Patch Tuesday (May 2020): Microsoft Fixes 111 Vulnerabilities

The May 2020 Patch Tuesday security updates have recently been released, with 111 patched vulnerabilities related to 12 different Microsoft products, such as Windows, Edge, Visual Studio, and the .NET Framework. The tech giant issued 115 patches in March and 113 in April this year and the May 2020 edition turned out to be the third-largest Patch Tuesday ever seen. This month’s batch did not contain any zero-days.

As always, Heimdal^TM Security advises you to apply these patches at your earliest convenience. None of the bugs have been identified as being actively exploited or mentioned until now. Still, if you’re running Windows on your endpoints, it’s high time to get these security flaws patched.

Read on to learn more about the May 2020 Patch Tuesday.

May’s 2020 batch of Microsoft patches, the third-biggest ever released

May is the third month in a row when Microsoft rolled out patches on its operating system and associated software for more than 110 security vulnerabilities. Luckily, there don’t seem to be any zero-day vulnerabilities to be fixed. However, there are certain bugs in Windows that need to be kept in mind and addressed.

At least 16 of the vulnerabilities are marked as “Critical,” indicating they can be abused by cybercriminals to install malware or gain remote control of compromised systems with little to no user intervention.

Significant vulnerabilities to be noted

Below we’ve listed a few instances you should consider.

This month, Microsoft fixed three critical Microsoft Edge vulnerabilities which could enable intruders to execute remote code by tricking users into visiting their specially created website. If abused, these flaws might allow malicious hackers to execute commands with full admin rights on the targeted device. At the same time, a bug in the Color Management Module (ICM32.dll) allows code execution after cybercriminals would have fooled users into accessing infected websites. Also, a remote code execution vulnerability can be noticed in Windows.

• CVE-2020-1056 | Microsoft Edge Elevation of Privilege Vulnerability

Under this scenario, there is an elevation of privilege risk as Microsoft Edge does not fully implement cross-domain policies, which could enable intruders to access and inject data from one domain into another.

Attackers would have to host a malicious website used to exploit the vulnerability. In any case, though, intruders will have no means to force users to access information that is manipulated by the criminals and they would have to trick people into clicking a link that redirects the victims to the attackers’ website.

An intruder who abuses this flaw successfully can escalate privileges in affected versions of Microsoft Edge. This security update addresses the vulnerability by making sure Microsoft Edge enforces cross-domain policies correctly.

• CVE-2020-1059 | Microsoft Edge Spoofing Vulnerability

Should attackers convince users to access a malicious link, the attackers’ website “could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services”.

This patch fixes a bug by changing how HTTP responses are parsed via Microsoft Edge.

• CVE-2020-1096 | Microsoft Edge PDF Remote Code Execution Vulnerability

The CVE-2020-1096 vulnerability refers to the way Microsoft Edge handles objects in memory. More precisely, this vulnerability has the potential to corrupt memory, enabling malicious actors to execute arbitrary code on the machine.

Once successfully exploited, the bug would allow attackers to obtain the same user rights as the victim. Should the current user be logged on with full admin rights, the cybercriminal could completely take over the affected endpoint and perform malicious actions.

This kind of attack could be triggered if users are tricked into accessing the attackers’ website, where malicious PDF content would have to be stored.

• CVE-2020-1117 | Microsoft Color Management Remote Code Execution Vulnerability

This bug is connected to the faulty way in which the Color Management Module (ICM32.dll) handles objects in memory. Users with full admin rights are heavily impacted, since the vulnerability would permit malicious hackers to completely take control of the targeted systems, allowing them to “install programs; view, change, or delete data; or create new accounts with full user rights”.

Similar to the abovementioned attack scenarios leveraged by Patch Tuesday’s addressed vulnerabilities, in this case, users would also have to be fooled into entering malicious websites belonging to the attackers or opening infected email attachments.

• CVE-2020-1067 | Windows Remote Code Execution Vulnerability

The newly released security update corrects the improper way in which Windows handles objects in memory. An intruder who effectively abused the flaw would able to run arbitrary code with elevated rights on a targeted machine. The attacker who has a domain user account may craft a specially designed request to exploit the bug, enabling Windows to run arbitrary code with elevated permissions.

Did you know that 100% of vulnerabilities in Microsoft browsers and 93% in Windows OS can be mitigated by removing local admin rights?

Our unique privileged access management (PAM) tool, Heimdal™ Privileged Access Management, allows you to efficiently manage admin rights inside your organization. It is the only solution that enables you to both escalate and de-escalate user privileges and the only tool that automatically de-escalates user rights on infected endpoints (when used in tandem with the Enterprise version of Heimdal™ Threat Prevention, Heimdal™ Next-Gen Antivirus & MDM​, or Enterprise Endpoint Security).

System admins waste 30% of their time manually managing user rights or installations

Heimdal® Privileged Access Management

Is the automatic PAM solution that makes everything easier.

• Automate the elevation of admin rights on request;
• Approve or reject escalations with one click;
• Provide a full audit trail into user behavior;
• Automatically de-escalate on infection;

Try it for FREE today 30-day Free Trial. Offer valid only for companies.

Bottom Line

We would also like to remind you that many of the bugs patched in today’s Microsoft patch batch impact Windows 7 operating systems, which no longer receive security updates unless your company has signed up for Microsoft’s Windows 7 Extended Security Updates (ESU) paid service. If you are still running Windows 7 on any of your devices, Heimdal^TM Security advises you to upgrade to Windows 10.

All of our Heimdal™ Threat Prevention and Heimdal™ Patch & Asset Management customers are always being provisioned in a timely manner with the latest Microsoft patches (both Windows and 3^rd party). Our automated patch management solution allowed our customers to install 27% of all patches as soon as they were released (the rest were delayed based on each customer’s deployment policy rules).

Sign up for a free demo to learn how automated patch management can add a powerful layer of defense to your organization.

Antivirus is no longer enough to keep an organization’s systems secure.

Heimdal® Threat Prevention - Endpoint

Is our next gen proactive shield that stops unknown threats before they reach your system.

• Machine learning powered scans for all incoming online traffic;
• Stops data breaches before sensitive info can be exposed to the outside;
• Advanced DNS, HTTP and HTTPS filtering for all your endpoints;
• Protection against data leakage, APTs, ransomware and exploits;

Try it for FREE today 30-day Free Trial. Offer valid only for companies.