The May 2020 Patch Tuesday updates fix 147 CVEs

Reading time icon 2 min. read


Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

Key notes

  • This month's Patch Tuesday Updates have brought fixes to 147 CVEs.
  • These Common Vulnerabilities and Exposures were identified and dealt with accordingly.
  • If left untreated, these CVEs can lead to heavy malware attacks, that can lead to stolen data.
  • For more articles on the topic, visit our comprehensive Patch Tuesday page.
may patch tuesday cve

It’s that time of the month again, and Microsoft just released the latest major cumulative updates called the May Patch Tuesday updates.

As with all the Patch Tuesday updates from the past, these bring new features, bug fixes, performance enhancements but, most importantly, they come with security improvements as well.

The past few months have shown a rise in malware and vulnerabilities, and the best testimonies are the 99 CVEs solved in February, the 115 CVEs discovered in March, and the 118 CVEs found in April.

In keeping with the tradition, these latest updates also bring fixes, this time to 147 CVEs


147 CVEs are now fixed with the May patch Tuesday updates

Of the 147 CVEs identified and fix by Microsoft, 36 were related to Adobe products which include Adobe Acrobat Reader and Adobe DNG.

It is also worth mentioning that 24 of the 36 CVEs were rated as Critical, and most of them consist of Our-of-Bounds (OOB) Reads and Writes.

As far as Microsoft-related CVEs go, 111 were identified, and they cover services like Microsoft Windows, Microsoft Edge (EdgeHTML-based), ChakraCore, Internet Explorer, Microsoft Office, and Microsoft Office Services .

Some extra CVEs were also found with Web Apps, Visual Studio, Microsoft Dynamics, .NET Framework, .NET Core, and Power BI.

The 111 CVEs identified were rated as follows:

  • 16 are rated Critical
  • 95 are rated Important

Which were some of the most severe CVEs?

  • CVE-2020-1071
    • Windows Remote Access Common Dialog Elevation of Privilege Vulnerability
  • CVE-2020-1135
    • Windows Graphics Component Elevation of Privilege Vulnerability
  • CVE-2020-1067
    • Windows Remote Code Execution Vulnerability
  • CVE-2020-1118
    • Microsoft Windows Transport Layer Security Denial of Service Vulnerability

These are the most important CVEs covered by Microsoft during the May 2020 round of Patch Tuesday Updates. For the next set of updates, users will have to wait until June 9.


  • Who maintains CVE?
CVE maintenance is currently the job of the MITRE Corporation.
  • What is CVE in security?

CVEs provide a reference-method for information-security, vulnerabilities, and exposures without any costs related to them.


[wl_navigator]

More about the topics: patch tuesday, windows 10, windows 10 updates

User forum

0 messages