D

on't miss a single vulnerability this Patch Tuesday. The latest patches and updates from Microsoft and multiple third-party applications can be found in May's Patch Tuesday Index below. Ensure you're minimizing your attack surface by joining our Automating Patch Tuesday Webinar this Wednesday. Patch Tuesday expert Jay Goodman will give recommended remediation strategies for current vulnerabilities and exploits.

May Patch Tuesday: Microsoft released 111 total CVEs, with 16 listed as critical. Earlier in the month, they released advisories ADV200004 and ADV200007 affecting Autodesk FBX library software and OpenSSL, respectively.

We've included security updates released between last Patch Tuesday and this one, including advisories for Adobe Bridge, Illustrator, Magento, Acrobat and Reader, and DNG Software Development Kit. Mozilla released three critical security advisories for Firefox 76, Firefox ESR 68.8, and Thunderbird 68.8.0 as well as one moderate advisory for Firefox for iOS 25.

Updated Live. Last Update 1:03 PM EST May 12 2020.

firefoxAdobe
Product
Title
Identifier
Severity
Adobe Bridge 17 Security Vulnerabilities fixed in Adobe Bridge APSB20-19 Critical
Adobe Illustrator 5 Security Vulnerabilities fixed in Adobe Illustrator APSB20-20 Critical
Adobe Magento 13 Security Vulnerabilities fixed in Adobe Magento APSB20-22 Critical
Adobe Acrobat and Reader 24 Security Vulnerabilities fixed in Adobe Acrobat and Reader APSB20-24 Critical
Adobe DNG Software Development Kit 12 Security Vulnerabilities fixed in Adobe DNG SDK APSB20-26 Critical
firefoxMozilla Firefox
Product
Title
Identifier
Severity
Firefox for iOS 25 1 Security Vulnerability fixed in Firefox for iOS 25 MFSA 2020-15 Medium
Firefox 76 11 Security Vulnerabilities fixed in Firefox 76 MFSA 2020-16 Critical
Firefox ESR 68.8 7 Security Vulnerabilities fixed in Firefox ESR 68.8 MFSA 2020-17 Critical
Thunderbird 68.8.0 6 Security Vulnerabilities fixed in Thunderbird 68.8.0 MFSA 2020-18 Critical
microsoftMicrosoft
Product
Title
Identifier
Severity
Visual Studio Visual Studio Code Python Extension Remote Code Execution Vulnerability CVE-2020-1192 Critical
.NET Core ASP.NET Core Denial of Service Vulnerability CVE-2020-1161 High
.NET Core .NET Core Denial of Service Vulnerability CVE-2020-1108 High
.NET Framework .NET Framework Elevation of Privilege Vulnerability CVE-2020-1066 High
Active Directory Windows Remote Code Execution Vulnerability CVE-2020-1067 High
Active Directory Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability CVE-2020-1055 High
Common Log File System Driver Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2020-1154 High
Internet Explorer Internet Explorer Memory Corruption Vulnerability CVE-2020-1062 Critical
Internet Explorer MSHTML Engine Remote Code Execution Vulnerability CVE-2020-1064 Critical
Internet Explorer Internet Explorer Memory Corruption Vulnerability CVE-2020-1092 High
Internet Explorer VBScript Remote Code Execution Vulnerability CVE-2020-1093 Critical
Microsoft Dynamics Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability CVE-2020-1063 High
Microsoft Edge Microsoft Edge PDF Remote Code Execution Vulnerability CVE-2020-1096 High
Microsoft Edge Microsoft Edge Spoofing Vulnerability CVE-2020-1059 High
Microsoft Edge Microsoft Edge Elevation of Privilege Vulnerability CVE-2020-1056 Critical
Microsoft Graphics Component Windows Graphics Component Elevation of Privilege Vulnerability CVE-2020-1135 High
Microsoft Graphics Component DirectX Elevation of Privilege Vulnerability CVE-2020-1140 High
Microsoft Graphics Component Windows GDI Elevation of Privilege Vulnerability CVE-2020-1142 High
Microsoft Graphics Component Windows GDI Information Disclosure Vulnerability CVE-2020-1145 High
Microsoft Graphics Component Windows GDI Information Disclosure Vulnerability CVE-2020-1141 High
Microsoft Graphics Component Microsoft Graphics Components Remote Code Execution Vulnerability CVE-2020-1153 Critical
Microsoft Graphics Component Win32k Elevation of Privilege Vulnerability CVE-2020-1054 High
Microsoft Graphics Component Windows GDI Information Disclosure Vulnerability CVE-2020-1179 High
Microsoft Graphics Component Windows GDI Information Disclosure Vulnerability CVE-2020-0963 High
Microsoft Graphics Component Microsoft Color Management Remote Code Execution Vulnerability CVE-2020-1117 Critical
Microsoft JET Database Engine Jet Database Engine Remote Code Execution Vulnerability CVE-2020-1174 High
Microsoft JET Database Engine Jet Database Engine Remote Code Execution Vulnerability CVE-2020-1175 High
Microsoft JET Database Engine Jet Database Engine Remote Code Execution Vulnerability CVE-2020-1176 High
Microsoft JET Database Engine Jet Database Engine Remote Code Execution Vulnerability CVE-2020-1051 High
Microsoft Office Microsoft Excel Remote Code Execution Vulnerability CVE-2020-0901 High
Microsoft Office SharePoint Microsoft SharePoint Remote Code Execution Vulnerability CVE-2020-1024 Critical
Microsoft Office SharePoint Microsoft Office SharePoint XSS Vulnerability CVE-2020-1101 High
Microsoft Office SharePoint Microsoft Office SharePoint XSS Vulnerability CVE-2020-1099 High
Microsoft Office SharePoint Microsoft SharePoint Spoofing Vulnerability CVE-2020-1105 High
Microsoft Office SharePoint Microsoft Office SharePoint XSS Vulnerability CVE-2020-1106 High
Microsoft Office SharePoint Microsoft SharePoint Spoofing Vulnerability CVE-2020-1107 High
Microsoft Office SharePoint Microsoft SharePoint Server Remote Code Execution Vulnerability CVE-2020-1069 Critical
Microsoft Office SharePoint Microsoft Office SharePoint XSS Vulnerability CVE-2020-1100 High
Microsoft Office SharePoint Microsoft SharePoint Spoofing Vulnerability CVE-2020-1104 High
Microsoft Office SharePoint Microsoft SharePoint Remote Code Execution Vulnerability CVE-2020-1023 Critical
Microsoft Office SharePoint Microsoft SharePoint Information Disclosure Vulnerability CVE-2020-1103 High
Microsoft Office SharePoint Microsoft SharePoint Remote Code Execution Vulnerability CVE-2020-1102 Critical
Microsoft Scripting Engine VBScript Remote Code Execution Vulnerability CVE-2020-1060 High
Microsoft Scripting Engine VBScript Remote Code Execution Vulnerability CVE-2020-1058 High
Microsoft Scripting Engine Chakra Scripting Engine Memory Corruption Vulnerability CVE-2020-1037 Critical
Microsoft Scripting Engine Scripting Engine Memory Corruption Vulnerability CVE-2020-1065 Critical
Microsoft Scripting Engine VBScript Remote Code Execution Vulnerability CVE-2020-1035 High
Microsoft Windows Windows State Repository Service Elevation of Privilege Vulnerability CVE-2020-1184 High
Microsoft Windows Windows State Repository Service Elevation of Privilege Vulnerability CVE-2020-1185 High
Microsoft Windows Windows State Repository Service Elevation of Privilege Vulnerability CVE-2020-1187 High
Microsoft Windows Windows Runtime Elevation of Privilege Vulnerability CVE-2020-1090 High
Microsoft Windows Windows Error Reporting Elevation of Privilege Vulnerability CVE-2020-1088 High
Microsoft Windows Windows Runtime Elevation of Privilege Vulnerability CVE-2020-1086 High
Microsoft Windows Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability CVE-2020-1112 High
Microsoft Windows Windows Clipboard Service Elevation of Privilege Vulnerability CVE-2020-1121 High
Microsoft Windows Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability CVE-2020-1123 High
Microsoft Windows Windows Runtime Elevation of Privilege Vulnerability CVE-2020-1125 High
Microsoft Windows Windows Clipboard Service Elevation of Privilege Vulnerability CVE-2020-1166 High
Microsoft Windows Windows State Repository Service Elevation of Privilege Vulnerability CVE-2020-1131 High
Microsoft Windows Windows Error Reporting Manager Elevation of Privilege Vulnerability CVE-2020-1132 High
Microsoft Windows Windows Clipboard Service Elevation of Privilege Vulnerability CVE-2020-1165 High
Microsoft Windows Media Foundation Memory Corruption Vulnerability CVE-2020-1136 Critical
Microsoft Windows Windows Runtime Elevation of Privilege Vulnerability CVE-2020-1139 High
Microsoft Windows Windows Runtime Elevation of Privilege Vulnerability CVE-2020-1164 High
Microsoft Windows Windows Clipboard Service Elevation of Privilege Vulnerability CVE-2020-1111 High
Microsoft Windows Windows Error Reporting Elevation of Privilege Vulnerability CVE-2020-1082 High
Microsoft Windows Windows State Repository Service Elevation of Privilege Vulnerability CVE-2020-1189 High
Microsoft Windows Microsoft Windows Elevation of Privilege Vulnerability CVE-2020-1079 High
Microsoft Windows Windows Storage Service Elevation of Privilege Vulnerability CVE-2020-1138 High
Microsoft Windows Windows Printer Service Elevation of Privilege Vulnerability CVE-2020-1081 High
Microsoft Windows Windows State Repository Service Elevation of Privilege Vulnerability CVE-2020-1134 High
Microsoft Windows Media Foundation Memory Corruption Vulnerability CVE-2020-1126 Critical
Microsoft Windows Windows State Repository Service Elevation of Privilege Vulnerability CVE-2020-1124 High
Microsoft Windows Microsoft Windows Transport Layer Security Denial of Service Vulnerability CVE-2020-1118 High
Microsoft Windows Windows CSRSS Information Disclosure Vulnerability CVE-2020-1116 High
Microsoft Windows Connected User Experiences and Telemetry Service Denial of Service Vulnerability CVE-2020-1084 High
Microsoft Windows Windows Installer Elevation of Privilege Vulnerability CVE-2020-1078 High
Microsoft Windows Windows Denial of Service Vulnerability CVE-2020-1076 High
Microsoft Windows Windows Remote Access Common Dialog Elevation of Privilege Vulnerability CVE-2020-1071 High
Microsoft Windows Windows Print Spooler Elevation of Privilege Vulnerability CVE-2020-1048 High
Microsoft Windows Microsoft Windows Elevation of Privilege Vulnerability CVE-2020-1010 High
Microsoft Windows Media Foundation Memory Corruption Vulnerability CVE-2020-1028 Critical
Microsoft Windows Windows Error Reporting Elevation of Privilege Vulnerability CVE-2020-1021 High
Microsoft Windows Win32k Elevation of Privilege Vulnerability CVE-2020-1143 High
Microsoft Windows Windows State Repository Service Elevation of Privilege Vulnerability CVE-2020-1144 High
Microsoft Windows Windows Push Notification Service Elevation of Privilege Vulnerability CVE-2020-1137 High
Microsoft Windows Media Foundation Memory Corruption Vulnerability CVE-2020-1150 High
Microsoft Windows Windows Runtime Elevation of Privilege Vulnerability CVE-2020-1077 High
Microsoft Windows Windows Kernel Information Disclosure Vulnerability CVE-2020-1072 High
Microsoft Windows Windows Print Spooler Elevation of Privilege Vulnerability CVE-2020-1070 High
Microsoft Windows Microsoft Windows Elevation of Privilege Vulnerability CVE-2020-1068 High
Microsoft Windows Windows Runtime Elevation of Privilege Vulnerability CVE-2020-1149 High
Microsoft Windows Windows State Repository Service Elevation of Privilege Vulnerability CVE-2020-1188 High
Microsoft Windows Windows State Repository Service Elevation of Privilege Vulnerability CVE-2020-1190 High
Microsoft Windows Windows State Repository Service Elevation of Privilege Vulnerability CVE-2020-1191 High
Microsoft Windows Windows Runtime Elevation of Privilege Vulnerability CVE-2020-1151 High
Microsoft Windows Windows Runtime Elevation of Privilege Vulnerability CVE-2020-1155 High
Microsoft Windows Windows Runtime Elevation of Privilege Vulnerability CVE-2020-1158 High
Microsoft Windows Windows Runtime Elevation of Privilege Vulnerability CVE-2020-1157 High
Microsoft Windows Windows Runtime Elevation of Privilege Vulnerability CVE-2020-1156 High
Microsoft Windows Windows State Repository Service Elevation of Privilege Vulnerability CVE-2020-1186 High
Power BI Microsoft Power BI Report Server Spoofing Vulnerability CVE-2020-1173 High
Visual Studio Visual Studio Code Python Extension Remote Code Execution Vulnerability CVE-2020-1171 High
Windows Hyper-V Windows Hyper-V Denial of Service Vulnerability CVE-2020-0909 High
Windows Kernel Windows Kernel Elevation of Privilege Vulnerability CVE-2020-1087 High
Windows Kernel Windows Kernel Elevation of Privilege Vulnerability CVE-2020-1114 High
Windows Scripting Microsoft Script Runtime Remote Code Execution Vulnerability CVE-2020-1061 High
Windows Subsystem for Linux Windows Subsystem for Linux Information Disclosure Vulnerability CVE-2020-1075 High
Windows Task Scheduler Windows Task Scheduler Security Feature Bypass Vulnerability CVE-2020-1113 High
Windows Update Stack Windows Update Stack Elevation of Privilege Vulnerability CVE-2020-1109 High
Windows Update Stack Windows Update Stack Elevation of Privilege Vulnerability CVE-2020-1110 High

About Automox

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.

# of endpoints

15-day free trial. No credit card required.

By submitting this form you agree to our terms of service.

Already have an account?