The May 2020 Patch Tuesday updates fix 147 CVEs

Milan Stanojevic
by Milan Stanojevic
Deputy Editor
Download PDF
Affiliate Disclosure

  • This month's Patch Tuesday Updates have brought fixes to 147 CVEs.
  • These Common Vulnerabilities and Exposures were identified and dealt with accordingly.
  • If left untreated, these CVEs can lead to heavy malware attacks, that can lead to stolen data.
  • For more articles on the topic, visit our comprehensive Patch Tuesday page.
may patch tuesday cve

It’s that time of the month again, and Microsoft just released the latest major cumulative updates called the May Patch Tuesday updates.

As with all the Patch Tuesday updates from the past, these bring new features, bug fixes, performance enhancements but, most importantly, they come with security improvements as well.

The past few months have shown a rise in malware and vulnerabilities, and the best testimonies are the 99 CVEs solved in February, the 115 CVEs discovered in March, and the 118 CVEs found in April.

In keeping with the tradition, these latest updates also bring fixes, this time to 147 CVEs

147 CVEs are now fixed with the May patch Tuesday updates

Of the 147 CVEs identified and fix by Microsoft, 36 were related to Adobe products which include Adobe Acrobat Reader and Adobe DNG.

It is also worth mentioning that 24 of the 36 CVEs were rated as Critical, and most of them consist of Our-of-Bounds (OOB) Reads and Writes.

As far as Microsoft-related CVEs go, 111 were identified, and they cover services like Microsoft Windows, Microsoft Edge (EdgeHTML-based), ChakraCore, Internet Explorer, Microsoft Office, and Microsoft Office Services .

Some extra CVEs were also found with Web Apps, Visual Studio, Microsoft Dynamics, .NET Framework, .NET Core, and Power BI.

The 111 CVEs identified were rated as follows:

  • 16 are rated Critical
  • 95 are rated Important

Which were some of the most severe CVEs?

  • CVE-2020-1071
    • Windows Remote Access Common Dialog Elevation of Privilege Vulnerability
  • CVE-2020-1135
    • Windows Graphics Component Elevation of Privilege Vulnerability
  • CVE-2020-1067
    • Windows Remote Code Execution Vulnerability
  • CVE-2020-1118
    • Microsoft Windows Transport Layer Security Denial of Service Vulnerability

These are the most important CVEs covered by Microsoft during the May 2020 round of Patch Tuesday Updates. For the next set of updates, users will have to wait until June 9.

FAQ: Learn more about CVEs

  • What does CVE mean?

CVE stands for Common Vulnerabilities and Exposures and they represent vulnerabilities and other information related to security exposures found with Microsoft and Adobe products

  • Who maintains CVE?
CVE maintenance is currently the job of the MITRE Corporation.
  • What is CVE in security?

CVEs provide a reference-method for information-security, vulnerabilities, and exposures without any costs related to them.