X
Tech

Microsoft May 2020 Patch Tuesday fixes 111 vulnerabilities

Third-largest Patch Tuesday in Microsoft's history started rolling out earlier today.
Written by Catalin Cimpanu, Contributor
windows-updates-patch-tuesday.jpg

Microsoft has started rolling out today the May 2020 Patch Tuesday security updates. This month, the company has patched 111 vulnerabilities across 12 different products, from Edge to Windows, and from Visual Studio to the .NET Framework.

This month's Patch Tuesday is the third-largest in Microsoft's history after the company patched 115 bugs in March 2020 and 113 in April 2020.

While Microsoft has patched actively-exploited zero-day vulnerabilities in the past two months, there are no such bugs in this release.

This means that system administrators have time at their disposal to test today's Patch Tuesday for bugs or other issues before deploying the updates to all their systems.

Patches shouldn't be delayed too much because threat actors regularly patch-diff the Microsoft security updates in search of bugs that can be easily exploited.

Among the most severe bugs patched this month that could be weaponized for attacks against users in the future, we list:

Additional information about this month's Patch Tuesday is included below, including links to security advisories published by other companies:

  • Microsoft's official Security Update Guide portal lists all security updates in a filterable table.
  • ZDNet has also put together this page listing all this month's security advisories on one single page.
  • Adobe's security updates are detailed here.
  • SAP security updates are available here.
  • VMWare security updates are available here.
  • Firefox security updates have been released last week, with the release of Firefox v76.
  • Google Chrome security updates are now released bi-weekly. Security updates have been released last week, and a new batch is scheduled for next week, with the Chrome v83 release.
  • The Android Security Bulletin for May 2020 is detailed here. Patches started rolling out to users' phones last week.
TagCVE IDCVE Title
.NET Core CVE-2020-1161 ASP.NET Core Denial of Service Vulnerability
.NET Core CVE-2020-1108 .NET Core & .NET Framework Denial of Service Vulnerability
.NET Framework CVE-2020-1066 .NET Framework Elevation of Privilege Vulnerability
Active Directory CVE-2020-1055 Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability
Common Log File System Driver CVE-2020-1154 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Internet Explorer CVE-2020-1092 Internet Explorer Memory Corruption Vulnerability
Internet Explorer CVE-2020-1064 MSHTML Engine Remote Code Execution Vulnerability
Internet Explorer CVE-2020-1062 Internet Explorer Memory Corruption Vulnerability
Internet Explorer CVE-2020-1093 VBScript Remote Code Execution Vulnerability
Microsoft Dynamics CVE-2020-1063 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
Microsoft Edge CVE-2020-1059 Microsoft Edge Spoofing Vulnerability
Microsoft Edge CVE-2020-1056 Microsoft Edge Elevation of Privilege Vulnerability
Microsoft Edge CVE-2020-1096 Microsoft Edge PDF Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2020-1145 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2020-1135 Windows Graphics Component Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2020-1179 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2020-1153 Microsoft Graphics Components Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2020-1140 DirectX Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2020-0963 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2020-1054 Win32k Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2020-1142 Windows GDI Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2020-1117 Microsoft Color Management Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2020-1141 Windows GDI Information Disclosure Vulnerability
Microsoft JET Database Engine CVE-2020-1176 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2020-1051 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2020-1175 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2020-1174 Jet Database Engine Remote Code Execution Vulnerability
Microsoft Office CVE-2020-0901 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2020-1069 Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2020-1100 Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint CVE-2020-1105 Microsoft SharePoint Spoofing Vulnerability
Microsoft Office SharePoint CVE-2020-1102 Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2020-1024 Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2020-1023 Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2020-1104 Microsoft SharePoint Spoofing Vulnerability
Microsoft Office SharePoint CVE-2020-1101 Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint CVE-2020-1099 Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint CVE-2020-1103 Microsoft SharePoint Information Disclosure Vulnerability
Microsoft Office SharePoint CVE-2020-1107 Microsoft SharePoint Spoofing Vulnerability
Microsoft Office SharePoint CVE-2020-1106 Microsoft Office SharePoint XSS Vulnerability
Microsoft Scripting Engine CVE-2020-1060 VBScript Remote Code Execution Vulnerability
Microsoft Scripting Engine CVE-2020-1065 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2020-1037 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2020-1035 VBScript Remote Code Execution Vulnerability
Microsoft Scripting Engine CVE-2020-1058 VBScript Remote Code Execution Vulnerability
Microsoft Windows CVE-2020-1111 Windows Clipboard Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1112 Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1082 Windows Error Reporting Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1086 Windows Runtime Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1048 Windows Print Spooler Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1090 Windows Runtime Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1088 Windows Error Reporting Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1166 Windows Clipboard Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1021 Windows Error Reporting Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1164 Windows Runtime Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1165 Windows Clipboard Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1184 Windows State Repository Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1188 Windows State Repository Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1191 Windows State Repository Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1185 Windows State Repository Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1187 Windows State Repository Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1125 Windows Runtime Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1131 Windows State Repository Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1121 Windows Clipboard Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1123 Connected User Experiences and Telemetry Service Denial of Service Vulnerability
Microsoft Windows CVE-2020-1132 Windows Error Reporting Manager Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1010 Microsoft Windows Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1028 Media Foundation Memory Corruption Vulnerability
Microsoft Windows CVE-2020-1136 Media Foundation Memory Corruption Vulnerability
Microsoft Windows CVE-2020-1139 Windows Runtime Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1144 Windows State Repository Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1149 Windows Runtime Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1076 Windows Denial of Service Vulnerability
Microsoft Windows CVE-2020-1143 Win32k Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1071 Windows Remote Access Common Dialog Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1155 Windows Runtime Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1150 Media Foundation Memory Corruption Vulnerability
Microsoft Windows CVE-2020-1151 Windows Runtime Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1138 Windows Storage Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1118 Microsoft Windows Transport Layer Security Denial of Service Vulnerability
Microsoft Windows CVE-2020-1124 Windows State Repository Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1084 Connected User Experiences and Telemetry Service Denial of Service Vulnerability
Microsoft Windows CVE-2020-1116 Windows CSRSS Information Disclosure Vulnerability
Microsoft Windows CVE-2020-1078 Windows Installer Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1137 Windows Push Notification Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1126 Media Foundation Memory Corruption Vulnerability
Microsoft Windows CVE-2020-1134 Windows State Repository Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1070 Windows Print Spooler Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1068 Microsoft Windows Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1067 Windows Remote Code Execution Vulnerability
Microsoft Windows CVE-2020-1072 Windows Kernel Information Disclosure Vulnerability
Microsoft Windows CVE-2020-1081 Windows Printer Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1079 Microsoft Windows Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1077 Windows Runtime Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1190 Windows State Repository Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1158 Windows Runtime Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1157 Windows Runtime Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1186 Windows State Repository Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1156 Windows Runtime Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-1189 Windows State Repository Service Elevation of Privilege Vulnerability
Power BI CVE-2020-1173 Microsoft Power BI Report Server Spoofing Vulnerability
Visual Studio CVE-2020-1192 Visual Studio Code Python Extension Remote Code Execution Vulnerability
Visual Studio CVE-2020-1171 Visual Studio Code Python Extension Remote Code Execution Vulnerability
Windows Hyper-V CVE-2020-0909 Windows Hyper-V Denial of Service Vulnerability
Windows Kernel CVE-2020-1114 Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel CVE-2020-1087 Windows Kernel Elevation of Privilege Vulnerability
Windows Scripting CVE-2020-1061 Microsoft Script Runtime Remote Code Execution Vulnerability
Windows Subsystem for Linux CVE-2020-1075 Windows Subsystem for Linux Information Disclosure Vulnerability
Windows Task Scheduler CVE-2020-1113 Windows Task Scheduler Security Feature Bypass Vulnerability
Windows Update Stack CVE-2020-1109 Windows Update Stack Elevation of Privilege Vulnerability
Windows Update Stack CVE-2020-1110 Windows Update Stack Elevation of Privilege Vulnerability

Windows 10, cloud computing, programming languages, and more: ZDNet's research round-up

Editorial standards