Microsoft Security Bulletin Coverage for May 2020

May 12, 2020

SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of May 2020. A list of issues reported, along with SonicWall coverage information are as follows:

CVE-2020-0901 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0909 Windows Hyper-V Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-0963 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1010 Microsoft Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1021 Windows Error Reporting Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1023 Microsoft SharePoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1024 Microsoft SharePoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1028 Media Foundation Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-1035 VBScript Remote Code Execution Vulnerability
IPS 14992:VBScript Remote Code Execution Vulnerability (CVE-2020-1035)
CVE-2020-1037 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-1048 Windows Print Spooler Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1051 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1054 Win32k Elevation of Privilege Vulnerability
ASPY 5938:Malformed-File exe.MP.137
CVE-2020-1055 Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2020-1056 Microsoft Edge Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1058 VBScript Remote Code Execution Vulnerability
IPS 14993:VBScript Remote Code Execution Vulnerability (CVE-2020-1058)
CVE-2020-1059 Microsoft Edge Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-1060 VBScript Remote Code Execution Vulnerability
IPS 11663:Suspicious JavaScript/VBScript Code 54
CVE-2020-1061 Microsoft Script Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1062 Internet Explorer Memory Corruption Vulnerability
IPS 14990:Internet Explorer Memory Corruption Vulnerability (CVE-2020-1062)
CVE-2020-1063 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2020-1064 MSHTML Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1065 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-1066 .NET Framework Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1067 Windows Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1068 Microsoft Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1069 Microsoft SharePoint Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1070 Windows Print Spooler Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1071 Windows Remote Access Common Dialog Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1072 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1075 Windows Subsystem for Linux Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1076 Windows Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-1077 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1078 Windows Installer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1079 Microsoft Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1081 Windows Printer Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1082 Windows Error Reporting Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1084 Connected User Experiences and Telemetry Service Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-1086 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1087 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1088 Windows Error Reporting Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1090 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1092 Internet Explorer Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-1093 VBScript Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1096 Microsoft Edge PDF Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1099 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-1100 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-1101 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-1102 Microsoft SharePoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1103 Microsoft SharePoint Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1104 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-1105 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-1106 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-1107 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-1108 .NET Core Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-1109 Windows Update Stack Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1110 Windows Update Stack Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1111 Windows Clipboard Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1112 Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1113 Windows Task Scheduler Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-1114 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1116 Windows CSRSS Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1117 Microsoft Color Management Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1118 Microsoft Windows Transport Layer Security Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-1121 Windows Clipboard Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1123 Connected User Experiences and Telemetry Service Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-1124 Windows State Repository Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1125 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1126 Media Foundation Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-1131 Windows State Repository Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1132 Windows Error Reporting Manager Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1134 Windows State Repository Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1135 Windows Graphics Component Elevation of Privilege Vulnerability
ASPY 5936:Malformed-File exe.MP.136
CVE-2020-1136 Media Foundation Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-1137 Windows Push Notification Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1138 Windows Storage Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1139 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1140 DirectX Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1141 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1142 Windows GDI Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1143 Win32k Elevation of Privilege Vulnerability
ASPY 5935:Malformed-File exe.MP.135
CVE-2020-1144 Windows State Repository Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1145 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1149 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1150 Media Foundation Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-1151 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1153 Microsoft Graphics Components Remote Code Execution Vulnerability
ASPY 5937:Malformed-File otf.MP.23
CVE-2020-1154 Windows Common Log File System Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1155 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1156 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1157 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1158 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1161 ASP.NET Core Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-1164 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1165 Windows Clipboard Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1166 Windows Clipboard Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1171 Visual Studio Code Python Extension Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1173 Microsoft Power BI Report Server Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-1174 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1175 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1176 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1179 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1184 Windows State Repository Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1185 Windows State Repository Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1186 Windows State Repository Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1187 Windows State Repository Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1188 Windows State Repository Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1189 Windows State Repository Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1190 Windows State Repository Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1191 Windows State Repository Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1192 Visual Studio Code Python Extension Remote Code Execution Vulnerability
There are no known exploits in the wild.