Microsoft’s May 2020 Security Patch Fixes 111 Bugs

By | May 14, 2020
Print Friendly, PDF & Email

 

 

Microsoft’s May 2020 Security Patch Fixes 111 Bugs

Before installing this update, please read this article.

Who would have guessed that Windows 10 computers had 111 security vulnerabilities and bugs that needed to be fixed?  I don’t ever recall a security patch that addressed (fixed?) so many problems at the same time. 

But Microsoft’s Windows 10 May 2020 patch attempts to address all 111 bugs all at once. Let’s see how that goes.

On a positive note, there were no known exploitations of the vulnerabilities – lucky for us that Microsoft discovered them before the hacking crowd did.

If you want to know more about the technical side of the May 2020 security patch, here is some information from Threatpost…

Along with the expected cache of operating system, browser, Office and SharePoint updates, Microsoft has also released updates for .NET Framework, .NET Core, Visual Studio, Power BI, Windows Defender, and Microsoft Dynamics.

Privilege-Escalation Bugs to the Fore

The majority of the fixes are important-rated elevation-of-privilege (EoP) bugs. There are a total of 56 of these types of fixes in Microsoft’s May release, primarily impacting various Windows components. This class of vulnerabilities is used by attackers once they’ve managed to gain initial access to a system, in order to execute code on their target systems with elevated privileges.

Three of these bugs have received a rating of ‘Exploitation More Likely,’ pointed out Satnam Narang, staff research engineer at Tenable: A pair of flaws in Win32k (CVE-2020-1054CVE-2020-1143) and one in the Windows Graphics Component (CVE-2020-1135).

The two flaws in Win32k both exist when the Windows kernel-mode driver fails to properly handle objects in memory, according to Microsoft’s advisory. An attacker who successfully exploited either vulnerability could run arbitrary code in kernel mode; thus, an attacker could then install programs; view, change or delete data; or create new accounts with full user rights.

To exploit these, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

The Windows Graphics Component EoP bug meanwhile is found in most Windows 10 and Windows Server builds, Jay Goodman, strategic product marketing manager at Automox, told Threatpost. ‘The vulnerability could allow an exploit that leverages how Windows Graphics handles objects in memory,’ he said. ‘An attacker could use this vulnerability to elevate a process’ privileges, allowing the attacker to steal credentials or sensitive data, download additional malware, or execute malicious code.’

It was demonstrated at this year’s Pwn2Own, said Dustin Childs, researcher at Trend Micro’s Zero-Day Initiative.

‘While Pwn2Own may have been virtual this year, the bugs demonstrated certainly were not,’ he said in a Patch Tuesday analysis. ‘This bug from the Fluoroacetate duo of Richard Zhu and Amat Cama allows a logged-on user to take over a system by running a specially crafted program. They leveraged a use-after-free (UAF) bug in Windows to escalate from a regular user to SYSTEM…’

Read more here.

So there you go – now you know. If you see an update notification in the notification area of your Windows 10 PC or tablet, you might want to update your Windows 10 computer as soon as possible.

 

 

 

4 thoughts on “Microsoft’s May 2020 Security Patch Fixes 111 Bugs

  1. Marilyn Mathis

    I completed the Microsoft’s May 2020 Security Patch and now I cannot get my printer to work. What do I do now?

    Reply
    1. infoave Post author

      Marilyn, we are not Microsoft and we’re not associated with Microsoft. The article was only to inform readers what the newest patch covered. We wrote that article to inform, not recommended. We said you might want to update. We’ve updated our 4 computers and have had no problem. You can uninstall the update easily enough:

      1. Type VIEW UPDATE HISTORY in Taskbar search & press Enter when you see “View your update history” appear.
      2. View Update History will open. Click on “Uninstall updates”

      Cloudeight

      3. Locate the update that is causing your problems, right-click on it, and click Uninstall. If you have more than one update causing problems, you can remove them one at a time. All updates are shown by the installation date.

      Cloudeight

      Reply
  2. Lew

    The update totally messed up my computer. All of the programs act as if they have never run before. All my taskbar icons deleted. All history for all programs is deleted included browsers, Office programs, etc. It uninstalled programs. Totally rearranged my desktop – is now all in columns on the left side. If I add some history back to programs, it disappears if I restart the computer. They again act as a newly installed program never used before.

    It will NOT let me uninstall the update.

    I updated accidentally. I normally wait months for their major updates as they always cause people problems.

    What is their URL for update complaints?

    Reply
    1. infoave Post author

      Lew, the article was for informational purposes only. It puts us between rock and a hard place because if we recommend an update and someone has problems, we get blamed, and if we don’t recommend updates then we’re not doing enough to keep you safe. Security patches and bug fixes are important. Unfortunately, we can’t win no matter what we do. But we’re going to keep announcing new updates when they’re important. We have seen several people have problems with the last batch of updates, but only a few. Most people don’t have any trouble at all. Every computer is different.

      Apparently people have been taking this article as a recommendation. It is not. Neither is it a warning not to download.

      To clarify, I have added a paragraph at the bottom. Additionally, at the bottom of the page, I have added a straightforward way to contact Microsoft. See this pageto see how easy it is to contact Microsoft right from your Windows 10 computer. You can even schedule a call from them.

      I’m sorry you had problems with the update. I wish I had a magic bullet fix, but I don’t.

      Reply

Leave a Reply to Lew Cancel reply

Your email address will not be published. Required fields are marked *