Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2020.0102
Microsoft Patch Tuesday update for Microsoft Extended
Security Update products (May 2020)
13 May 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Internet Explorer 9
Windows 7
Windows Server 2008
Windows Server 2008 R2
Operating System: Windows
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Increased Privileges -- Existing Account
Modify Arbitrary Files -- Existing Account
Denial of Service -- Existing Account
Read-only Data Access -- Existing Account
Access Confidential Data -- Existing Account
Administrator Compromise -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2020-1179 CVE-2020-1176 CVE-2020-1175
CVE-2020-1174 CVE-2020-1154 CVE-2020-1153
CVE-2020-1150 CVE-2020-1143 CVE-2020-1141
CVE-2020-1116 CVE-2020-1114 CVE-2020-1113
CVE-2020-1112 CVE-2020-1093 CVE-2020-1092
CVE-2020-1081 CVE-2020-1078 CVE-2020-1072
CVE-2020-1071 CVE-2020-1070 CVE-2020-1067
CVE-2020-1064 CVE-2020-1062 CVE-2020-1061
CVE-2020-1060 CVE-2020-1058 CVE-2020-1054
CVE-2020-1051 CVE-2020-1048 CVE-2020-1035
CVE-2020-1010 CVE-2020-0963 CVE-2020-0909
Member content until: Friday, June 12 2020
OVERVIEW
Microsoft has released its monthly security patch update for the month of May 2020.
This update resolves 33 vulnerabilities across the following products: [1]
Internet Explorer 9
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
IMPACT
Microsoft has given the following details regarding these vulnerabilities.
Details Impact Severity
CVE-2020-0909 Denial of Service Important
CVE-2020-0963 Information Disclosure Important
CVE-2020-1010 Elevation of Privilege Important
CVE-2020-1035 Remote Code Execution Low
CVE-2020-1048 Elevation of Privilege Important
CVE-2020-1051 Remote Code Execution Important
CVE-2020-1054 Elevation of Privilege Important
CVE-2020-1058 Remote Code Execution Low
CVE-2020-1060 Remote Code Execution Low
CVE-2020-1061 Remote Code Execution Important
CVE-2020-1062 Remote Code Execution Moderate
CVE-2020-1064 Remote Code Execution Moderate
CVE-2020-1067 Remote Code Execution Important
CVE-2020-1070 Elevation of Privilege Important
CVE-2020-1071 Elevation of Privilege Important
CVE-2020-1072 Information Disclosure Important
CVE-2020-1078 Elevation of Privilege Important
CVE-2020-1081 Elevation of Privilege Important
CVE-2020-1092 Remote Code Execution Low
CVE-2020-1093 Remote Code Execution Moderate
CVE-2020-1112 Elevation of Privilege Important
CVE-2020-1113 Security Feature Bypass Important
CVE-2020-1114 Elevation of Privilege Important
CVE-2020-1116 Information Disclosure Important
CVE-2020-1141 Information Disclosure Important
CVE-2020-1143 Elevation of Privilege Important
CVE-2020-1150 Remote Code Execution Important
CVE-2020-1153 Remote Code Execution Critical
CVE-2020-1154 Elevation of Privilege Important
CVE-2020-1174 Remote Code Execution Important
CVE-2020-1175 Remote Code Execution Important
CVE-2020-1176 Remote Code Execution Important
CVE-2020-1179 Information Disclosure Important
MITIGATION
Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1]
KB4556854, KB4556860, KB4556836, KB4556798, KB4556843
REFERENCES
[1] Security Update Guide
https://portal.msrc.microsoft.com/en-us/security-guidance
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXrs3XmaOgq3Tt24GAQgGuA//eogZsp3DeJJt+v2vxgfAfRKXWtzR62uA
ivPqgmj9wfr9L+PVDDvZEsf78g3/imANOfM1G8iiQ1XRyG9I1wZSw7sfK84QgTce
lMBgRUBvvvLBcBLtzx3rE5aRksA+vv4xyA/VIIaN2Wfbx/QUojZDJySvQ+nqfyun
2hkdvzn74QanEGTS1P1bq4jhfIP87wTWb1swjkt52+h7UAp8+07c5kXyfoxBvxPo
eXPC5wWbfHjHarYq87++Ax9xz/PbOGCSeTcVFYIzl5QX9ntn52z8HZq34VHyLMJq
v4eeRz5Aro+7++xRWef2vsPcxpjaBpKILX2JMa850+5eCfNJ6wssGjmGO0OLq9hX
4EjP4lPAMCDK6pKgo62jXB8VRifD4TCmb9/FZ7slU1Lb9KjJPAf56Qg1ukdfPJvC
uQtOB7pl9CBSR2K1YqHtY+6s2toegBF5/q1ZhF491C6lsjz75CWrmcvuFQOmRcnJ
wFa2XiYSE1weav2Aj7YLl7vsqObf0+xjFdgZ4C94Kn6NQJqRsGx9mPBgfMR4WQQW
VllJfbLJo3zY1DTJmDrrvJC60rnm+9aRAIHSmf0rAF/FKuNSdKUvpBev0/KWSpim
kOpaRP05ee1+4XrJLvzIP5fW9QLSIAQSHaVYkF0M/r/c07Cqf8/Bicqw7c44OqSx
Cy1W3XpAkyU=
=fFAN
-----END PGP SIGNATURE-----