Security News > 2020 > May > Update now! Windows gets another bumper patch update
After a flurry of zero-day vulnerabilities in recent editions, May's Patch Tuesday finally gives Windows users a month off having to fix 'big' exploited or public flaws.
The catch is it's still one of the biggest patch rounds Microsoft has ever released, featuring 111 CVE-level bug fixes, nearly half of which are in Windows itself.
These include CVE-2020-1062, a critical RCE bug affecting Internet Explorer code that's still buried inside Windows 10, which doubles up with CVE-2020-1035, a VBScript RCE affecting IE 11.
Other criticals to watch for include CVE-2020-1117 in the in Windows Microsoft Color Management dll, and CVE-2020-1126, a memory corruption problem in Windows Media Foundation.
These are CVE-2020-1054 and CVE-2020-1143, both allowing EoP in Win32, and CVE-2020-1135, a flaw in the Windows Graphics Component discovered during this year's virtual Pwn2Own hacking contest.
News URL
https://nakedsecurity.sophos.com/2020/05/14/update-now-windows-gets-another-bumper-patch-update/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-21 | CVE-2020-1035 | Out-of-bounds Write vulnerability in Microsoft Internet Explorer 11/9 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. | 7.5 |
| 2020-05-21 | CVE-2020-1054 | Out-of-bounds Write vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. | 7.8 |
| 2020-05-21 | CVE-2020-1062 | Out-of-bounds Write vulnerability in Microsoft Internet Explorer 11/9 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. | 7.5 |
| 2020-05-21 | CVE-2020-1117 | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in the way that the Color Management Module (ICM32.dll) handles objects in memory, aka 'Microsoft Color Management Remote Code Execution Vulnerability'. | 8.8 |
| 2020-05-21 | CVE-2020-1126 | Out-of-bounds Write vulnerability in Microsoft products A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. | 8.8 |
| 2020-05-21 | CVE-2020-1135 | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. | 7.8 |
| 2020-05-21 | CVE-2020-1143 | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. | 7.8 |