Microsoft May 2020 Patch Tuesday fixes 111 vulnerabilities

Microsoft has started rolling out today the May 2020 Patch Tuesday security updates. This month, the company has patched 111 vulnerabilities across 12 different products, from Edge to Windows, and from Visual Studio to the .NET Framework.

This month’s Patch Tuesday is the third-largest in Microsoft’s history after the company patched 115 bugs in March 2020 and 113 in April 2020.

While Microsoft has patched actively-exploited zero-day vulnerabilities in the past two months, there are no such bugs in this release.

This means that system administrators have time at their disposal to test today’s Patch Tuesday for bugs or other issues before deploying the updates to all their systems.

Patches shouldn’t be delayed too much because threat actors regularly patch-diff the Microsoft security updates in search of bugs that can be easily exploited.

Among the most severe bugs patched this month that could be weaponized for attacks against users in the future, we list:

Additional information about this month’s Patch Tuesday is included below, including links to security advisories published by other companies:

Microsoft’s official Security Update Guide portal lists all security updates in a filterable table.
ZDNet has also put together this page listing all this month’s security advisories on one single page.
Adobe’s security updates are detailed here.
SAP security updates are available here.
VMWare security updates are available here.
Firefox security updates have been released last week, with the release of Firefox v76.
Google Chrome security updates are now released bi-weekly. Security updates have been released last week, and a new batch is scheduled for next week, with the Chrome v83 release.
The Android Security Bulletin for May 2020 is detailed here. Patches started rolling out to users’ phones last week.

Tag	CVE ID	CVE Title
.NET Core	CVE-2020-1161	ASP.NET Core Denial of Service Vulnerability
.NET Core	CVE-2020-1108	.NET Core & .NET Framework Denial of Service Vulnerability
.NET Framework	CVE-2020-1066	.NET Framework Elevation of Privilege Vulnerability
Active Directory	CVE-2020-1055	Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability
Common Log File System Driver	CVE-2020-1154	Windows Common Log File System Driver Elevation of Privilege Vulnerability
Internet Explorer	CVE-2020-1092	Internet Explorer Memory Corruption Vulnerability
Internet Explorer	CVE-2020-1064	MSHTML Engine Remote Code Execution Vulnerability
Internet Explorer	CVE-2020-1062	Internet Explorer Memory Corruption Vulnerability
Internet Explorer	CVE-2020-1093	VBScript Remote Code Execution Vulnerability
Microsoft Dynamics	CVE-2020-1063	Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
Microsoft Edge	CVE-2020-1059	Microsoft Edge Spoofing Vulnerability
Microsoft Edge	CVE-2020-1056	Microsoft Edge Elevation of Privilege Vulnerability
Microsoft Edge	CVE-2020-1096	Microsoft Edge PDF Remote Code Execution Vulnerability
Microsoft Graphics Component	CVE-2020-1145	Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component	CVE-2020-1135	Windows Graphics Component Elevation of Privilege Vulnerability
Microsoft Graphics Component	CVE-2020-1179	Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component	CVE-2020-1153	Microsoft Graphics Components Remote Code Execution Vulnerability
Microsoft Graphics Component	CVE-2020-1140	DirectX Elevation of Privilege Vulnerability
Microsoft Graphics Component	CVE-2020-0963	Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component	CVE-2020-1054	Win32k Elevation of Privilege Vulnerability
Microsoft Graphics Component	CVE-2020-1142	Windows GDI Elevation of Privilege Vulnerability
Microsoft Graphics Component	CVE-2020-1117	Microsoft Color Management Remote Code Execution Vulnerability
Microsoft Graphics Component	CVE-2020-1141	Windows GDI Information Disclosure Vulnerability
Microsoft JET Database Engine	CVE-2020-1176	Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine	CVE-2020-1051	Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine	CVE-2020-1175	Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine	CVE-2020-1174	Jet Database Engine Remote Code Execution Vulnerability
Microsoft Office	CVE-2020-0901	Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office SharePoint	CVE-2020-1069	Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft Office SharePoint	CVE-2020-1100	Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint	CVE-2020-1105	Microsoft SharePoint Spoofing Vulnerability
Microsoft Office SharePoint	CVE-2020-1102	Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePoint	CVE-2020-1024	Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePoint	CVE-2020-1023	Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePoint	CVE-2020-1104	Microsoft SharePoint Spoofing Vulnerability
Microsoft Office SharePoint	CVE-2020-1101	Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint	CVE-2020-1099	Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint	CVE-2020-1103	Microsoft SharePoint Information Disclosure Vulnerability
Microsoft Office SharePoint	CVE-2020-1107	Microsoft SharePoint Spoofing Vulnerability
Microsoft Office SharePoint	CVE-2020-1106	Microsoft Office SharePoint XSS Vulnerability
Microsoft Scripting Engine	CVE-2020-1060	VBScript Remote Code Execution Vulnerability
Microsoft Scripting Engine	CVE-2020-1065	Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2020-1037	Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2020-1035	VBScript Remote Code Execution Vulnerability
Microsoft Scripting Engine	CVE-2020-1058	VBScript Remote Code Execution Vulnerability
Microsoft Windows	CVE-2020-1111	Windows Clipboard Service Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1112	Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1082	Windows Error Reporting Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1086	Windows Runtime Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1048	Windows Print Spooler Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1090	Windows Runtime Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1088	Windows Error Reporting Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1166	Windows Clipboard Service Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1021	Windows Error Reporting Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1164	Windows Runtime Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1165	Windows Clipboard Service Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1184	Windows State Repository Service Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1188	Windows State Repository Service Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1191	Windows State Repository Service Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1185	Windows State Repository Service Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1187	Windows State Repository Service Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1125	Windows Runtime Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1131	Windows State Repository Service Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1121	Windows Clipboard Service Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1123	Connected User Experiences and Telemetry Service Denial of Service Vulnerability
Microsoft Windows	CVE-2020-1132	Windows Error Reporting Manager Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1010	Microsoft Windows Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1028	Media Foundation Memory Corruption Vulnerability
Microsoft Windows	CVE-2020-1136	Media Foundation Memory Corruption Vulnerability
Microsoft Windows	CVE-2020-1139	Windows Runtime Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1144	Windows State Repository Service Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1149	Windows Runtime Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1076	Windows Denial of Service Vulnerability
Microsoft Windows	CVE-2020-1143	Win32k Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1071	Windows Remote Access Common Dialog Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1155	Windows Runtime Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1150	Media Foundation Memory Corruption Vulnerability
Microsoft Windows	CVE-2020-1151	Windows Runtime Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1138	Windows Storage Service Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1118	Microsoft Windows Transport Layer Security Denial of Service Vulnerability
Microsoft Windows	CVE-2020-1124	Windows State Repository Service Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1084	Connected User Experiences and Telemetry Service Denial of Service Vulnerability
Microsoft Windows	CVE-2020-1116	Windows CSRSS Information Disclosure Vulnerability
Microsoft Windows	CVE-2020-1078	Windows Installer Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1137	Windows Push Notification Service Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1126	Media Foundation Memory Corruption Vulnerability
Microsoft Windows	CVE-2020-1134	Windows State Repository Service Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1070	Windows Print Spooler Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1068	Microsoft Windows Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1067	Windows Remote Code Execution Vulnerability
Microsoft Windows	CVE-2020-1072	Windows Kernel Information Disclosure Vulnerability
Microsoft Windows	CVE-2020-1081	Windows Printer Service Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1079	Microsoft Windows Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1077	Windows Runtime Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1190	Windows State Repository Service Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1158	Windows Runtime Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1157	Windows Runtime Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1186	Windows State Repository Service Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1156	Windows Runtime Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2020-1189	Windows State Repository Service Elevation of Privilege Vulnerability
Power BI	CVE-2020-1173	Microsoft Power BI Report Server Spoofing Vulnerability
Visual Studio	CVE-2020-1192	Visual Studio Code Python Extension Remote Code Execution Vulnerability
Visual Studio	CVE-2020-1171	Visual Studio Code Python Extension Remote Code Execution Vulnerability
Windows Hyper-V	CVE-2020-0909	Windows Hyper-V Denial of Service Vulnerability
Windows Kernel	CVE-2020-1114	Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel	CVE-2020-1087	Windows Kernel Elevation of Privilege Vulnerability
Windows Scripting	CVE-2020-1061	Microsoft Script Runtime Remote Code Execution Vulnerability
Windows Subsystem for Linux	CVE-2020-1075	Windows Subsystem for Linux Information Disclosure Vulnerability
Windows Task Scheduler	CVE-2020-1113	Windows Task Scheduler Security Feature Bypass Vulnerability
Windows Update Stack	CVE-2020-1109	Windows Update Stack Elevation of Privilege Vulnerability
Windows Update Stack	CVE-2020-1110	Windows Update Stack Elevation of Privilege Vulnerability

Source: Information Technologies - zdnet.com

Microsoft May 2020 Patch Tuesday fixes 111 vulnerabilities

On the three-year anniversary of WannaCry, US exposes new North Korean malware

Out-of-date, insecure open-source software is everywhere

ITALIAN LANGUAGE

ENGLISH LANGUAGE