Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2020.0095 Microsoft Patch Tuesday update for Windows for May 2020 13 May 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Windows Operating System: Windows Impact/Access: Root Compromise -- Existing Account Execute Arbitrary Code/Commands -- Remote with User Interaction Increased Privileges -- Remote with User Interaction Cross-site Scripting -- Remote with User Interaction Denial of Service -- Existing Account Provide Misleading Information -- Existing Account Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2020-1191 CVE-2020-1190 CVE-2020-1189 CVE-2020-1188 CVE-2020-1187 CVE-2020-1186 CVE-2020-1185 CVE-2020-1184 CVE-2020-1179 CVE-2020-1176 CVE-2020-1175 CVE-2020-1174 CVE-2020-1166 CVE-2020-1165 CVE-2020-1164 CVE-2020-1158 CVE-2020-1157 CVE-2020-1156 CVE-2020-1155 CVE-2020-1154 CVE-2020-1153 CVE-2020-1151 CVE-2020-1149 CVE-2020-1145 CVE-2020-1144 CVE-2020-1143 CVE-2020-1142 CVE-2020-1141 CVE-2020-1140 CVE-2020-1139 CVE-2020-1138 CVE-2020-1137 CVE-2020-1136 CVE-2020-1135 CVE-2020-1134 CVE-2020-1132 CVE-2020-1131 CVE-2020-1126 CVE-2020-1125 CVE-2020-1124 CVE-2020-1123 CVE-2020-1121 CVE-2020-1118 CVE-2020-1117 CVE-2020-1116 CVE-2020-1114 CVE-2020-1113 CVE-2020-1112 CVE-2020-1111 CVE-2020-1110 CVE-2020-1109 CVE-2020-1090 CVE-2020-1088 CVE-2020-1087 CVE-2020-1086 CVE-2020-1084 CVE-2020-1082 CVE-2020-1081 CVE-2020-1079 CVE-2020-1078 CVE-2020-1077 CVE-2020-1076 CVE-2020-1075 CVE-2020-1072 CVE-2020-1071 CVE-2020-1070 CVE-2020-1068 CVE-2020-1067 CVE-2020-1061 CVE-2020-1055 CVE-2020-1054 CVE-2020-1051 CVE-2020-1048 CVE-2020-1028 CVE-2020-1021 CVE-2020-1010 CVE-2020-0963 CVE-2020-0909 Member content until: Friday, June 12 2020 Reference: ESB-2020.1596 ESB-2020.1547 ESB-2020.1418 ESB-2020.1357 ESB-2020.1349 OVERVIEW Microsoft has released its monthly security patch update for the month of May 2020. This update resolves 78 vulnerabilities across the following products: [1] Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1709 for 32-bit Systems Windows 10 Version 1709 for ARM64-based Systems Windows 10 Version 1709 for x64-based Systems Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1903 for 32-bit Systems Windows 10 Version 1903 for ARM64-based Systems Windows 10 Version 1903 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2019 Windows Server 2019 (Server Core installation) IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2020-0909 Denial of Service Important CVE-2020-0963 Information Disclosure Important CVE-2020-1010 Elevation of Privilege Important CVE-2020-1021 Elevation of Privilege Important CVE-2020-1028 Remote Code Execution Critical CVE-2020-1048 Elevation of Privilege Important CVE-2020-1051 Remote Code Execution Important CVE-2020-1054 Elevation of Privilege Important CVE-2020-1055 Spoofing Important CVE-2020-1061 Remote Code Execution Important CVE-2020-1067 Remote Code Execution Important CVE-2020-1068 Elevation of Privilege Important CVE-2020-1070 Elevation of Privilege Important CVE-2020-1071 Elevation of Privilege Important CVE-2020-1072 Information Disclosure Important CVE-2020-1075 Information Disclosure Important CVE-2020-1076 Denial of Service Important CVE-2020-1077 Elevation of Privilege Important CVE-2020-1078 Elevation of Privilege Important CVE-2020-1079 Elevation of Privilege Important CVE-2020-1081 Elevation of Privilege Important CVE-2020-1082 Elevation of Privilege Important CVE-2020-1084 Denial of Service Important CVE-2020-1086 Elevation of Privilege Important CVE-2020-1087 Elevation of Privilege Important CVE-2020-1088 Elevation of Privilege Important CVE-2020-1090 Elevation of Privilege Important CVE-2020-1109 Elevation of Privilege Important CVE-2020-1110 Elevation of Privilege Important CVE-2020-1111 Elevation of Privilege Important CVE-2020-1112 Elevation of Privilege Important CVE-2020-1113 Security Feature Bypass Important CVE-2020-1114 Elevation of Privilege Important CVE-2020-1116 Information Disclosure Important CVE-2020-1117 Remote Code Execution Critical CVE-2020-1118 Denial of Service Important CVE-2020-1121 Elevation of Privilege Important CVE-2020-1123 Denial of Service Important CVE-2020-1124 Elevation of Privilege Important CVE-2020-1125 Elevation of Privilege Important CVE-2020-1126 Remote Code Execution Critical CVE-2020-1131 Elevation of Privilege Important CVE-2020-1132 Elevation of Privilege Important CVE-2020-1134 Elevation of Privilege Important CVE-2020-1135 Elevation of Privilege Important CVE-2020-1136 Remote Code Execution Critical CVE-2020-1137 Elevation of Privilege Important CVE-2020-1138 Elevation of Privilege Important CVE-2020-1139 Elevation of Privilege Important CVE-2020-1140 Elevation of Privilege Important CVE-2020-1141 Information Disclosure Important CVE-2020-1142 Elevation of Privilege Important CVE-2020-1143 Elevation of Privilege Important CVE-2020-1144 Elevation of Privilege Important CVE-2020-1145 Information Disclosure Important CVE-2020-1149 Elevation of Privilege Important CVE-2020-1151 Elevation of Privilege Important CVE-2020-1153 Remote Code Execution Critical CVE-2020-1154 Elevation of Privilege Important CVE-2020-1155 Elevation of Privilege Important CVE-2020-1156 Elevation of Privilege Important CVE-2020-1157 Elevation of Privilege Important CVE-2020-1158 Elevation of Privilege Important CVE-2020-1164 Elevation of Privilege Important CVE-2020-1165 Elevation of Privilege Important CVE-2020-1166 Elevation of Privilege Important CVE-2020-1174 Remote Code Execution Important CVE-2020-1175 Remote Code Execution Important CVE-2020-1176 Remote Code Execution Important CVE-2020-1179 Information Disclosure Important CVE-2020-1184 Elevation of Privilege Important CVE-2020-1185 Elevation of Privilege Important CVE-2020-1186 Elevation of Privilege Important CVE-2020-1187 Elevation of Privilege Important CVE-2020-1188 Elevation of Privilege Important CVE-2020-1189 Elevation of Privilege Important CVE-2020-1190 Elevation of Privilege Important CVE-2020-1191 Elevation of Privilege Important MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1] KB4556807, KB4556846, KB4556826, KB4556853, KB4556813 KB4556840, KB4551853, KB4556799, KB4556852, KB4556812 REFERENCES [1] Security Update Guide https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXrsr9GaOgq3Tt24GAQjyYw/7BkE9bccAeDCbd4AwVNOBfd9LP6Ac76J5 qAz4SIycLhvtRRvJG3pJfyIuNLOqO776Xdw1OQSioLOFpdvVRrL5aLFbVLzhgNfT L1SWSOohdovUYX+XBlq1PxVoSXXg/JIqpPExeIvAjDYR6Q+PxA4xyNxtcKX+IBLX LMfC/YTAjAfOCz1cHH7ce7WTh9Oi9B7i+8alptu4kWByNImezlv7k2D94zSXd7zA /OHuPcsOx/IiZQ8T41kVVG8GpoZv87ROPzFCm/pAIMVl/vm0OBqw+CCqFpC+fqf8 v1IBw97M2ITKYY2+RKpDdqgfIAJ6AMGMYg0Q6N8e2U18gG/K0sWaZ96li193NgUE LP67HnVug3vBCUKpyltbb224Y8+qSM61TwfB8R8GaKOS5+GJc2SksEw/NKtMUOAT LaV33RfxAIdOz+5rLTDBN4KBgB52CwCU1KmPpn/aFvlzwo2t7X0qTkp8RVoArJOo ZWLdshAAG953CdmjhgxlsJA7ZQlvb+4nw3ZKP4FFOnQVsIpoQeXHaw536QDe0e/0 4QA2IeVbJdSk4v4iEMqcqIUqcSSnRI2xl+/88k7b3MXZU3coVljgVes/5yOmV2wx XDkRt7x059bB7JrjGgVTJeeTd/4aNDzyNuUGSh4+R1o5GK01Mhyczc63uSZwhz7S NrJFN+jB3HY= =69WR -----END PGP SIGNATURE-----