Search the Petri IT Knowledgebase

The Unofficial M365 Changelog

Sponsors

Podcasts

Learning Center
search icon

close

Icon for Latest Whitepaper

Latest Whitepaper

Choosing an MFA Solution for Your Active Directory Environment? Ask These 15 Questions.
Icon for On-Demand Webinar

On-Demand Webinar

Combating Cyberattacks in 2022: Prepare to Defend Your Active Directory
Icon for Upcoming Conference

Upcoming Conference

GET-IT Microsoft Cloud Security and Compliance 1-Day Virtual Conference
Icon for Ebook

Ebook

The Forrester New Wave™: SaaS Application Data Protection, Q4 2021

Home

Windows 10

Patch Tuesday – May 2020

Author avatar - Russell Smith

Russell Smith

 |

May 8, 2020

May’s Patch Tuesday sees Microsoft issues fixes for a whopping 111 vulnerabilities, making this month the third biggest set of patches in Microsoft’s history. That said, there are no zero-day flaws. Let’s start with Windows 10 and Windows Server.

Windows 10 and Windows Server

This month there are 5 critical remote code execution (RCE) flaws in Windows 10 patched by Microsoft. 3 are memory corruption vulnerabilities in Windows Media Foundation. Attackers could exploit the vulnerabilities to install programs; view, change, or delete data; or create new accounts with full user rights. Users would need to visit a specially crafted website or open an infected document to fall victim.

advertisment

The remaining 2 bugs are in the Color Management Module (ICM32.dll) and Microsoft Graphics Components. The ICM32.dll vulnerability could let an attacker create new accounts with full user rights. Users without admin privileges are less likely to be impacted. The Microsoft Graphics Components vulnerability could let an attacker run arbitrary code on the affected system if the user opened a specially crafted file.

Of the remaining 73 patches, which are rated Important, 53 address elevation of privilege (EoP) bugs and 6 RCE flaws. CVE-2020-1067 is an RCE bug that could let an attacker with a domain account run arbitrary code with elevated permissions.

Microsoft Edge and Internet Explorer

Legacy Edge gets three critical patches for 2 RCEs and 1 EoP. There’s one RCE bug rated Important (CVE-2020-1096) in Edge’s PDF reader. It could let an attacker run arbitrary code in the context of the logged in user. Internet Explorer 11 also gets 7 patches this month, 3 of which are rated Critical.

Microsoft Office

Microsoft Office 2019 gets one fix for an Important RCE. A vulnerability in Excel fails to handle objects correctly in memory. An attacker could run arbitrary code in the context of the logged in user. Users without local administrator privileges are less impacted by this bug. A user would need to open a specially crafted file for this flaw to be exploited.

advertisment

Microsoft Exchange, SharePoint, and SQL Server

There are no security fixes for Exchange Server or SQL Server. SharePoint Server 2016 gets 12 fixes, 4 of which Microsoft rates as Critical. All 4 critical flaws are RCEs. Of the remaining patches, 7 address spoofing issues and 1 an information disclosure problem.

Adobe software

Finally, Adobe Flash Player gets an update but without any security fixes. Adobe Acrobat and Acrobat Reader get 12 fixes, half of which are rated Critical. The critical bugs include arbitrary code execution and security feature bypass flaws.

That is it for another month!

More from Russell Smith

TwiIT ep21

Project Volterra, Hybrid Loop, and NPUs to Supercharge AI on Your Devices
TWiIT ep20

Windows 11 Approved for Broad Deployment and 'One Outlook' Drops for Insiders
This Week in IT Ep 19

Microsoft Takes on Rival Calendly with Outlook Bookings - Plus the Latest IT News Updates

advertisment

Petri Newsletters

Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.

advertisment

More in Windows 10

Windows 10

IT Admins Report Issues With Microsoft Store Version of Quick Assist App

May 16, 2022 | Rabia Noureen

Windows 11

Microsoft Releases May 2022 Patch Tuesday Updates

May 11, 2022 | Laurent Giret

Windows Logo

What’s New with Windows – April 2022

May 2, 2022 | Russell Smith

This Week in IT – Is Microsoft Killing Off Patch Tuesday?

This Week in IT - Is Microsoft Killing Off Patch Tuesday?

Apr 22, 2022 | Russell Smith

Windows 10

Windows 10 November 2021 Update is Now Ready for Broad Deployment

Apr 18, 2022 | Rabia Noureen

Thumbnail for This Week in IT

This Week in IT - Windows 10 Gets Search Highlights and Is Microsoft in Hot Water Over Windows Cloud Pricing?

Apr 15, 2022 | Russell Smith

Most popular on petri

X

Log in to save content to your profile.

Login

Sign Up

Username/Email

Password

Forgot Password?

Login

Article saved!

Access saved content from your profile page. View Saved

Reach out

Contact Us

Advertising

About Us

Media Kit

Learn More

Podcasts

Learning Center

Webinars

Sitemap

Windows

Cloud

Office 365

Servers

Join The Conversation

Create a free account today to participate in forum conversations, comment on posts and more.

Copyright ©2019 BWW Media Group

Terms and Conditions of Use

 |

Privacy Policy