Threat Watch

Microsoft Patches 111 Vulnerabilities in May 2020 Patch Tuesday

Microsoft recently released their monthly Patch Tuesday update which fixed 111 vulnerabilities. While there are no actively exploited zero days in this patch, unlike the past few patches, there are still some critical vulnerabilities that should be patched as soon as possible. The critical vulnerabilities include a Remote Code Execution (RCE) for Microsoft Edge PDF Viewer, an Internet Explorer vbscript RCE vulnerability, a Microsoft Dynamics 365 Cross Site Scripting vulnerability, and a Microsoft Excel RCE Vulnerability.

ANALYST NOTES

As there are no in-the-wild zero-days released in this patch, system administrators can hopefully take this time to test and validate the patch on staging systems before installing all that can be installed on production systems. Many of these vulnerabilities could be leveraged in an exploit to gain access to unpatched systems, so it is still important to prioritize and apply patches as soon as possible on the most vulnerable systems.

https://www.zdnet.com/article/microsoft-may-2020-patch-tuesday-fixes-111-vulnerabilities/