- This month's Patch Tuesday Updates have brought fixes to 147 CVEs.
- These Common Vulnerabilities and Exposures were identified and dealt with accordingly.
- If left untreated, these CVEs can lead to heavy malware attacks, that can lead to stolen data.
- For more articles on the topic, visit our comprehensive Patch Tuesday page.
It’s that time of the month again, and Microsoft just released the latest major cumulative updates called the May Patch Tuesday updates.
As with all the Patch Tuesday updates from the past, these bring new features, bug fixes, performance enhancements but, most importantly, they come with security improvements as well.
In keeping with the tradition, these latest updates also bring fixes, this time to 147 CVEs
147 CVEs are now fixed with the May patch Tuesday updates
Of the 147 CVEs identified and fix by Microsoft, 36 were related to Adobe products which include Adobe Acrobat Reader and Adobe DNG.
It is also worth mentioning that 24 of the 36 CVEs were rated as Critical, and most of them consist of Our-of-Bounds (OOB) Reads and Writes.
As far as Microsoft-related CVEs go, 111 were identified, and they cover services like Microsoft Windows, Microsoft Edge (EdgeHTML-based), ChakraCore, Internet Explorer, Microsoft Office, and Microsoft Office Services .
Some extra CVEs were also found with Web Apps, Visual Studio, Microsoft Dynamics, .NET Framework, .NET Core, and Power BI.
The 111 CVEs identified were rated as follows:
- 16 are rated Critical
- 95 are rated Important
Which were some of the most severe CVEs?
- Windows Remote Access Common Dialog Elevation of Privilege Vulnerability
- Windows Graphics Component Elevation of Privilege Vulnerability
- Windows Remote Code Execution Vulnerability
- Microsoft Windows Transport Layer Security Denial of Service Vulnerability
These are the most important CVEs covered by Microsoft during the May 2020 round of Patch Tuesday Updates. For the next set of updates, users will have to wait until June 9.
- Who maintains CVE?
- What is CVE in security?
CVEs provide a reference-method for information-security, vulnerabilities, and exposures without any costs related to them.