Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ The May 2020 Security Update Review

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š The May 2020 Security Update Review


๐Ÿ’ก Newskategorie: Hacking
๐Ÿ”— Quelle: thezdi.com

May is upon us, and with it brings another bumper crop of security patches from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month.

Adobe Patches for May 2020

The Adobe updates for May are just two patches covering 36 CVEs. Two of these CVEs were reported through the ZDI program. The patch for Adobe Acrobat and Reader covers 24 Critical and Important-rated CVEs that mostly consist of Out-of-Bounds (OOB) Reads and Writes. There are also some buffer overflows, memory corruptions, stack exhaustion, and Use-After-Free (UAF) bugs fixed. The patch for the Adobeโ€ฏDNG Software Development Kit (SDK) fixes four Critical-rated heap overflows and eight Important-rated OOB Reads. The overflows could lead to code execution, so if you use the DNG format for your digital photography, definitely make sure you are patched. None of these bugs are listed as publicly known or under active attack at the time of release.

Microsoft Patches for May 2020

For May, Microsoft released patches for 111 CVEs covering Microsoft Windows, Microsoft Edge (EdgeHTML-based), ChakraCore, Internet Explorer, Microsoft Office, and Microsoft Office Services and Web Apps, Visual Studio, Microsoft Dynamics, .NET Framework, .NET Core, and Power BI. Of these 111 CVEs, 16 are rated Critical and 95 are rated Important in severity. Eleven of these CVEs were reported through the ZDI program. None of the bugs being patched are listed as being publicly known or under active attack at the time of release. That makes three months in a row that Microsoft has released patches for more than 110 CVEs. Weโ€™ll see if they maintain that pace throughout the year.

Letโ€™s take a closer look at some of the more interesting updates for this month, starting with a bug that requires physical access:

-ย ย ย ย ย ย  CVE-2020-1071 โ€“ Windows Remote Access Common Dialog Elevation of Privilege Vulnerability
Law #3 of the 10 Immutable Laws of Security states, โ€œIf a bad guy has unrestricted physical access to your computer, itโ€™s not your computer anymore.โ€ But what if the physical access is something other than unrestricted? That seems to be the case here. An attacker would need to be at the system and boot it to the login screen. If they can do that, they could leverage a bug in the Remote Access Common Dialog to run arbitrary code with elevated privileges. This bug will be much more critical for places with open offices where casual physical access is common.

ย -ย ย ย ย ย ย  CVE-2020-1135 - Windows Graphics Component Elevation of Privilege Vulnerability
While Pwn2Own may have been virtual this year, the bugs demonstrated certainly were not. This bug from the Fluoroacetate duo of Richard Zhu and Amat Cama allows a logged-on user to take over a system by running a specially crafted program. They leveraged a Use-After-Free (UAF) bug in Windows to escalate from a regular user to SYSTEM.

-ย ย ย ย ย ย  CVE-2020-1067 - Windows Remote Code Execution Vulnerability
This patch corrects an RCE bug in the Windows OS that could allow an attacker to execute arbitrary code with elevated permissions on affected systems. The only thing keeping this from being Critical is the fact that the attacker needs a domain user account for their specially crafted request to succeed. This makes the bug a prime target for insider threats, as well as penetration testers looking to expand their foothold in a target enterprise.

-ย ย ย ย ย ย  CVE-2020-1118 - Microsoft Windows Transport Layer Security Denial of Service Vulnerability
This patch addresses a bug that allows a remote, unauthenticated attacker to abnormally reboot, resulting in a denial-of-service condition. A NULL pointer dereference vulnerability exists in the Windows implementation of the Diffie-Hellman protocol. An attacker can exploit this vulnerability by sending a malicious Client Key Exchange message during a TLS handshake. The vulnerability affects both TLS clients and TLS servers, so just about any system could be shut down by an attacker. Either way, successful exploitation will cause the lsass.exe process to terminate.

ย Hereโ€™s the full list of CVEs released by Microsoft for May 2020.



๐Ÿ“Œ The May 2020 Security Update Review


๐Ÿ“ˆ 20.21 Punkte

๐Ÿ“Œ Microsoft may have tipped the Windows 10 May 2020 Update release date


๐Ÿ“ˆ 18.7 Punkte

๐Ÿ“Œ Review: Windows 10 May 2020 Update packs improvements to existing features


๐Ÿ“ˆ 18.3 Punkte

๐Ÿ“Œ The May 2019 Security Update Review


๐Ÿ“ˆ 17.64 Punkte

๐Ÿ“Œ The May 2021 Security Update Review


๐Ÿ“ˆ 17.64 Punkte

๐Ÿ“Œ The May 2022 Security Update Review


๐Ÿ“ˆ 17.64 Punkte

๐Ÿ“Œ The May 2022 Security Update Review


๐Ÿ“ˆ 17.64 Punkte

๐Ÿ“Œ The May 2023 Security Update Review


๐Ÿ“ˆ 17.64 Punkte

๐Ÿ“Œ ISC Stormcast For Friday, May 1st 2020 https://isc.sans.edu/podcastdetail.html?id=6978, (Fri, May 1st)


๐Ÿ“ˆ 16.19 Punkte

๐Ÿ“Œ ISC Stormcast For Monday, May 4th 2020 https://isc.sans.edu/podcastdetail.html?id=6980, (Mon, May 4th)


๐Ÿ“ˆ 16.19 Punkte

๐Ÿ“Œ ISC Stormcast For Tuesday, May 5th 2020 https://isc.sans.edu/podcastdetail.html?id=6982, (Tue, May 5th)


๐Ÿ“ˆ 16.19 Punkte

๐Ÿ“Œ ISC Stormcast For Wednesday, May 6th 2020 https://isc.sans.edu/podcastdetail.html?id=6984, (Wed, May 6th)


๐Ÿ“ˆ 16.19 Punkte

๐Ÿ“Œ ISC Stormcast For Thursday, May 7th 2020 https://isc.sans.edu/podcastdetail.html?id=6986, (Thu, May 7th)


๐Ÿ“ˆ 16.19 Punkte

๐Ÿ“Œ ISC Stormcast For Friday, May 8th 2020 https://isc.sans.edu/podcastdetail.html?id=6988, (Fri, May 8th)


๐Ÿ“ˆ 16.19 Punkte

๐Ÿ“Œ ISC Stormcast For Monday, May 11th 2020 https://isc.sans.edu/podcastdetail.html?id=6990, (Mon, May 11th)


๐Ÿ“ˆ 16.19 Punkte

๐Ÿ“Œ ISC Stormcast For Tuesday, May 12th 2020 https://isc.sans.edu/podcastdetail.html?id=6992, (Tue, May 12th)


๐Ÿ“ˆ 16.19 Punkte

๐Ÿ“Œ Microsoft May 2020 Patch Tuesday, (Tue, May 12th)


๐Ÿ“ˆ 16.19 Punkte

๐Ÿ“Œ Coronavirus-themed attacks May 03 โ€“ May 09, 2020


๐Ÿ“ˆ 16.19 Punkte

๐Ÿ“Œ ISC Stormcast For Wednesday, May 13th 2020 https://isc.sans.edu/podcastdetail.html?id=6994, (Wed, May 13th)


๐Ÿ“ˆ 16.19 Punkte

๐Ÿ“Œ ISC Stormcast For Thursday, May 14th 2020 https://isc.sans.edu/podcastdetail.html?id=6996, (Thu, May 14th)


๐Ÿ“ˆ 16.19 Punkte

๐Ÿ“Œ ISC Stormcast For Friday, May 15th 2020 https://isc.sans.edu/podcastdetail.html?id=6998, (Fri, May 15th)


๐Ÿ“ˆ 16.19 Punkte

๐Ÿ“Œ Coronavirus-themed attacks May 10 โ€“ May 16, 2020


๐Ÿ“ˆ 16.19 Punkte

๐Ÿ“Œ ISC Stormcast For Monday, May 18th 2020 https://isc.sans.edu/podcastdetail.html?id=7000, (Mon, May 18th)


๐Ÿ“ˆ 16.19 Punkte

๐Ÿ“Œ ISC Stormcast For Tuesday, May 19th 2020 https://isc.sans.edu/podcastdetail.html?id=7002, (Tue, May 19th)


๐Ÿ“ˆ 16.19 Punkte

๐Ÿ“Œ ISC Stormcast For Wednesday, May 20th 2020 https://isc.sans.edu/podcastdetail.html?id=7004, (Wed, May 20th)


๐Ÿ“ˆ 16.19 Punkte

๐Ÿ“Œ ISC Stormcast For Thursday, May 21st 2020 https://isc.sans.edu/podcastdetail.html?id=7006, (Thu, May 21st)


๐Ÿ“ˆ 16.19 Punkte

๐Ÿ“Œ ISC Stormcast For Friday, May 22nd 2020 https://isc.sans.edu/podcastdetail.html?id=7008, (Fri, May 22nd)


๐Ÿ“ˆ 16.19 Punkte

๐Ÿ“Œ ISC Stormcast For Tuesday, May 26th 2020 https://isc.sans.edu/podcastdetail.html?id=7010, (Tue, May 26th)


๐Ÿ“ˆ 16.19 Punkte

๐Ÿ“Œ ISC Stormcast For Wednesday, May 27th 2020 https://isc.sans.edu/podcastdetail.html?id=7012, (Wed, May 27th)


๐Ÿ“ˆ 16.19 Punkte

๐Ÿ“Œ ISC Stormcast For Thursday, May 28th 2020 https://isc.sans.edu/podcastdetail.html?id=7014, (Thu, May 28th)


๐Ÿ“ˆ 16.19 Punkte

๐Ÿ“Œ ISC Stormcast For Friday, May 29th 2020 https://isc.sans.edu/podcastdetail.html?id=7016, (Fri, May 29th)


๐Ÿ“ˆ 16.19 Punkte

๐Ÿ“Œ Coronavirus-themed attacks May 17 โ€“ May 23, 2020


๐Ÿ“ˆ 16.19 Punkte

๐Ÿ“Œ Coronavirus-themed attacks May 24 โ€“ May 30, 2020


๐Ÿ“ˆ 16.19 Punkte

๐Ÿ“Œ Google May Call Out Companies for Android Update Delays (May 25, 2016)


๐Ÿ“ˆ 16.13 Punkte











matomo
CVE Title Severity Public Exploited Latest Software Release Older Software Release Type
CVE-2020-1037 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No 2 2 RCE
CVE-2020-1062 Internet Explorer Memory Corruption Vulnerability Critical No No 1 1 RCE
CVE-2020-1028 Media Foundation Memory Corruption Vulnerability Critical No No 2 2 RCE
CVE-2020-1126 Media Foundation Memory Corruption Vulnerability Critical No No 2 2 RCE
CVE-2020-1136 Media Foundation Memory Corruption Vulnerability Critical No No 2 2 RCE
CVE-2020-1117 Microsoft Color Management Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-1056 Microsoft Edge Elevation of Privilege Vulnerability Critical No No 2 2 EoP
CVE-2020-1153 Microsoft Graphics Components Remote Code Execution Vulnerability Critical No No 2 1 RCE
CVE-2020-1023 Microsoft SharePoint Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-1024 Microsoft SharePoint Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-1102 Microsoft SharePoint Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-1069 Microsoft SharePoint Server Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-1064 MSHTML Engine Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-1065 Scripting Engine Memory Corruption Vulnerability Critical No No 2 2 RCE
CVE-2020-1093 VBScript Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-1192 Visual Studio Code Python Extension Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-1108 .NET Core Denial of Service Vulnerability Important No No 2 2 DoS
CVE-2020-1066 .NET Framework Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1161 ASP.NET Core Denial of Service Vulnerability Important No No 2 2 DoS
CVE-2020-1084 Connected User Experiences and Telemetry Service Denial of Service Vulnerability Important No No 2 2 DoS
CVE-2020-1123 Connected User Experiences and Telemetry Service Denial of Service Vulnerability Important No No 2 2 DoS
CVE-2020-1140 DirectX Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1092 Internet Explorer Memory Corruption Vulnerability Important No No 2 2 RCE
CVE-2020-1051 Jet Database Engine Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1174 Jet Database Engine Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1175 Jet Database Engine Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1176 Jet Database Engine Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1150 Media Foundation Memory Corruption Vulnerability Important No No 2 2 RCE
CVE-2020-1055 Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability Important No No 2 2 XSS
CVE-2020-1063 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Important No No 2 2 XSS
CVE-2020-1096 Microsoft Edge PDF Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1059 Microsoft Edge Spoofing Vulnerability Important No No 2 2 Spoof
CVE-2020-0901 Microsoft Excel Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1099 Microsoft Office SharePoint XSS Vulnerability Important No No 2 2 XSS
CVE-2020-1100 Microsoft Office SharePoint XSS Vulnerability Important No No 2 2 XSS
CVE-2020-1101 Microsoft Office SharePoint XSS Vulnerability Important No No 2 2 XSS
CVE-2020-1106 Microsoft Office SharePoint XSS Vulnerability Important No No 2 2 XSS
CVE-2020-1173 Microsoft Power BI Report Server Spoofing Vulnerability Important No No 2 2 Spoof
CVE-2020-1061 Microsoft Script Runtime Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1103 Microsoft SharePoint Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1104 Microsoft SharePoint Spoofing Vulnerability Important No No 2 2 Spoof
CVE-2020-1105 Microsoft SharePoint Spoofing Vulnerability Important No No 2 2 Spoof
CVE-2020-1107 Microsoft SharePoint Spoofing Vulnerability Important No No 2 2 Spoof
CVE-2020-1010 Microsoft Windows Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1068 Microsoft Windows Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1079 Microsoft Windows Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1118 Microsoft Windows Transport Layer Security Denial of Service Vulnerability Important No No 2 2 DoS
CVE-2020-1035 VBScript Remote Code Execution Vulnerability Important No No 1 1 RCE
CVE-2020-1058 VBScript Remote Code Execution Vulnerability Important No No 1 1 RCE
CVE-2020-1060 VBScript Remote Code Execution Vulnerability Important No No 1 1 RCE
CVE-2020-1171 Visual Studio Code Python Extension Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1054 Win32k Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2020-1143 Win32k Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2020-1112 Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1111 Windows Clipboard Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1121 Windows Clipboard Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1165 Windows Clipboard Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1166 Windows Clipboard Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1154 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1116 Windows CSRSS Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1076 Windows Denial of Service Vulnerability Important No No 2 2 DoS
CVE-2020-1021 Windows Error Reporting Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1082 Windows Error Reporting Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1088 Windows Error Reporting Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1132 Windows Error Reporting Manager Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1142 Windows GDI Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0963 Windows GDI Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1141 Windows GDI Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1145 Windows GDI Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1179 Windows GDI Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1135 Windows Graphics Component Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2020-0909 Windows Hyper-V Denial of Service Vulnerability Important No No 2 2 DoS
CVE-2020-1078 Windows Installer Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1087 Windows Kernel Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1114 Windows Kernel Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1072 Windows Kernel Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1048 Windows Print Spooler Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1070 Windows Print Spooler Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1081 Windows Printer Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1137 Windows Push Notification Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1071 Windows Remote Access Common Dialog Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1067 Windows Remote Code Execution Vulnerability Important No No 2 2 EoP
CVE-2020-1077 Windows Runtime Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1086 Windows Runtime Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1090 Windows Runtime Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1125 Windows Runtime Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1139 Windows Runtime Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1149 Windows Runtime Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1151 Windows Runtime Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1155 Windows Runtime Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1156 Windows Runtime Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1157 Windows Runtime Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1158 Windows Runtime Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1164 Windows Runtime Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1124 Windows State Repository Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1131 Windows State Repository Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1134 Windows State Repository Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1144 Windows State Repository Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1184 Windows State Repository Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1185 Windows State Repository Service Elevation of Privilege Vulnerability Important No No 2 2