Security News

Microsoft Security Bulletin Coverage for May 2020

By

SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of May 2020. A list of issues reported, along with SonicWall coverage information are as follows:

CVE-2020-0901 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0909 Windows Hyper-V Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-0963 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1010 Microsoft Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1021 Windows Error Reporting Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1023 Microsoft SharePoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1024 Microsoft SharePoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1028 Media Foundation Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-1035 VBScript Remote Code Execution Vulnerability
IPS 14992:VBScript Remote Code Execution Vulnerability (CVE-2020-1035)
CVE-2020-1037 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-1048 Windows Print Spooler Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1051 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1054 Win32k Elevation of Privilege Vulnerability
ASPY 5938:Malformed-File exe.MP.137
CVE-2020-1055 Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2020-1056 Microsoft Edge Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1058 VBScript Remote Code Execution Vulnerability
IPS 14993:VBScript Remote Code Execution Vulnerability (CVE-2020-1058)
CVE-2020-1059 Microsoft Edge Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-1060 VBScript Remote Code Execution Vulnerability
IPS 11663:Suspicious JavaScript/VBScript Code 54
CVE-2020-1061 Microsoft Script Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1062 Internet Explorer Memory Corruption Vulnerability
IPS 14990:Internet Explorer Memory Corruption Vulnerability (CVE-2020-1062)
CVE-2020-1063 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2020-1064 MSHTML Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1065 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-1066 .NET Framework Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1067 Windows Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1068 Microsoft Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1069 Microsoft SharePoint Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1070 Windows Print Spooler Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1071 Windows Remote Access Common Dialog Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1072 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1075 Windows Subsystem for Linux Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1076 Windows Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-1077 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1078 Windows Installer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1079 Microsoft Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1081 Windows Printer Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1082 Windows Error Reporting Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1084 Connected User Experiences and Telemetry Service Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-1086 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1087 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1088 Windows Error Reporting Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1090 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1092 Internet Explorer Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-1093 VBScript Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1096 Microsoft Edge PDF Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1099 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-1100 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-1101 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-1102 Microsoft SharePoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1103 Microsoft SharePoint Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1104 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-1105 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-1106 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-1107 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-1108 .NET Core Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-1109 Windows Update Stack Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1110 Windows Update Stack Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1111 Windows Clipboard Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1112 Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1113 Windows Task Scheduler Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-1114 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1116 Windows CSRSS Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1117 Microsoft Color Management Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1118 Microsoft Windows Transport Layer Security Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-1121 Windows Clipboard Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1123 Connected User Experiences and Telemetry Service Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-1124 Windows State Repository Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1125 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1126 Media Foundation Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-1131 Windows State Repository Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1132 Windows Error Reporting Manager Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1134 Windows State Repository Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1135 Windows Graphics Component Elevation of Privilege Vulnerability
ASPY 5936:Malformed-File exe.MP.136
CVE-2020-1136 Media Foundation Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-1137 Windows Push Notification Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1138 Windows Storage Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1139 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1140 DirectX Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1141 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1142 Windows GDI Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1143 Win32k Elevation of Privilege Vulnerability
ASPY 5935:Malformed-File exe.MP.135
CVE-2020-1144 Windows State Repository Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1145 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1149 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1150 Media Foundation Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-1151 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1153 Microsoft Graphics Components Remote Code Execution Vulnerability
ASPY 5937:Malformed-File otf.MP.23
CVE-2020-1154 Windows Common Log File System Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1155 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1156 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1157 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1158 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1161 ASP.NET Core Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-1164 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1165 Windows Clipboard Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1166 Windows Clipboard Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1171 Visual Studio Code Python Extension Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1173 Microsoft Power BI Report Server Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-1174 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1175 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1176 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1179 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1184 Windows State Repository Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1185 Windows State Repository Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1186 Windows State Repository Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1187 Windows State Repository Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1188 Windows State Repository Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1189 Windows State Repository Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1190 Windows State Repository Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1191 Windows State Repository Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1192 Visual Studio Code Python Extension Remote Code Execution Vulnerability
There are no known exploits in the wild.

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
Recommended Cyber Security Stories
HP Data Protector Media Operations DoS (Oct 22, 2010)
FrameworkPOS.acc: New variant of FrameworkPOS Uses DNS requests to deliver stolen card data to the attackers (Mar 1,2016)
RealNetworks RealGames ActiveX Command Execution (May 27, 2011)
SymmiWare Ransomware will only decrypt after Nov 25th
Postcard Storm Wave (Aug 6, 2008)
Cyber Security News & Trends – 10-19-18
CVE-2020-5902: Hackers actively exploit critical Vulnerability in F5 BIG-IP
Microsoft Security Bulletins Coverage (Mar 08, 2011)