You are currently viewing Patch Tuesday: Microsoft Security Bulletin Summary for May 2020

Patch Tuesday: Microsoft Security Bulletin Summary for May 2020

  • Post author:
  • Reading time:15 mins read

Microsoft Patch Tuesday, May 2020, has released May Patch Tuesday security updates, addressing a total of 111 vulnerabilities in the family of Windows operating systems and related products. Out of these, 16 are classified as Critical and 95 as Important, which includes Microsoft Windows, Edge EdgeHTML-based, Chromium-based, ChakraCore, Internet Explorer, Microsoft Office, Microsoft Office Services and Web Apps, Windows Defender, Visual Studio, Microsoft Dynamics, .NET Framework, .NET Core, and Power BI. Therefore, a good vulnerability management tool can resolve these issues.

All of the critical bugs found by Microsoft Patch Tuesday, May 2020, are Elevation Of Privilege (EoP) and Remote Code Execution (RCE) which resides in Internet Explorer, ChakraCore, Windows, Microsoft SharePoint, and Visual Studio Code, to name a few. Vulnerability Management System can prevent these problems.

At the time of the release of updates, there were no zero days and no vulnerabilities that had been publicly disclosed or under active attack.

Interesting Vulnerabilities:

The elevation of privilege vulnerabilities primarily impacting various Windows components that received a rating of “Exploitation More Likely” marked by Microsoft gives us a point to talk about it. These include a total of three of “Important” rated severity in Win32k (CVE-2020-1054, CVE-2020-1143) and one in the Windows Graphics Component (CVE-2020-1135).

Win32k Elevation of Privilege Vulnerability | CVE-2020-1054|CVE-2020-1143:

  • Elevation of privilege (EoP) vulnerability exists when a boundary error is triggered while the Windows kernel-mode driver handles objects in memory.
  • Successful exploitation of the vulnerability could allow an attacker logged in as a local user to run arbitrary code in kernel mode and, thus, could install specially crafted applications, view, modify, or delete data and create new user accounts with full user rights.

Windows Graphics Component Elevation of Privilege Vulnerability | CVE-2020-1135:

  • Elevation of privilege (EoP) vulnerability exists when a use-after-free error is triggered while handling the DirectComposition SetReferenceArrayProperty function in the Windows kernel driver.
  • Successful exploitation of the vulnerability could allow an attacker logged in as a local user to a specially crafted program to trigger a use-after-free error and execute arbitrary code with the highest privileges.

Now coming to RCE’s there are two remote code execution vulnerabilities that exist in Microsoft Color Management (CVE-2020-1117), and Microsoft SharePoint Server (CVE-2020-1069).

Microsoft Color Management (ICM32.dll) Remote Code Execution Vulnerability | CVE-2020-1117:

  • A remote code execution (RCE) vulnerability exists when a boundary error is triggered while handling objects in memory within the Color Management Module (ICM32.dll).
  • Successful exploitation of the vulnerability could allow a remote attacker to trick a user to visit a maliciously crafted website, to trigger memory corruption, and execute arbitrary code on the target system and take over the system.
  • Although accounts that are configured to have fewer privileges on the system could be less impacted than that of high privileges.

Microsoft SharePoint Server Remote Code Execution Vulnerability | CVE-2020-1069:

  • A remote code execution vulnerability allows a remote attacker to perform a spoofing attack. The vulnerability exists due to improper sanitization of a specially crafted web request and filter of unsafe ASP.Net web controls to an affected SharePoint server allowing a remote attacker to perform the spoofing attack.
  • Successful exploitation of the vulnerability could allow a remote authenticated attacker to send a maliciously crafted request and spoof page content and perform actions in the context of the SharePoint application pool process.

The last interesting vulnerability to end with is a Denial-Of-Service vulnerability (CVE-2020-1118) in Microsoft Windows Transport Layer Security.

Microsoft Windows Transport Layer Security | CVE-2020-1118:

  • Denial of Service(DoS) vulnerability exists due to improper handling of certain key exchanges in the Windows implementation of Transport Layer Security (TLS).

  • A remote attacker can send a specially crafted request to a target system utilizing TLS 1.2 or lower, triggering the system to reboot automatically.

  • Successful exploitation of the vulnerability could allow an attacker to stop the target system from responding by sending a malicious Client Key Exchange message during a TLS handshake to a target system utilizing TLS 1.2 or lower and perform a denial of service (DoS) attack.

Microsoft Security Bulletin Summary for May 2020:

  • Microsoft Windows
  • Microsoft Edge (EdgeHTML-based)
  • ChakraCore
  • Internet Explorer
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Windows Defender
  • Microsoft Dynamics
  • .NET Framework
  • .NET Core
  • Power BI

1.Product: Microsoft Windows
CVEs/Advisory: CVE-2020-0909, CVE-2020-0963, CVE-2020-1010, CVE-2020-1021, CVE-2020-1028, CVE-2020-1048, CVE-2020-1051, CVE-2020-1054, CVE-2020-1055, CVE-2020-1061, CVE-2020-1067, CVE-2020-1068, […]
Impact: Denial of Service, Elevation of Privilege, Information Disclosure, Remote Code Execution, Security Feature Bypass, Spoofing
Severity: Critical
KBs: 4551853, 4556799, 4556807, 4556812, 4556813, 4556826, 4556840, 4556846, 4556852, 4556853

2.Product: Microsoft Edge (EdgeHTML-based)
CVEs/Advisory: CVE-2020-1037, CVE-2020-1056, CVE-2020-1059, CVE-2020-1065, CVE-2020-1096
Impact: Elevation of Privilege, Remote Code Execution, Spoofing
Severity: Critical
KBs: 4551853, 4556799, 4556807, 4556812, 4556813, 4556826

3.Product: ChakraCore
CVEs/Advisory: CVE-2020-1037, CVE-2020-1065
Impact: Remote Code Execution
Severity: Critical

4.Product: Internet Explorer
CVEs/Advisory: CVE-2020-1035, CVE-2020-1058, CVE-2020-1060, CVE-2020-1062, CVE-2020-1064, CVE-2020-1092, CVE-2020-1093
Impact: Remote Code Execution
Severity: Critical
KBs: 4551853, 4556798, 4556799, 4556807, 4556812, 4556813, 4556826, 4556836, 4556840, 4556846, 4556860

5.Product: Microsoft Office and Microsoft Office Services and Web Apps
CVEs/Advisory: CVE-2020-0901, CVE-2020-1023, CVE-2020-1024, CVE-2020-1069, CVE-2020-1099CVE-2020-1107
Impact: Information Disclosure, Remote Code Execution, Spoofing
Severity: Critical
KBs: 4484332, 4484336, 4484338, 4484352, 4484364, 4484365, 4484383, 4484384

6.Product: Visual Studio
CVEs/Advisory: CVE-2020-1108, CVE-2020-1161
Impact: Denial of Service
Severity: Important

Product: Microsoft Dynamics
CVEs/Advisory: CVE-2020-1063
Impact: Spoofing
Severity: Important
KBs: 4552002, 4551998

7.Product: .NET Framework
CVEs/Advisory: CVE-2020-1066, CVE-2020-1108
Impact: Denial of Service, Elevation of Privilege
Severity: Important
KBs: 4552926, 4552928, 4552929, 4552931, 4556399, 4556400, 4556401, 4556402, 4556403, 4556404, 4556405, 4556406, 4556441, 4556807, 4556812, 4556813

8.Product: .NET Core
CVEs/Advisory: CVE-2020-1108
Impact: Denial of Service
Severity: Important

9.Product: Power BI
CVEs/Advisory: CVE-2020-1173
Impact: Spoofing
Severity: Important

SanerNow detects this vulnerability and automatically fixes it by applying security updates. Download SanerNow and keep your systems updated and secure.

Share this article
Tags: , , , , , , , , ,