Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Monday May 18 2020, @12:17PM   Printer-friendly
from the flaws-of-the-month-club dept.

Microsoft Addresses 111 Bugs for May Patch Tuesday:

Microsoft has released fixes for 111 security vulnerabilities in its May Patch Tuesday update, including 16 critical bugs and 96 that are rated important.

Unlike other recent monthly updates from the computing giant this year, none of the flaws are publicly known or under active attack at the time of release.

Along with the expected cache of operating system, browser, Office and SharePoint updates, Microsoft has also released updates for .NET Framework, .NET Core, Visual Studio, Power BI, Windows Defender, and Microsoft Dynamics.

The majority of the fixes are important-rated elevation-of-privilege (EoP) bugs. There are a total of 56 of these types of fixes in Microsoft's May release, primarily impacting various Windows components. This class of vulnerabilities is used by attackers once they've managed to gain initial access to a system, in order to execute code on their target systems with elevated privileges.

[...] Other bugs of note include two remote code execution (RCE) flaws in Microsoft Color Management (CVE-2020-1117) and Windows Media Foundation (CVE-2020-1126), which could both be exploited by tricking a user via social engineering techniques into opening a malicious email attachment or visiting a website that contains the exploit code.

[...] The critical flaws also include updates for Chakra Core, Internet Explorer and EdgeHTML, while SharePoint has four critical bugs, continuing its dominance in that category from last month.

"Most of the critical vulnerabilities are resolved by the OS and browser updates, but there are four critical vulnerabilities in SharePoint and one in Visual Studio," Todd Schell, senior product manager, security, for Ivanti said via email.

[...] Administrators should also pay attention to a handful of other issues in the trove of patches, such as two for VBScript (CVE-2020-1060 and CVE-2020-1058).

When exploited, both could allow an attacker to gain the same right as the current user.

[...] There's also an interesting denial-of-service vulnerability (CVE-2020-1118) in Microsoft Windows Transport Layer Security. It allows a remote, unauthenticated attacker to abnormally reboot, resulting in a denial-of-service condition.

"A NULL pointer dereference vulnerability exists in the Windows implementation of the Diffie-Hellman protocol," explained Childs. "An attacker can exploit this vulnerability by sending a malicious Client Key Exchange message during a TLS handshake. The vulnerability affects both TLS clients and TLS servers, so just about any system could be shut down by an attacker. Either way, successful exploitation will cause the lsass.exe process to terminate."

[...] Microsoft has been on a bug-fixing roll lately; this month marks three months in a row that Microsoft has released patches for more than 110 CVEs.

"We'll see if they maintain that pace throughout the year," said Childs.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Interesting) by ElizabethGreene on Monday May 18 2020, @08:08PM

    by ElizabethGreene (6748) Subscriber Badge on Monday May 18 2020, @08:08PM (#995986) Journal

    Sandbox escapes are different, actually. Those are classified as "Elevation of Privilege" attacks.

    Most remote code execution (RCE) vulnerabilities require Hax0r to get you to interact with $content and that content is abused to execute code provided by the Hax0r. A small subset of exceptions are "no user interaction required" RCEs, and those are the ones that we squawk about loudly/release out-of-band updates, etc.

    IRL the attack chain is RCE to get a toehold on the box running in the context of the local user then (if the user isn't an administrator) an EOP to move to System level privileges.

    (I work for Microsoft and yes I know that makes my opinion invalid.)

    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3