Microsoft has released May Patch Tuesday security updates, addressing a total of 111 vulnerabilities in the family of Windows operating systems and related products. Out of these, 16 are classified as Critical and 95 as Important which includes Microsoft Windows, Edge EdgeHTML-based, Chromium-based, ChakraCore, Internet Explorer, Microsoft Office, and Microsoft Office Services and Web Apps, Windows Defender, Visual Studio, Microsoft Dynamics, .NET Framework, .NET Core, and Power BI.
All of the critical bugs are Elevation Of Privilege (EoP) and Remote Code Execution (RCE) that resides in the Internet Explorer, ChakraCore, Windows, Microsoft SharePoint, and Visual Studio Code, to name a few.
At the time of the release of updates, there were no zero-days and no vulnerabilities that had been publicly disclosed or under active attack.
Elevation of privilege vulnerabilities primarily impacting various Windows components that received a rating of “Exploitation More Likely” marked by Microsoft gives us a point to talk about it. These include a total of three of “Important” rated severity in Win32k (CVE-2020-1054, CVE-2020-1143) and one in the Windows Graphics Component (CVE-2020-1135).
Win32k Elevation of Privilege Vulnerability | CVE-2020-1054|CVE-2020-1143:
Windows Graphics Component Elevation of Privilege Vulnerability | CVE-2020-1135:
- Elevation of privilege (EoP) vulnerability exists when a use-after-free error is triggered while handling the DirectComposition SetReferenceArrayProperty function in the Windows kernel driver.
- Successful exploitation of the vulnerability could allow an attacker logged in as a local user to a specially crafted program to trigger a use-after-free error and execute arbitrary code with the highest privileges.
Microsoft Color Management (ICM32.dll) Remote Code Execution Vulnerability | CVE-2020-1117:
- A remote code execution (RCE) vulnerability exists when a boundary error is triggered while handling objects in memory within the Color Management Module (ICM32.dll).
- Successful exploitation of the vulnerability could allow a remote attacker to trick a user to visit a maliciously crafted website, to trigger memory corruption, and execute arbitrary code on the target system and take over the system.
- Although accounts that are configured to have fewer privileges on the system could be less impacted than that of high privileges.
Microsoft SharePoint Server Remote Code Execution Vulnerability | CVE-2020-1069:
- A remote code execution vulnerability allows a remote attacker to perform a spoofing attack. The vulnerability exists due to improper sanitization of a specially crafted web request and filter unsafe ASP.Net web controls to an affected SharePoint server allowing a remote attacker to perform spoofing attack.
- Successful exploitation of the vulnerability could allow a remote authenticated attacker to send a maliciously crafted request and spoof page content and perform actions in the context of the SharePoint application pool process.
The last interesting vulnerability to end with is a Denial-Of-Service vulnerability (CVE-2020-1118) in Microsoft Windows Transport Layer Security.
Microsoft Windows Transport Layer Security | CVE-2020-1118:
Denial of Service(DoS) vulnerability exists due to improper handling of certain key exchanges in the Windows implementation of Transport Layer Security (TLS).
- A remote attacker can send a specially crafted request to a target system utilizing TLS 1.2 or lower, triggering the system to automatically reboot.
Successful exploitation of the vulnerability could allow an attacker to stop the target system to respond by sending a malicious Client Key Exchange message during a TLS handshake to a target system utilizing TLS 1.2 or lower and perform a denial of service (DoS) attack.
Microsoft Security Bulletin Summary for May 2020:
- Microsoft Windows
- Microsoft Edge (EdgeHTML-based)
- Internet Explorer
- Microsoft Office and Microsoft Office Services and Web Apps
- Windows Defender
- Microsoft Dynamics
- .NET Framework
- .NET Core
- Power BI
Product: Microsoft Windows
CVEs/Advisory: CVE-2020-0909, CVE-2020-0963, CVE-2020-1010, CVE-2020-1021, CVE-2020-1028, CVE-2020-1048, CVE-2020-1051, CVE-2020-1054, CVE-2020-1055, CVE-2020-1061, CVE-2020-1067, CVE-2020-1068, […]
Impact: Denial of Service, Elevation of Privilege, Information Disclosure, Remote Code Execution, Security Feature Bypass, Spoofing
KBs: 4551853, 4556799, 4556807, 4556812, 4556813, 4556826, 4556840, 4556846, 4556852, 4556853
Product: Microsoft Edge (EdgeHTML-based)
CVEs/Advisory: CVE-2020-1037, CVE-2020-1056, CVE-2020-1059, CVE-2020-1065, CVE-2020-1096
Impact: Elevation of Privilege, Remote Code Execution, Spoofing
KBs: 4551853, 4556799, 4556807, 4556812, 4556813, 4556826
Product: Internet Explorer
CVEs/Advisory: CVE-2020-1035, CVE-2020-1058, CVE-2020-1060, CVE-2020-1062, CVE-2020-1064, CVE-2020-1092, CVE-2020-1093
Impact: Remote Code Execution
KBs: 4551853, 4556798, 4556799, 4556807, 4556812, 4556813, 4556826, 4556836, 4556840, 4556846, 4556860
Product: Microsoft Office and Microsoft Office Services and Web Apps
CVEs/Advisory: CVE-2020-0901, CVE-2020-1023, CVE-2020-1024, CVE-2020-1069, CVE-2020-1099 – CVE-2020-1107
Impact: Information Disclosure, Remote Code Execution, Spoofing
KBs: 4484332, 4484336, 4484338, 4484352, 4484364, 4484365, 4484383, 4484384
Product: .NET Framework
CVEs/Advisory: CVE-2020-1066, CVE-2020-1108
Impact: Denial of Service, Elevation of Privilege
KBs: 4552926, 4552928, 4552929, 4552931, 4556399, 4556400, 4556401, 4556402, 4556403, 4556404, 4556405, 4556406, 4556441, 4556807, 4556812, 4556813
Product: .NET Core
Impact: Denial of Service
Product: Power BI