Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2020.0102 Microsoft Patch Tuesday update for Microsoft Extended Security Update products (May 2020) 13 May 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Internet Explorer 9 Windows 7 Windows Server 2008 Windows Server 2008 R2 Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Increased Privileges -- Existing Account Modify Arbitrary Files -- Existing Account Denial of Service -- Existing Account Read-only Data Access -- Existing Account Access Confidential Data -- Existing Account Administrator Compromise -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2020-1179 CVE-2020-1176 CVE-2020-1175 CVE-2020-1174 CVE-2020-1154 CVE-2020-1153 CVE-2020-1150 CVE-2020-1143 CVE-2020-1141 CVE-2020-1116 CVE-2020-1114 CVE-2020-1113 CVE-2020-1112 CVE-2020-1093 CVE-2020-1092 CVE-2020-1081 CVE-2020-1078 CVE-2020-1072 CVE-2020-1071 CVE-2020-1070 CVE-2020-1067 CVE-2020-1064 CVE-2020-1062 CVE-2020-1061 CVE-2020-1060 CVE-2020-1058 CVE-2020-1054 CVE-2020-1051 CVE-2020-1048 CVE-2020-1035 CVE-2020-1010 CVE-2020-0963 CVE-2020-0909 Member content until: Friday, June 12 2020 OVERVIEW Microsoft has released its monthly security patch update for the month of May 2020. This update resolves 33 vulnerabilities across the following products: [1] Internet Explorer 9 Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for Itanium-Based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2020-0909 Denial of Service Important CVE-2020-0963 Information Disclosure Important CVE-2020-1010 Elevation of Privilege Important CVE-2020-1035 Remote Code Execution Low CVE-2020-1048 Elevation of Privilege Important CVE-2020-1051 Remote Code Execution Important CVE-2020-1054 Elevation of Privilege Important CVE-2020-1058 Remote Code Execution Low CVE-2020-1060 Remote Code Execution Low CVE-2020-1061 Remote Code Execution Important CVE-2020-1062 Remote Code Execution Moderate CVE-2020-1064 Remote Code Execution Moderate CVE-2020-1067 Remote Code Execution Important CVE-2020-1070 Elevation of Privilege Important CVE-2020-1071 Elevation of Privilege Important CVE-2020-1072 Information Disclosure Important CVE-2020-1078 Elevation of Privilege Important CVE-2020-1081 Elevation of Privilege Important CVE-2020-1092 Remote Code Execution Low CVE-2020-1093 Remote Code Execution Moderate CVE-2020-1112 Elevation of Privilege Important CVE-2020-1113 Security Feature Bypass Important CVE-2020-1114 Elevation of Privilege Important CVE-2020-1116 Information Disclosure Important CVE-2020-1141 Information Disclosure Important CVE-2020-1143 Elevation of Privilege Important CVE-2020-1150 Remote Code Execution Important CVE-2020-1153 Remote Code Execution Critical CVE-2020-1154 Elevation of Privilege Important CVE-2020-1174 Remote Code Execution Important CVE-2020-1175 Remote Code Execution Important CVE-2020-1176 Remote Code Execution Important CVE-2020-1179 Information Disclosure Important MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1] KB4556854, KB4556860, KB4556836, KB4556798, KB4556843 REFERENCES [1] Security Update Guide https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXrs3XmaOgq3Tt24GAQgGuA//eogZsp3DeJJt+v2vxgfAfRKXWtzR62uA ivPqgmj9wfr9L+PVDDvZEsf78g3/imANOfM1G8iiQ1XRyG9I1wZSw7sfK84QgTce lMBgRUBvvvLBcBLtzx3rE5aRksA+vv4xyA/VIIaN2Wfbx/QUojZDJySvQ+nqfyun 2hkdvzn74QanEGTS1P1bq4jhfIP87wTWb1swjkt52+h7UAp8+07c5kXyfoxBvxPo eXPC5wWbfHjHarYq87++Ax9xz/PbOGCSeTcVFYIzl5QX9ntn52z8HZq34VHyLMJq v4eeRz5Aro+7++xRWef2vsPcxpjaBpKILX2JMa850+5eCfNJ6wssGjmGO0OLq9hX 4EjP4lPAMCDK6pKgo62jXB8VRifD4TCmb9/FZ7slU1Lb9KjJPAf56Qg1ukdfPJvC uQtOB7pl9CBSR2K1YqHtY+6s2toegBF5/q1ZhF491C6lsjz75CWrmcvuFQOmRcnJ wFa2XiYSE1weav2Aj7YLl7vsqObf0+xjFdgZ4C94Kn6NQJqRsGx9mPBgfMR4WQQW VllJfbLJo3zY1DTJmDrrvJC60rnm+9aRAIHSmf0rAF/FKuNSdKUvpBev0/KWSpim kOpaRP05ee1+4XrJLvzIP5fW9QLSIAQSHaVYkF0M/r/c07Cqf8/Bicqw7c44OqSx Cy1W3XpAkyU= =fFAN -----END PGP SIGNATURE-----