Hash: SHA256

                         AUSCERT Security Bulletin

           Microsoft Patch Tuesday update for Microsoft Extended
                    Security Update products (May 2020)
                                13 May 2020


        AusCERT Security Bulletin Summary

Product:              Internet Explorer 9
                      Windows 7
                      Windows Server 2008
                      Windows Server 2008 R2
Operating System:     Windows
Impact/Access:        Execute Arbitrary Code/Commands -- Remote with User Interaction
                      Increased Privileges            -- Existing Account            
                      Modify Arbitrary Files          -- Existing Account            
                      Denial of Service               -- Existing Account            
                      Read-only Data Access           -- Existing Account            
                      Access Confidential Data        -- Existing Account            
                      Administrator Compromise        -- Existing Account            
Resolution:           Patch/Upgrade
CVE Names:            CVE-2020-1179 CVE-2020-1176 CVE-2020-1175
                      CVE-2020-1174 CVE-2020-1154 CVE-2020-1153
                      CVE-2020-1150 CVE-2020-1143 CVE-2020-1141
                      CVE-2020-1116 CVE-2020-1114 CVE-2020-1113
                      CVE-2020-1112 CVE-2020-1093 CVE-2020-1092
                      CVE-2020-1081 CVE-2020-1078 CVE-2020-1072
                      CVE-2020-1071 CVE-2020-1070 CVE-2020-1067
                      CVE-2020-1064 CVE-2020-1062 CVE-2020-1061
                      CVE-2020-1060 CVE-2020-1058 CVE-2020-1054
                      CVE-2020-1051 CVE-2020-1048 CVE-2020-1035
                      CVE-2020-1010 CVE-2020-0963 CVE-2020-0909
Member content until: Friday, June 12 2020


        Microsoft has released its monthly security patch update for the month of May 2020.
        This update resolves 33 vulnerabilities across the following products: [1]
         Internet Explorer 9
         Windows 7 for 32-bit Systems Service Pack 1
         Windows 7 for x64-based Systems Service Pack 1
         Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
         Windows Server 2008 R2 for x64-based Systems Service Pack 1
         Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
         Windows Server 2008 for 32-bit Systems Service Pack 2
         Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
         Windows Server 2008 for Itanium-Based Systems Service Pack 2
         Windows Server 2008 for x64-based Systems Service Pack 2
         Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)


        Microsoft has given the following details regarding these vulnerabilities.
         Details         Impact                   Severity
         CVE-2020-0909   Denial of Service        Important
         CVE-2020-0963   Information Disclosure   Important
         CVE-2020-1010   Elevation of Privilege   Important
         CVE-2020-1035   Remote Code Execution    Low
         CVE-2020-1048   Elevation of Privilege   Important
         CVE-2020-1051   Remote Code Execution    Important
         CVE-2020-1054   Elevation of Privilege   Important
         CVE-2020-1058   Remote Code Execution    Low
         CVE-2020-1060   Remote Code Execution    Low
         CVE-2020-1061   Remote Code Execution    Important
         CVE-2020-1062   Remote Code Execution    Moderate
         CVE-2020-1064   Remote Code Execution    Moderate
         CVE-2020-1067   Remote Code Execution    Important
         CVE-2020-1070   Elevation of Privilege   Important
         CVE-2020-1071   Elevation of Privilege   Important
         CVE-2020-1072   Information Disclosure   Important
         CVE-2020-1078   Elevation of Privilege   Important
         CVE-2020-1081   Elevation of Privilege   Important
         CVE-2020-1092   Remote Code Execution    Low
         CVE-2020-1093   Remote Code Execution    Moderate
         CVE-2020-1112   Elevation of Privilege   Important
         CVE-2020-1113   Security Feature Bypass  Important
         CVE-2020-1114   Elevation of Privilege   Important
         CVE-2020-1116   Information Disclosure   Important
         CVE-2020-1141   Information Disclosure   Important
         CVE-2020-1143   Elevation of Privilege   Important
         CVE-2020-1150   Remote Code Execution    Important
         CVE-2020-1153   Remote Code Execution    Critical
         CVE-2020-1154   Elevation of Privilege   Important
         CVE-2020-1174   Remote Code Execution    Important
         CVE-2020-1175   Remote Code Execution    Important
         CVE-2020-1176   Remote Code Execution    Important
         CVE-2020-1179   Information Disclosure   Important


        Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1]
         KB4556854, KB4556860, KB4556836, KB4556798, KB4556843


        [1] Security Update Guide

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

Australian Computer Emergency Response Team
The University of Queensland
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
Comment: http://www.auscert.org.au/render.html?it=1967