Don't miss a single vulnerability this Patch Tuesday. The latest patches and updates from Microsoft and multiple third-party applications can be found in May's Patch Tuesday Index below. Ensure you're minimizing your attack surface by joining our Automating Patch Tuesday Webinar this Wednesday. Patch Tuesday expert Jay Goodman will give recommended remediation strategies for current vulnerabilities and exploits.
May Patch Tuesday: Microsoft released 111 total CVEs, with 16 listed as critical. Earlier in the month, they released advisories ADV200004 and ADV200007 affecting Autodesk FBX library software and OpenSSL, respectively.
We've included security updates released between last Patch Tuesday and this one, including advisories for Adobe Bridge, Illustrator, Magento, Acrobat and Reader, and DNG Software Development Kit. Mozilla released three critical security advisories for Firefox 76, Firefox ESR 68.8, and Thunderbird 68.8.0 as well as one moderate advisory for Firefox for iOS 25.
Updated Live. Last Update 1:03 PM EST May 12 2020.
Adobe | |||
Product |
Title
|
Identifier
|
Severity
|
Adobe Bridge | 17 Security Vulnerabilities fixed in Adobe Bridge | APSB20-19 | Critical |
Adobe Illustrator | 5 Security Vulnerabilities fixed in Adobe Illustrator | APSB20-20 | Critical |
Adobe Magento | 13 Security Vulnerabilities fixed in Adobe Magento | APSB20-22 | Critical |
Adobe Acrobat and Reader | 24 Security Vulnerabilities fixed in Adobe Acrobat and Reader | APSB20-24 | Critical |
Adobe DNG Software Development Kit | 12 Security Vulnerabilities fixed in Adobe DNG SDK | APSB20-26 | Critical |
Mozilla Firefox | |||
Product |
Title
|
Identifier
|
Severity
|
Firefox for iOS 25 | 1 Security Vulnerability fixed in Firefox for iOS 25 | MFSA 2020-15 | Medium |
Firefox 76 | 11 Security Vulnerabilities fixed in Firefox 76 | MFSA 2020-16 | Critical |
Firefox ESR 68.8 | 7 Security Vulnerabilities fixed in Firefox ESR 68.8 | MFSA 2020-17 | Critical |
Thunderbird 68.8.0 | 6 Security Vulnerabilities fixed in Thunderbird 68.8.0 | MFSA 2020-18 | Critical |
Microsoft | |||
Product |
Title
|
Identifier
|
Severity
|
Visual Studio | Visual Studio Code Python Extension Remote Code Execution Vulnerability | CVE-2020-1192 | Critical |
.NET Core | ASP.NET Core Denial of Service Vulnerability | CVE-2020-1161 | High |
.NET Core | .NET Core Denial of Service Vulnerability | CVE-2020-1108 | High |
.NET Framework | .NET Framework Elevation of Privilege Vulnerability | CVE-2020-1066 | High |
Active Directory | Windows Remote Code Execution Vulnerability | CVE-2020-1067 | High |
Active Directory | Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability | CVE-2020-1055 | High |
Common Log File System Driver | Windows Common Log File System Driver Elevation of Privilege Vulnerability | CVE-2020-1154 | High |
Internet Explorer | Internet Explorer Memory Corruption Vulnerability | CVE-2020-1062 | Critical |
Internet Explorer | MSHTML Engine Remote Code Execution Vulnerability | CVE-2020-1064 | Critical |
Internet Explorer | Internet Explorer Memory Corruption Vulnerability | CVE-2020-1092 | High |
Internet Explorer | VBScript Remote Code Execution Vulnerability | CVE-2020-1093 | Critical |
Microsoft Dynamics | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability | CVE-2020-1063 | High |
Microsoft Edge | Microsoft Edge PDF Remote Code Execution Vulnerability | CVE-2020-1096 | High |
Microsoft Edge | Microsoft Edge Spoofing Vulnerability | CVE-2020-1059 | High |
Microsoft Edge | Microsoft Edge Elevation of Privilege Vulnerability | CVE-2020-1056 | Critical |
Microsoft Graphics Component | Windows Graphics Component Elevation of Privilege Vulnerability | CVE-2020-1135 | High |
Microsoft Graphics Component | DirectX Elevation of Privilege Vulnerability | CVE-2020-1140 | High |
Microsoft Graphics Component | Windows GDI Elevation of Privilege Vulnerability | CVE-2020-1142 | High |
Microsoft Graphics Component | Windows GDI Information Disclosure Vulnerability | CVE-2020-1145 | High |
Microsoft Graphics Component | Windows GDI Information Disclosure Vulnerability | CVE-2020-1141 | High |
Microsoft Graphics Component | Microsoft Graphics Components Remote Code Execution Vulnerability | CVE-2020-1153 | Critical |
Microsoft Graphics Component | Win32k Elevation of Privilege Vulnerability | CVE-2020-1054 | High |
Microsoft Graphics Component | Windows GDI Information Disclosure Vulnerability | CVE-2020-1179 | High |
Microsoft Graphics Component | Windows GDI Information Disclosure Vulnerability | CVE-2020-0963 | High |
Microsoft Graphics Component | Microsoft Color Management Remote Code Execution Vulnerability | CVE-2020-1117 | Critical |
Microsoft JET Database Engine | Jet Database Engine Remote Code Execution Vulnerability | CVE-2020-1174 | High |
Microsoft JET Database Engine | Jet Database Engine Remote Code Execution Vulnerability | CVE-2020-1175 | High |
Microsoft JET Database Engine | Jet Database Engine Remote Code Execution Vulnerability | CVE-2020-1176 | High |
Microsoft JET Database Engine | Jet Database Engine Remote Code Execution Vulnerability | CVE-2020-1051 | High |
Microsoft Office | Microsoft Excel Remote Code Execution Vulnerability | CVE-2020-0901 | High |
Microsoft Office SharePoint | Microsoft SharePoint Remote Code Execution Vulnerability | CVE-2020-1024 | Critical |
Microsoft Office SharePoint | Microsoft Office SharePoint XSS Vulnerability | CVE-2020-1101 | High |
Microsoft Office SharePoint | Microsoft Office SharePoint XSS Vulnerability | CVE-2020-1099 | High |
Microsoft Office SharePoint | Microsoft SharePoint Spoofing Vulnerability | CVE-2020-1105 | High |
Microsoft Office SharePoint | Microsoft Office SharePoint XSS Vulnerability | CVE-2020-1106 | High |
Microsoft Office SharePoint | Microsoft SharePoint Spoofing Vulnerability | CVE-2020-1107 | High |
Microsoft Office SharePoint | Microsoft SharePoint Server Remote Code Execution Vulnerability | CVE-2020-1069 | Critical |
Microsoft Office SharePoint | Microsoft Office SharePoint XSS Vulnerability | CVE-2020-1100 | High |
Microsoft Office SharePoint | Microsoft SharePoint Spoofing Vulnerability | CVE-2020-1104 | High |
Microsoft Office SharePoint | Microsoft SharePoint Remote Code Execution Vulnerability | CVE-2020-1023 | Critical |
Microsoft Office SharePoint | Microsoft SharePoint Information Disclosure Vulnerability | CVE-2020-1103 | High |
Microsoft Office SharePoint | Microsoft SharePoint Remote Code Execution Vulnerability | CVE-2020-1102 | Critical |
Microsoft Scripting Engine | VBScript Remote Code Execution Vulnerability | CVE-2020-1060 | High |
Microsoft Scripting Engine | VBScript Remote Code Execution Vulnerability | CVE-2020-1058 | High |
Microsoft Scripting Engine | Chakra Scripting Engine Memory Corruption Vulnerability | CVE-2020-1037 | Critical |
Microsoft Scripting Engine | Scripting Engine Memory Corruption Vulnerability | CVE-2020-1065 | Critical |
Microsoft Scripting Engine | VBScript Remote Code Execution Vulnerability | CVE-2020-1035 | High |
Microsoft Windows | Windows State Repository Service Elevation of Privilege Vulnerability | CVE-2020-1184 | High |
Microsoft Windows | Windows State Repository Service Elevation of Privilege Vulnerability | CVE-2020-1185 | High |
Microsoft Windows | Windows State Repository Service Elevation of Privilege Vulnerability | CVE-2020-1187 | High |
Microsoft Windows | Windows Runtime Elevation of Privilege Vulnerability | CVE-2020-1090 | High |
Microsoft Windows | Windows Error Reporting Elevation of Privilege Vulnerability | CVE-2020-1088 | High |
Microsoft Windows | Windows Runtime Elevation of Privilege Vulnerability | CVE-2020-1086 | High |
Microsoft Windows | Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability | CVE-2020-1112 | High |
Microsoft Windows | Windows Clipboard Service Elevation of Privilege Vulnerability | CVE-2020-1121 | High |
Microsoft Windows | Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability | CVE-2020-1123 | High |
Microsoft Windows | Windows Runtime Elevation of Privilege Vulnerability | CVE-2020-1125 | High |
Microsoft Windows | Windows Clipboard Service Elevation of Privilege Vulnerability | CVE-2020-1166 | High |
Microsoft Windows | Windows State Repository Service Elevation of Privilege Vulnerability | CVE-2020-1131 | High |
Microsoft Windows | Windows Error Reporting Manager Elevation of Privilege Vulnerability | CVE-2020-1132 | High |
Microsoft Windows | Windows Clipboard Service Elevation of Privilege Vulnerability | CVE-2020-1165 | High |
Microsoft Windows | Media Foundation Memory Corruption Vulnerability | CVE-2020-1136 | Critical |
Microsoft Windows | Windows Runtime Elevation of Privilege Vulnerability | CVE-2020-1139 | High |
Microsoft Windows | Windows Runtime Elevation of Privilege Vulnerability | CVE-2020-1164 | High |
Microsoft Windows | Windows Clipboard Service Elevation of Privilege Vulnerability | CVE-2020-1111 | High |
Microsoft Windows | Windows Error Reporting Elevation of Privilege Vulnerability | CVE-2020-1082 | High |
Microsoft Windows | Windows State Repository Service Elevation of Privilege Vulnerability | CVE-2020-1189 | High |
Microsoft Windows | Microsoft Windows Elevation of Privilege Vulnerability | CVE-2020-1079 | High |
Microsoft Windows | Windows Storage Service Elevation of Privilege Vulnerability | CVE-2020-1138 | High |
Microsoft Windows | Windows Printer Service Elevation of Privilege Vulnerability | CVE-2020-1081 | High |
Microsoft Windows | Windows State Repository Service Elevation of Privilege Vulnerability | CVE-2020-1134 | High |
Microsoft Windows | Media Foundation Memory Corruption Vulnerability | CVE-2020-1126 | Critical |
Microsoft Windows | Windows State Repository Service Elevation of Privilege Vulnerability | CVE-2020-1124 | High |
Microsoft Windows | Microsoft Windows Transport Layer Security Denial of Service Vulnerability | CVE-2020-1118 | High |
Microsoft Windows | Windows CSRSS Information Disclosure Vulnerability | CVE-2020-1116 | High |
Microsoft Windows | Connected User Experiences and Telemetry Service Denial of Service Vulnerability | CVE-2020-1084 | High |
Microsoft Windows | Windows Installer Elevation of Privilege Vulnerability | CVE-2020-1078 | High |
Microsoft Windows | Windows Denial of Service Vulnerability | CVE-2020-1076 | High |
Microsoft Windows | Windows Remote Access Common Dialog Elevation of Privilege Vulnerability | CVE-2020-1071 | High |
Microsoft Windows | Windows Print Spooler Elevation of Privilege Vulnerability | CVE-2020-1048 | High |
Microsoft Windows | Microsoft Windows Elevation of Privilege Vulnerability | CVE-2020-1010 | High |
Microsoft Windows | Media Foundation Memory Corruption Vulnerability | CVE-2020-1028 | Critical |
Microsoft Windows | Windows Error Reporting Elevation of Privilege Vulnerability | CVE-2020-1021 | High |
Microsoft Windows | Win32k Elevation of Privilege Vulnerability | CVE-2020-1143 | High |
Microsoft Windows | Windows State Repository Service Elevation of Privilege Vulnerability | CVE-2020-1144 | High |
Microsoft Windows | Windows Push Notification Service Elevation of Privilege Vulnerability | CVE-2020-1137 | High |
Microsoft Windows | Media Foundation Memory Corruption Vulnerability | CVE-2020-1150 | High |
Microsoft Windows | Windows Runtime Elevation of Privilege Vulnerability | CVE-2020-1077 | High |
Microsoft Windows | Windows Kernel Information Disclosure Vulnerability | CVE-2020-1072 | High |
Microsoft Windows | Windows Print Spooler Elevation of Privilege Vulnerability | CVE-2020-1070 | High |
Microsoft Windows | Microsoft Windows Elevation of Privilege Vulnerability | CVE-2020-1068 | High |
Microsoft Windows | Windows Runtime Elevation of Privilege Vulnerability | CVE-2020-1149 | High |
Microsoft Windows | Windows State Repository Service Elevation of Privilege Vulnerability | CVE-2020-1188 | High |
Microsoft Windows | Windows State Repository Service Elevation of Privilege Vulnerability | CVE-2020-1190 | High |
Microsoft Windows | Windows State Repository Service Elevation of Privilege Vulnerability | CVE-2020-1191 | High |
Microsoft Windows | Windows Runtime Elevation of Privilege Vulnerability | CVE-2020-1151 | High |
Microsoft Windows | Windows Runtime Elevation of Privilege Vulnerability | CVE-2020-1155 | High |
Microsoft Windows | Windows Runtime Elevation of Privilege Vulnerability | CVE-2020-1158 | High |
Microsoft Windows | Windows Runtime Elevation of Privilege Vulnerability | CVE-2020-1157 | High |
Microsoft Windows | Windows Runtime Elevation of Privilege Vulnerability | CVE-2020-1156 | High |
Microsoft Windows | Windows State Repository Service Elevation of Privilege Vulnerability | CVE-2020-1186 | High |
Power BI | Microsoft Power BI Report Server Spoofing Vulnerability | CVE-2020-1173 | High |
Visual Studio | Visual Studio Code Python Extension Remote Code Execution Vulnerability | CVE-2020-1171 | High |
Windows Hyper-V | Windows Hyper-V Denial of Service Vulnerability | CVE-2020-0909 | High |
Windows Kernel | Windows Kernel Elevation of Privilege Vulnerability | CVE-2020-1087 | High |
Windows Kernel | Windows Kernel Elevation of Privilege Vulnerability | CVE-2020-1114 | High |
Windows Scripting | Microsoft Script Runtime Remote Code Execution Vulnerability | CVE-2020-1061 | High |
Windows Subsystem for Linux | Windows Subsystem for Linux Information Disclosure Vulnerability | CVE-2020-1075 | High |
Windows Task Scheduler | Windows Task Scheduler Security Feature Bypass Vulnerability | CVE-2020-1113 | High |
Windows Update Stack | Windows Update Stack Elevation of Privilege Vulnerability | CVE-2020-1109 | High |
Windows Update Stack | Windows Update Stack Elevation of Privilege Vulnerability | CVE-2020-1110 | High |
About Automox
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.