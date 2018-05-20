[...] Other bugs of note include two remote code execution (RCE) flaws in Microsoft Color Management (CVE-2020-1117) and Windows Media Foundation (CVE-2020-1126), which could both be exploited by tricking a user via social engineering techniques into opening a malicious email attachment or visiting a website that contains the exploit code.

[...] The critical flaws also include updates for Chakra Core, Internet Explorer and EdgeHTML, while SharePoint has four critical bugs, continuing its dominance in that category from last month.

"Most of the critical vulnerabilities are resolved by the OS and browser updates, but there are four critical vulnerabilities in SharePoint and one in Visual Studio," Todd Schell, senior product manager, security, for Ivanti said via email.

[...] Administrators should also pay attention to a handful of other issues in the trove of patches, such as two for VBScript (CVE-2020-1060 and CVE-2020-1058).

When exploited, both could allow an attacker to gain the same right as the current user.

[...] There's also an interesting denial-of-service vulnerability (CVE-2020-1118) in Microsoft Windows Transport Layer Security. It allows a remote, unauthenticated attacker to abnormally reboot, resulting in a denial-of-service condition.

"A NULL pointer dereference vulnerability exists in the Windows implementation of the Diffie-Hellman protocol," explained Childs. "An attacker can exploit this vulnerability by sending a malicious Client Key Exchange message during a TLS handshake. The vulnerability affects both TLS clients and TLS servers, so just about any system could be shut down by an attacker. Either way, successful exploitation will cause the lsass.exe process to terminate."

[...] Microsoft has been on a bug-fixing roll lately; this month marks three months in a row that Microsoft has released patches for more than 110 CVEs.

"We'll see if they maintain that pace throughout the year," said Childs.