Security News > 2020 > May > May 2020 Patch Tuesday: Microsoft fixes 111 flaws, Adobe 36

For the May 2020 Patch Tuesday, Microsoft has fixed 111 CVE-numbered flaws and Adobe 36, but none are under active attack.

The vulnerability is found in most Windows 10 and Windows Server builds and Microsoft deems it "More likely to be exploited."

"If exploited successfully, this vulnerability would give an attacker the ability to execute arbitrary code from the SharePoint application pool and the SharePoint server farm account, potentially impacting all the users connected into and using the platform. If an attacker is able to access this critical component of the network, lateral movement throughout the connected filesystems would be difficult to contain. With Microsoft Sharepoint's rise in use to support remote workers, addressing this vulnerability quickly is critical to securing a central hub of access to the full corporate network and data," he pointed out.

The Microsoft SharePoint security updates also fix three additional RCEs, four XSS flaws, three spoofing vulnerabilities and one information disclosure weakness.

While we're on the subject of vulnerability patching, the US Cybersecurity and Infrastructure Security Agency is urging organizations to patch a slew of old and new software vulnerabilities that are routinely exploited by foreign cyber actors and cyber criminals.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/ePzI89aNh98/