Microsoft has released its May 2020 Patch Tuesday update, addressing a total of 111 security vulnerabilities across 12 different products.
May Patch Tuesday update is the third-largest in Microsoft's history. The other two large updates were released in March and April this year, in which the company patched 115 and 113 bugs, respectively.
Of the 111 security bugs fixed this month, 13 are rated as 'critical', meaning they can be easily exploited by hackers, potentially allowing them to take full control of the target machine.
Among other vulnerabilities, 91 are classified as "Important", three are 'Moderate' while four are 'Low' in severity.
No zero-day vulnerabilities have been patched by Microsoft in this month's security update.
According to Microsoft, the May 2020 security release consists of updates for the following software:
- Microsoft Windows
- Microsoft Edge (Chromium-based)
- Microsoft Edge (EdgeHTML-based)
- Internet Explorer
- Windows Defender
- Microsoft Office and Microsoft Office Services and Web Apps
- Microsoft Dynamics
- Visual Studio
- .NET Core
- .NET Framework
- Power BI
In Edge browser, Microsoft fixed three critical bugs which could allow an attacker to execute arbitrary code by tricking a user into visiting a malicious website. Of these three bugs, CVE-2020-1056 is an elevation of privilege vulnerability, CVE-2020-1059 is spoofing vulnerability and CVE-2020-1096 is PDF remote code execution vulnerability, as per Microsoft.
Other notable vulnerabilities patched this month include two RCE flaws - CVE-2020-1126 in Windows Media Foundation and CVE-2020-1117 in Microsoft Colour Management. Hackers can exploit these bugs by tricking a user into visiting a website with exploit code or opening a malicious email attachment.
Another notable flaw impacting SharePoint is CVE-202-1024, which could allow an attacker to run arbitrary code from the SharePoint server farm account and SharePoint application pool, thereby impacting all users connected into the platform.
Microsoft has patched two bugs in Visual Studio. Of them, CVE-2020-1192 is rated as critical, while CVE-2020-1171 is classified as an important vulnerability.
Attack, which came as firm was preparing for Covid measures, was a 'perfect storm' CEO says
Make passwords at least 13 characters long and protect email with a strong passphrase, police advise
With Covid-19 related fraud through the roof it's time to review password policy, says South East Regional Organised Crime Unit
Cybercrime is rising sharply as opportunistic and immoral criminals take advantage of the disruption
After months of inactivity, all botnets are showing signs of life, researchers warn