Microsoft 12 maja 2020 roku wydał nowy pakiet aktualizacji bezpieczeństwa w ramach comiesięcznego Patch Tuesday. Wydano łącznie 111 poprawek bezpieczeństwa, w tym 16 oznaczonych jako krytyczne.

Najistotniejsze podatności:

CVE-2020-1126 – uszkodzenie pamięci umożliwia atakującemu zdalne wykonanie kodu w Media Foundation. Aby wykorzystać tę lukę, wymagane jest przekonanie ofiary do otwarcia spreparowanego dokumentu lub uzyskania dostępu do złośliwej strony internetowej. Wpływa na system Windows 10, Windows Server 2016 i 2019.

Poniżej przedstawiamy szczegółowe zestawienie aktualizacji:

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
.NET Core & .NET Framework Denial of Service Vulnerability
CVE-2020-1108 No No Less Likely Less Likely Important
.NET Framework Elevation of Privilege Vulnerability
CVE-2020-1066 No No Less Likely Less Likely Important
ASP.NET Core Denial of Service Vulnerability
CVE-2020-1161 No No Less Likely Less Likely Important
Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2020-1037 No No Less Likely Less Likely Critical 4.2 3.8
Connected User Experiences and Telemetry Service Denial of Service Vulnerability
CVE-2020-1084 No No Less Likely Less Likely Important 5.5 5.0
CVE-2020-1123 No No Less Likely Less Likely Important 5.5 5.0
DirectX Elevation of Privilege Vulnerability
CVE-2020-1140 No No Less Likely Less Likely Important 7.8 7.0
Internet Explorer Memory Corruption Vulnerability
CVE-2020-1062 No No More Likely More Likely Critical 6.4 5.8
CVE-2020-1092 No No Less Likely Less Likely Important 6.4 5.8
Jet Database Engine Remote Code Execution Vulnerability
CVE-2020-1175 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1051 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1174 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1176 No No Less Likely Less Likely Important 7.8 7.0
MSHTML Engine Remote Code Execution Vulnerability
CVE-2020-1064 No No Less Likely Less Likely Critical 6.4 5.8
Media Foundation Memory Corruption Vulnerability
CVE-2020-1028 No No Less Likely Less Likely Critical 7.8 7.0
CVE-2020-1126 No No Less Likely Less Likely Critical 8.8 7.9
CVE-2020-1150 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1136 No No Less Likely Less Likely Critical 7.8 7.0
Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability
CVE-2020-1055 No No Less Likely Less Likely Important
Microsoft Color Management Remote Code Execution Vulnerability
CVE-2020-1117 No No Less Likely Less Likely Critical 8.8 7.9
Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
CVE-2020-1063 No No Less Likely Less Likely Important
Microsoft Edge Elevation of Privilege Vulnerability
CVE-2020-1056 No No Less Likely Less Likely Critical 5.4 4.9
Microsoft Edge PDF Remote Code Execution Vulnerability
CVE-2020-1096 No No Less Likely Less Likely Important 4.2 3.8
Microsoft Edge Spoofing Vulnerability
CVE-2020-1059 No No Less Likely Less Likely Important 4.3 3.9
Microsoft Excel Remote Code Execution Vulnerability
CVE-2020-0901 No No Less Likely Less Likely Important
Microsoft Graphics Components Remote Code Execution Vulnerability
CVE-2020-1153 No No More Likely Less Likely Critical 7.8 7.0
Microsoft Office SharePoint XSS Vulnerability
CVE-2020-1099 No No Less Likely Less Likely Important
CVE-2020-1101 No No Less Likely Less Likely Important
CVE-2020-1100 No No Less Likely Less Likely Important
CVE-2020-1106 No No Less Likely Less Likely Important
Microsoft Power BI Report Server Spoofing Vulnerability
CVE-2020-1173 No No Less Likely Less Likely Important
Microsoft Script Runtime Remote Code Execution Vulnerability
CVE-2020-1061 No No Less Likely Less Likely Important 6.4 5.8
Microsoft SharePoint Information Disclosure Vulnerability
CVE-2020-1103 No No Less Likely Less Likely Important
Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2020-1023 No No Less Likely Less Likely Critical
CVE-2020-1024 No No Less Likely Less Likely Critical
CVE-2020-1102 No No Less Likely Less Likely Critical
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2020-1069 No No Less Likely Less Likely Critical
Microsoft SharePoint Spoofing Vulnerability
CVE-2020-1107 No No Less Likely Less Likely Important
CVE-2020-1104 No No Less Likely Less Likely Important
CVE-2020-1105 No No Less Likely Less Likely Important
Microsoft Windows Elevation of Privilege Vulnerability
CVE-2020-1010 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1068 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1079 No No Less Likely Less Likely Important 7.8 7.0
Microsoft Windows Transport Layer Security Denial of Service Vulnerability
CVE-2020-1118 No No Less Likely Less Likely Important 8.6 7.7
Scripting Engine Memory Corruption Vulnerability
CVE-2020-1065 No No Less Likely Less Likely Critical 4.2 3.8
VBScript Remote Code Execution Vulnerability
CVE-2020-1035 No No More Likely More Likely Important 6.4 5.8
CVE-2020-1058 No No More Likely More Likely Important 6.4 5.8
CVE-2020-1060 No No More Likely More Likely Important 6.4 5.8
CVE-2020-1093 No No Less Likely Less Likely Critical 6.4 5.8
Visual Studio Code Python Extension Remote Code Execution Vulnerability
CVE-2020-1192 No No Less Likely Less Likely Critical
CVE-2020-1171 No No Less Likely Less Likely Important
Win32k Elevation of Privilege Vulnerability
CVE-2020-1054 No No More Likely More Likely Important 7.0 6.3
CVE-2020-1143 No No More Likely More Likely Important 7.0 6.3
Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability
CVE-2020-1112 No No Less Likely Less Likely Important 8.5 7.6
Windows CSRSS Information Disclosure Vulnerability
CVE-2020-1116 No No Less Likely Less Likely Important 5.5 5.0
Windows Clipboard Service Elevation of Privilege Vulnerability
CVE-2020-1111 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1121 No No Less Likely Less Likely Important 7.0 6.3
CVE-2020-1165 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1166 No No Less Likely Less Likely Important 7.8 7.0
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2020-1154 No No Less Likely Less Likely Important 7.8 7.0
Windows Denial of Service Vulnerability
CVE-2020-1076 No No Less Likely Less Likely Important 5.5 5.0
Windows Error Reporting Elevation of Privilege Vulnerability
CVE-2020-1021 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1082 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1088 No No Less Likely Less Likely Important 7.8 7.0
Windows Error Reporting Manager Elevation of Privilege Vulnerability
CVE-2020-1132 No No Less Likely Less Likely Important 7.0 6.3
Windows GDI Elevation of Privilege Vulnerability
CVE-2020-1142 No No Less Likely Less Likely Important 7.8 7.0
Windows GDI Information Disclosure Vulnerability
CVE-2020-0963 No No Less Likely Less Likely Important 5.5 5.0
CVE-2020-1179 No No Less Likely Less Likely Important
CVE-2020-1141 No No Less Likely Less Likely Important 5.5 5.0
CVE-2020-1145 No No Less Likely Less Likely Important 5.5 5.0
Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2020-1135 No No More Likely More Likely Important 7.8 7.0
Windows Hyper-V Denial of Service Vulnerability
CVE-2020-0909 No No Less Likely Less Likely Important 7.5 6.7
Windows Installer Elevation of Privilege Vulnerability
CVE-2020-1078 No No Less Likely Less Likely Important 7.8 7.0
Windows Kernel Elevation of Privilege Vulnerability
CVE-2020-1114 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1087 No No Less Likely Less Likely Important 7.8 7.0
Windows Kernel Information Disclosure Vulnerability
CVE-2020-1072 No No Less Likely Less Likely Important 5.5 5.0
Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2020-1048 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1070 No No Less Likely Less Likely Important 7.8 7.0
Windows Printer Service Elevation of Privilege Vulnerability
CVE-2020-1081 No No Less Likely Less Likely Important 7.8 7.0
Windows Push Notification Service Elevation of Privilege Vulnerability
CVE-2020-1137 No No Less Likely Less Likely Important 7.8 7.0
Windows Remote Access Common Dialog Elevation of Privilege Vulnerability
CVE-2020-1071 No No Less Likely Less Likely Important 6.8 6.1
Windows Remote Code Execution Vulnerability
CVE-2020-1067 No No Less Likely Less Likely Important 7.8 7.0
Windows Runtime Elevation of Privilege Vulnerability
CVE-2020-1149 No No Less Likely Less Likely Important 7.0 6.3
CVE-2020-1151 No No Less Likely Less Likely Important 7.0 6.3
CVE-2020-1155 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1156 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1157 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1158 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1077 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1086 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1090 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1125 No No Less Likely Less Likely Important 7.0 6.3
CVE-2020-1139 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1164 No No Less Likely Less Likely Important 7.0 6.3
Windows State Repository Service Elevation of Privilege Vulnerability
CVE-2020-1124 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1134 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1144 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1186 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1189 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1190 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1131 No No Less Likely Less Likely Important 5.5 5.0
CVE-2020-1184 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1185 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1187 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1188 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1191 No No Less Likely Less Likely Important 7.8 7.0
Windows Storage Service Elevation of Privilege Vulnerability
CVE-2020-1138 No No Less Likely Less Likely Important 7.0 6.3
Windows Subsystem for Linux Information Disclosure Vulnerability
CVE-2020-1075 No No Less Likely Less Likely Important 5.5 5.0
Windows Task Scheduler Security Feature Bypass Vulnerability
CVE-2020-1113 No No Less Likely Less Likely Important 5.3 4.8
Windows Update Stack Elevation of Privilege Vulnerability
CVE-2020-1110 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1109 No No Less Likely Less Likely Important 7.8 7.0