions in the context of the SharePoint application pool process.

The last interesting vulnerability to end with is a Denial-Of-Service vulnerability (CVE-2020-1118) in Microsoft Windows Transport Layer Security.


Microsoft Windows Transport Layer Security | CVE-2020-1118:

  • Denial of Service(DoS) vulnerability exists due to improper handling of certain key exchanges in the Windows implementation of Transport Layer Security (TLS).

  • A remote attacker can send a specially crafted request to a target system utilizing TLS 1.2 or lower, triggering the system to automatically reboot.
  • Successful exploitation of the vulnerability could allow an attacker to stop the target system to respond by sending a malicious Client Key Exchange message during a TLS handshake to a target system utilizing TLS 1.2 or lower and perform a denial of service (DoS) attack.


Microsoft Security Bulletin Summary for May 2020:

  • Microsoft Windows
  • Microsoft Edge (EdgeHTML-based)
  • ChakraCore
  • Internet Explorer
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Windows Defender
  • Microsoft Dynamics
  • .NET Framework
  • .NET Core
  • Power BI

Product: Microsoft Windows
CVEs/Advisory: CVE-2020-0909, CVE-2020-0963, CVE-2020-1010, CVE-2020-1021, CVE-2020-1028, CVE-2020-1048, CVE-2020-1051, CVE-2020-1054, CVE-2020-1055, CVE-2020-1061, CVE-2020-1067, CVE-2020-1068, […]
Impact: Denial of Service, Elevation of Privilege, Information Disclosure, Remote Code Execution, Security Feature Bypass, Spoofing
Severity: Critical
KBs: 4551853, 4556799, 4556807, 4556812, 4556813, 4556826, 4556840, 4556846, 4556852, 4556853


Product: Microsoft Edge (EdgeHTML-based)
CVEs/Advisory: CVE-2020-1037, CVE-2020-1056, CVE-2020-1059, CVE-2020-1065, CVE-2020-1096
Impact: Elevation of Privilege, Remote Code Execution, Spoofing
Severity: Critical
KBs: 4551853, 4556799, 4556807, 4556812, 4556813, 4556826


Product: ChakraCore
CVEs/Advisory: CVE-2020-1037, CVE-2020-1065
Impact: Remote Code Execution
Severity: Critical


Product: Internet Explorer
CVEs/Advisory: CVE-2020-1035, CVE-2020-1058, CVE-2020-1060, CVE-2020-1062, CVE-2020-1064, CVE-2020-1092, CVE-2020-1093
Impact: Remote Code Execution
Severity: Critical
KBs: 4551853, 4556798, 4556799, 4556807, 4556812, 4556813, 4556826, 4556836, 4556840, 4556846, 4556860


Product: Microsoft Office and Microsoft Office Services and Web Apps
CVEs/Advisory: CVE-2020-0901, CVE-2020-1023, CVE-2020-1024, CVE-2020-1069, CVE-2020-1099CVE-2020-1107
Impact: Information Disclosure, Remote Code Execution, Spoofing
Severity: Critical
KBs: 4484332, 4484336, 4484338, 4484352, 4484364, 4484365, 4484383, 4484384


Product: Visual Studio
CVEs/Advisory: CVE-2020-1108, CVE-2020-1161
Impact: Denial of Service
Severity: Important


Product: Microsoft Dynamics
CVEs/Advisory: CVE-2020-1063
Impact: Spoofing
Severity: Important
KBs: 4552002, 4551998


Product: .NET Framework
CVEs/Advisory: CVE-2020-1066, CVE-2020-1108
Impact: Denial of Service, Elevation of Privilege
Severity: Important
KBs: 4552926, 4552928, 4552929, 4552931, 4556399, 4556400, 4556401, 4556402, 4556403, 4556404, 4556405, 4556406, 4556441, 4556807, 4556812, 4556813


Product: .NET Core
CVEs/Advisory: CVE-2020-1108
Impact: Denial of Service
Severity: Important


Product: Power BI
CVEs/Advisory: CVE-2020-1173
Impact: Spoofing
Severity: Important


SanerNow detects this vulnerability and automatically fixes it by applying security updates. Download SanerNow and keep your systems updated and secure.


Subscribe For Latest Updates

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.
Summary
Author
Publisher Name
SecPod Technologies
Publisher Logo

Leave a Reply

Your email address will not be published. Required fields are marked *