Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Microsoft May 2020 Patch Tuesday SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft May 2020 Patch Tuesday

This month we got an average Patch Tuesday with patches for 111 vulnerabilities total. Sixteen of them are critical and, according to Microsoft, none of them was previously disclosed or are being exploited.

Amongst critical vulnerabilities, there is a remote code execution (RCE) on Media Foundation caused by a memory corruption vulnerability (CVE-2020-1126). To exploit the vulnerability, an attacker has to convince the victim to open a specially crafted document or access a malicious webpage. It affects Windows 10, Windows Server 2016, and 2019.

Another RCE critical vulnerability, with an exploitability index rated as “more likely”, affects Microsoft Graphics Components (CVE-2020-1153). It affects most of the supported Windows versions – from Windows 7 to Windows Server 2019. 

The highest CVSS v3 score this month (8.80) was given to CVE-2020-1126 – the one that affects Media Foundation (mentioned above).

See Renato's dashboard for a more detailed breakout: https://patchtuesdaydashboard.com

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
.NET Core & .NET Framework Denial of Service Vulnerability
CVE-2020-1108 No No Less Likely Less Likely Important    
.NET Framework Elevation of Privilege Vulnerability
CVE-2020-1066 No No Less Likely Less Likely Important    
ASP.NET Core Denial of Service Vulnerability
CVE-2020-1161 No No Less Likely Less Likely Important    
Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2020-1037 No No Less Likely Less Likely Critical 4.2 3.8
Connected User Experiences and Telemetry Service Denial of Service Vulnerability
CVE-2020-1084 No No Less Likely Less Likely Important 5.5 5.0
CVE-2020-1123 No No Less Likely Less Likely Important 5.5 5.0
DirectX Elevation of Privilege Vulnerability
CVE-2020-1140 No No Less Likely Less Likely Important 7.8 7.0
Internet Explorer Memory Corruption Vulnerability
CVE-2020-1062 No No More Likely More Likely Critical 6.4 5.8
CVE-2020-1092 No No Less Likely Less Likely Important 6.4 5.8
Jet Database Engine Remote Code Execution Vulnerability
CVE-2020-1175 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1051 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1174 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1176 No No Less Likely Less Likely Important 7.8 7.0
MSHTML Engine Remote Code Execution Vulnerability
CVE-2020-1064 No No Less Likely Less Likely Critical 6.4 5.8
Media Foundation Memory Corruption Vulnerability
CVE-2020-1028 No No Less Likely Less Likely Critical 7.8 7.0
CVE-2020-1126 No No Less Likely Less Likely Critical 8.8 7.9
CVE-2020-1150 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1136 No No Less Likely Less Likely Critical 7.8 7.0
Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability
CVE-2020-1055 No No Less Likely Less Likely Important    
Microsoft Color Management Remote Code Execution Vulnerability
CVE-2020-1117 No No Less Likely Less Likely Critical 8.8 7.9
Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
CVE-2020-1063 No No Less Likely Less Likely Important    
Microsoft Edge Elevation of Privilege Vulnerability
CVE-2020-1056 No No Less Likely Less Likely Critical 5.4 4.9
Microsoft Edge PDF Remote Code Execution Vulnerability
CVE-2020-1096 No No Less Likely Less Likely Important 4.2 3.8
Microsoft Edge Spoofing Vulnerability
CVE-2020-1059 No No Less Likely Less Likely Important 4.3 3.9
Microsoft Excel Remote Code Execution Vulnerability
CVE-2020-0901 No No Less Likely Less Likely Important    
Microsoft Graphics Components Remote Code Execution Vulnerability
CVE-2020-1153 No No More Likely Less Likely Critical 7.8 7.0
Microsoft Office SharePoint XSS Vulnerability
CVE-2020-1099 No No Less Likely Less Likely Important    
CVE-2020-1101 No No Less Likely Less Likely Important    
CVE-2020-1100 No No Less Likely Less Likely Important    
CVE-2020-1106 No No Less Likely Less Likely Important    
Microsoft Power BI Report Server Spoofing Vulnerability
CVE-2020-1173 No No Less Likely Less Likely Important    
Microsoft Script Runtime Remote Code Execution Vulnerability
CVE-2020-1061 No No Less Likely Less Likely Important 6.4 5.8
Microsoft SharePoint Information Disclosure Vulnerability
CVE-2020-1103 No No Less Likely Less Likely Important    
Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2020-1023 No No Less Likely Less Likely Critical    
CVE-2020-1024 No No Less Likely Less Likely Critical    
CVE-2020-1102 No No Less Likely Less Likely Critical    
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2020-1069 No No Less Likely Less Likely Critical    
Microsoft SharePoint Spoofing Vulnerability
CVE-2020-1107 No No Less Likely Less Likely Important    
CVE-2020-1104 No No Less Likely Less Likely Important    
CVE-2020-1105 No No Less Likely Less Likely Important    
Microsoft Windows Elevation of Privilege Vulnerability
CVE-2020-1010 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1068 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1079 No No Less Likely Less Likely Important 7.8 7.0
Microsoft Windows Transport Layer Security Denial of Service Vulnerability
CVE-2020-1118 No No Less Likely Less Likely Important 8.6 7.7
Scripting Engine Memory Corruption Vulnerability
CVE-2020-1065 No No Less Likely Less Likely Critical 4.2 3.8
VBScript Remote Code Execution Vulnerability
CVE-2020-1035 No No More Likely More Likely Important 6.4 5.8
CVE-2020-1058 No No More Likely More Likely Important 6.4 5.8
CVE-2020-1060 No No More Likely More Likely Important 6.4 5.8
CVE-2020-1093 No No Less Likely Less Likely Critical 6.4 5.8
Visual Studio Code Python Extension Remote Code Execution Vulnerability
CVE-2020-1192 No No Less Likely Less Likely Critical    
CVE-2020-1171 No No Less Likely Less Likely Important    
Win32k Elevation of Privilege Vulnerability
CVE-2020-1054 No No More Likely More Likely Important 7.0 6.3
CVE-2020-1143 No No More Likely More Likely Important 7.0 6.3
Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability
CVE-2020-1112 No No Less Likely Less Likely Important 8.5 7.6
Windows CSRSS Information Disclosure Vulnerability
CVE-2020-1116 No No Less Likely Less Likely Important 5.5 5.0
Windows Clipboard Service Elevation of Privilege Vulnerability
CVE-2020-1111 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1121 No No Less Likely Less Likely Important 7.0 6.3
CVE-2020-1165 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1166 No No Less Likely Less Likely Important 7.8 7.0
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2020-1154 No No Less Likely Less Likely Important 7.8 7.0
Windows Denial of Service Vulnerability
CVE-2020-1076 No No Less Likely Less Likely Important 5.5 5.0
Windows Error Reporting Elevation of Privilege Vulnerability
CVE-2020-1021 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1082 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1088 No No Less Likely Less Likely Important 7.8 7.0
Windows Error Reporting Manager Elevation of Privilege Vulnerability
CVE-2020-1132 No No Less Likely Less Likely Important 7.0 6.3
Windows GDI Elevation of Privilege Vulnerability
CVE-2020-1142 No No Less Likely Less Likely Important 7.8 7.0
Windows GDI Information Disclosure Vulnerability
CVE-2020-0963 No No Less Likely Less Likely Important 5.5 5.0
CVE-2020-1179 No No Less Likely Less Likely Important    
CVE-2020-1141 No No Less Likely Less Likely Important 5.5 5.0
CVE-2020-1145 No No Less Likely Less Likely Important 5.5 5.0
Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2020-1135 No No More Likely More Likely Important 7.8 7.0
Windows Hyper-V Denial of Service Vulnerability
CVE-2020-0909 No No Less Likely Less Likely Important 7.5 6.7
Windows Installer Elevation of Privilege Vulnerability
CVE-2020-1078 No No Less Likely Less Likely Important 7.8 7.0
Windows Kernel Elevation of Privilege Vulnerability
CVE-2020-1114 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1087 No No Less Likely Less Likely Important 7.8 7.0
Windows Kernel Information Disclosure Vulnerability
CVE-2020-1072 No No Less Likely Less Likely Important 5.5 5.0
Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2020-1048 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1070 No No Less Likely Less Likely Important 7.8 7.0
Windows Printer Service Elevation of Privilege Vulnerability
CVE-2020-1081 No No Less Likely Less Likely Important 7.8 7.0
Windows Push Notification Service Elevation of Privilege Vulnerability
CVE-2020-1137 No No Less Likely Less Likely Important 7.8 7.0
Windows Remote Access Common Dialog Elevation of Privilege Vulnerability
CVE-2020-1071 No No Less Likely Less Likely Important 6.8 6.1
Windows Remote Code Execution Vulnerability
CVE-2020-1067 No No Less Likely Less Likely Important 7.8 7.0
Windows Runtime Elevation of Privilege Vulnerability
CVE-2020-1149 No No Less Likely Less Likely Important 7.0 6.3
CVE-2020-1151 No No Less Likely Less Likely Important 7.0 6.3
CVE-2020-1155 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1156 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1157 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1158 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1077 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1086 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1090 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1125 No No Less Likely Less Likely Important 7.0 6.3
CVE-2020-1139 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1164 No No Less Likely Less Likely Important 7.0 6.3
Windows State Repository Service Elevation of Privilege Vulnerability
CVE-2020-1124 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1134 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1144 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1186 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1189 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1190 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1131 No No Less Likely Less Likely Important 5.5 5.0
CVE-2020-1184 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1185 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1187 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1188 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1191 No No Less Likely Less Likely Important 7.8 7.0
Windows Storage Service Elevation of Privilege Vulnerability
CVE-2020-1138 No No Less Likely Less Likely Important 7.0 6.3
Windows Subsystem for Linux Information Disclosure Vulnerability
CVE-2020-1075 No No Less Likely Less Likely Important 5.5 5.0
Windows Task Scheduler Security Feature Bypass Vulnerability
CVE-2020-1113 No No Less Likely Less Likely Important 5.3 4.8
Windows Update Stack Elevation of Privilege Vulnerability
CVE-2020-1110 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1109 No No Less Likely Less Likely Important 7.8 7.0

 

--
Renato Marinho
Morphus Labs| LinkedIn|Twitter

 Renato

54 Posts
ISC Handler
May 12th 2020
Subscribe May 12th 2020
2 months ago
What's the best way to keep tabs on when a vulnerability turns into an active exploit?
 Qi

2 Posts
Quote May 14th 2020
2 months ago
The vendor guidance stays a valuable input, but in addition stay plugged into some good infosec news sources. Following some good infosec folks on Twitter can help too. The signal to noise ratio will vary on all of these sources of course.
 Rob VandenBrink

542 Posts
ISC Handler
Quote May 14th 2020
2 months ago

Sign Up for Free or Log In to start participating in the conversation!