Patch Tuesday: Microsoft Fixes 111 Vulnerabilities. Some Allow Remote Code Execution and Admin Rights Abuse
This is the third-largest batch in Microsoft’s history
The May 2020 Patch Tuesday security updates have recently been released, with 111 patched vulnerabilities related to 12 different Microsoft products, such as Windows, Edge, Visual Studio, and the .NET Framework. The tech giant issued 115 patches in March and 113 in April this year and the May 2020 edition turned out to be the third-largest Patch Tuesday ever seen. This month’s batch did not contain any zero-days.
As always, HeimdalTM Security advises you to apply these patches at your earliest convenience. None of the bugs have been identified as being actively exploited or mentioned until now. Still, if you’re running Windows on your endpoints, it’s high time to get these security flaws patched.
Read on to learn more about the May 2020 Patch Tuesday.
May’s 2020 batch of Microsoft patches, the third-biggest ever released
May is the third month in a row when Microsoft rolled out patches on its operating system and associated software for more than 110 security vulnerabilities. Luckily, there don’t seem to be any zero-day vulnerabilities to be fixed. However, there are certain bugs in Windows that need to be kept in mind and addressed.
At least 16 of the vulnerabilities are marked as “Critical,” indicating they can be abused by cybercriminals to install malware or gain remote control of compromised systems with little to no user intervention.
Significant vulnerabilities to be noted
Below we’ve listed a few instances you should consider.
This month, Microsoft fixed three critical Microsoft Edge vulnerabilities which could enable intruders to execute remote code by tricking users into visiting their specially created website. If abused, these flaws might allow malicious hackers to execute commands with full admin rights on the targeted device. At the same time, a bug in the Color Management Module (ICM32.dll) allows code execution after cybercriminals would have fooled users into accessing infected websites. Also, a remote code execution vulnerability can be noticed in Windows.
- CVE-2020-1056 | Microsoft Edge Elevation of Privilege Vulnerability
Under this scenario, there is an elevation of privilege risk as Microsoft Edge does not fully implement cross-domain policies, which could enable intruders to access and inject data from one domain into another.
Attackers would have to host a malicious website used to exploit the vulnerability. In any case, though, intruders will have no means to force users to access information that is manipulated by the criminals and they would have to trick people into clicking a link that redirects the victims to the attackers’ website.
An intruder who abuses this flaw successfully can escalate privileges in affected versions of Microsoft Edge. This security update addresses the vulnerability by making sure Microsoft Edge enforces cross-domain policies correctly.
- CVE-2020-1059 | Microsoft Edge Spoofing Vulnerability
Should attackers convince users to access a malicious link, the attackers’ website “could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services”.
This patch fixes a bug by changing how HTTP responses are parsed via Microsoft Edge.
- CVE-2020-1096 | Microsoft Edge PDF Remote Code Execution Vulnerability
The CVE-2020-1096 vulnerability refers to the way Microsoft Edge handles objects in memory. More precisely, this vulnerability has the potential to corrupt memory, enabling malicious actors to execute arbitrary code on the machine.
Once successfully exploited, the bug would allow attackers to obtain the same user rights as the victim. Should the current user be logged on with full admin rights, the cybercriminal could completely take over the affected endpoint and perform malicious actions.
This kind of attack could be triggered if users are tricked into accessing the attackers’ website, where malicious PDF content would have to be stored.
- CVE-2020-1117 | Microsoft Color Management Remote Code Execution Vulnerability
This bug is connected to the faulty way in which the Color Management Module (ICM32.dll) handles objects in memory. Users with full admin rights are heavily impacted, since the vulnerability would permit malicious hackers to completely take control of the targeted systems, allowing them to “install programs; view, change, or delete data; or create new accounts with full user rights”.
Similar to the abovementioned attack scenarios leveraged by this Patch Tuesday’s addressed vulnerabilities, in this case, users would also have to be fooled into entering malicious websites belonging to the attackers or opening infected email attachments.
- CVE-2020-1067 | Windows Remote Code Execution Vulnerability
The newly released security update corrects the improper way in which Windows handles objects in memory. An intruder who effectively abused the flaw would able to run arbitrary code with elevated rights on a targeted machine. The attacker who has a domain user account may craft a specially designed request to exploit the bug, enabling Windows to run arbitrary code with elevated permissions.
Did you know that 100% of vulnerabilities in Microsoft browsers and 93% in Windows OS can be mitigated by removing local admin rights?
Our unique privileged access management (PAM) tool, Thor AdminPrivilege™, allows you to efficiently manage admin rights inside your organization. It is the only solution that enables you to both escalate and de-escalate user privileges and the only tool that automatically de-escalates user rights on infected endpoints (when used in tandem with the Enterprise version of Thor Foresight, Thor Vigilance or Thor Premium).
System admins waste 30% of their time manually managing user rights or installations.
which frees up huge chunks of sys-admin time.
- Automate the elevation of admin rights on request;
- Approve or reject escalations with one click;
- Provide a full audit trail into user behavior;
- Automatically de-escalate on infection;
We would also like to remind you that many of the bugs patched in today’s Microsoft patch batch impact Windows 7 operating systems, which no longer receive security updates unless your company has signed up for the Microsoft’s Windows 7 Extended Security Updates (ESU) paid service. If you are still running Windows 7 on any of your devices, HeimdalTM Security advises you to upgrade to Windows 10.
All of our Thor Foresight Enterprise and X-Ploit Resilience customers are always being provisioned in a timely manner with the latest Microsoft patches (both Windows and 3rd party) in a timely manner. Our automated patch management solution allowed our customers to install 27% of all patches as soon as they were released (the rest were delayed based on each customer’s deployment policy rules).
Sign up for a free demo to learn how automated patch management can add a powerful layer of defense to your organization.
Antivirus is no longer enough to keep an organization’s systems secure.
Thor Foresight Enterprise
before they reach your system.
- Machine learning powered scans for all incoming online traffic;
- Stops data breaches before sensitive info can be exposed to the outside;
- Automatic patches for your software and apps with no interruptions;
- Protection against data leakage, APTs, ransomware and exploits;