Microsoft closes 111 vulnerabilities during Patch Tuesday
Microsoft closed 111 leaks in Windows and other software during the monthly Patch Tuesday. In 13 cases it concerns leaks that are classified as ‘critical’. It is the third month in a row that Microsoft has fixed more than 110 vulnerabilities in the operating system.
Unlike previous months, there are no actively abused zero days in the current Patch Tuesday. That was still the case in April. In total, Microsoft has fixed 111 vulnerabilities in Windows 10 and Windows Server, as well as in proprietary software packages such as Edge and the .Net framework.
Of the 111 vulnerabilities, Microsoft labels 13 as ‘Critical’. 91 vulnerabilities are ‘Important’, 3 are ‘Moderate’ and 4 have a ‘Low’ priority. 3 of the critical vulnerabilities are in Microsoft Edge. CVE-2020-1056, CVE-1059, and CVE-2020-1096 respectively allow privilege escalations, spoofing, and remote code executions by letting users click on an infected link.
There are also three remote code executions in SharePoint: CVE-2020-1023, CVE-2020-1024 and CVE-2020-1102. Also, the remote code execution with CVE-2020-1067 is in Windows itself.