This report contains detail for the following vulnerabilities:
Tag | CVE ID | CVE Title |
---|---|---|
.NET Core | CVE-2020-1161 | ASP.NET Core Denial of Service Vulnerability |
.NET Core | CVE-2020-1108 | .NET Core & .NET Framework Denial of Service Vulnerability |
.NET Framework | CVE-2020-1066 | .NET Framework Elevation of Privilege Vulnerability |
Active Directory | CVE-2020-1055 | Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability |
Common Log File System Driver | CVE-2020-1154 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Internet Explorer | CVE-2020-1092 | Internet Explorer Memory Corruption Vulnerability |
Internet Explorer | CVE-2020-1064 | MSHTML Engine Remote Code Execution Vulnerability |
Internet Explorer | CVE-2020-1062 | Internet Explorer Memory Corruption Vulnerability |
Internet Explorer | CVE-2020-1093 | VBScript Remote Code Execution Vulnerability |
Microsoft Dynamics | CVE-2020-1063 | Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability |
Microsoft Edge | CVE-2020-1059 | Microsoft Edge Spoofing Vulnerability |
Microsoft Edge | CVE-2020-1056 | Microsoft Edge Elevation of Privilege Vulnerability |
Microsoft Edge | CVE-2020-1096 | Microsoft Edge PDF Remote Code Execution Vulnerability |
Microsoft Graphics Component | CVE-2020-1145 | Windows GDI Information Disclosure Vulnerability |
Microsoft Graphics Component | CVE-2020-1135 | Windows Graphics Component Elevation of Privilege Vulnerability |
Microsoft Graphics Component | CVE-2020-1179 | Windows GDI Information Disclosure Vulnerability |
Microsoft Graphics Component | CVE-2020-1153 | Microsoft Graphics Components Remote Code Execution Vulnerability |
Microsoft Graphics Component | CVE-2020-1140 | DirectX Elevation of Privilege Vulnerability |
Microsoft Graphics Component | CVE-2020-0963 | Windows GDI Information Disclosure Vulnerability |
Microsoft Graphics Component | CVE-2020-1054 | Win32k Elevation of Privilege Vulnerability |
Microsoft Graphics Component | CVE-2020-1142 | Windows GDI Elevation of Privilege Vulnerability |
Microsoft Graphics Component | CVE-2020-1117 | Microsoft Color Management Remote Code Execution Vulnerability |
Microsoft Graphics Component | CVE-2020-1141 | Windows GDI Information Disclosure Vulnerability |
Microsoft JET Database Engine | CVE-2020-1176 | Jet Database Engine Remote Code Execution Vulnerability |
Microsoft JET Database Engine | CVE-2020-1051 | Jet Database Engine Remote Code Execution Vulnerability |
Microsoft JET Database Engine | CVE-2020-1175 | Jet Database Engine Remote Code Execution Vulnerability |
Microsoft JET Database Engine | CVE-2020-1174 | Jet Database Engine Remote Code Execution Vulnerability |
Microsoft Office | CVE-2020-0901 | Microsoft Excel Remote Code Execution Vulnerability |
Microsoft Office SharePoint | CVE-2020-1069 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
Microsoft Office SharePoint | CVE-2020-1100 | Microsoft Office SharePoint XSS Vulnerability |
Microsoft Office SharePoint | CVE-2020-1105 | Microsoft SharePoint Spoofing Vulnerability |
Microsoft Office SharePoint | CVE-2020-1102 | Microsoft SharePoint Remote Code Execution Vulnerability |
Microsoft Office SharePoint | CVE-2020-1024 | Microsoft SharePoint Remote Code Execution Vulnerability |
Microsoft Office SharePoint | CVE-2020-1023 | Microsoft SharePoint Remote Code Execution Vulnerability |
Microsoft Office SharePoint | CVE-2020-1104 | Microsoft SharePoint Spoofing Vulnerability |
Microsoft Office SharePoint | CVE-2020-1101 | Microsoft Office SharePoint XSS Vulnerability |
Microsoft Office SharePoint | CVE-2020-1099 | Microsoft Office SharePoint XSS Vulnerability |
Microsoft Office SharePoint | CVE-2020-1103 | Microsoft SharePoint Information Disclosure Vulnerability |
Microsoft Office SharePoint | CVE-2020-1107 | Microsoft SharePoint Spoofing Vulnerability |
Microsoft Office SharePoint | CVE-2020-1106 | Microsoft Office SharePoint XSS Vulnerability |
Microsoft Scripting Engine | CVE-2020-1060 | VBScript Remote Code Execution Vulnerability |
Microsoft Scripting Engine | CVE-2020-1065 | Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2020-1037 | Chakra Scripting Engine Memory Corruption Vulnerability |
Microsoft Scripting Engine | CVE-2020-1035 | VBScript Remote Code Execution Vulnerability |
Microsoft Scripting Engine | CVE-2020-1058 | VBScript Remote Code Execution Vulnerability |
Microsoft Windows | CVE-2020-1111 | Windows Clipboard Service Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-1112 | Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-1082 | Windows Error Reporting Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-1086 | Windows Runtime Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-1048 | Windows Print Spooler Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-1090 | Windows Runtime Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-1088 | Windows Error Reporting Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-1166 | Windows Clipboard Service Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-1021 | Windows Error Reporting Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-1164 | Windows Runtime Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-1165 | Windows Clipboard Service Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-1184 | Windows State Repository Service Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-1188 | Windows State Repository Service Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-1191 | Windows State Repository Service Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-1185 | Windows State Repository Service Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-1187 | Windows State Repository Service Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-1125 | Windows Runtime Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-1131 | Windows State Repository Service Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-1121 | Windows Clipboard Service Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-1123 | Connected User Experiences and Telemetry Service Denial of Service Vulnerability |
Microsoft Windows | CVE-2020-1132 | Windows Error Reporting Manager Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-1010 | Microsoft Windows Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-1028 | Media Foundation Memory Corruption Vulnerability |
Microsoft Windows | CVE-2020-1136 | Media Foundation Memory Corruption Vulnerability |
Microsoft Windows | CVE-2020-1139 | Windows Runtime Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-1144 | Windows State Repository Service Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-1149 | Windows Runtime Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-1076 | Windows Denial of Service Vulnerability |
Microsoft Windows | CVE-2020-1143 | Win32k Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-1071 | Windows Remote Access Common Dialog Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-1155 | Windows Runtime Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-1150 | Media Foundation Memory Corruption Vulnerability |
Microsoft Windows | CVE-2020-1151 | Windows Runtime Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-1138 | Windows Storage Service Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-1118 | Microsoft Windows Transport Layer Security Denial of Service Vulnerability |
Microsoft Windows | CVE-2020-1124 | Windows State Repository Service Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-1084 | Connected User Experiences and Telemetry Service Denial of Service Vulnerability |
Microsoft Windows | CVE-2020-1116 | Windows CSRSS Information Disclosure Vulnerability |
Microsoft Windows | CVE-2020-1078 | Windows Installer Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-1137 | Windows Push Notification Service Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-1126 | Media Foundation Memory Corruption Vulnerability |
Microsoft Windows | CVE-2020-1134 | Windows State Repository Service Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-1070 | Windows Print Spooler Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-1068 | Microsoft Windows Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-1067 | Windows Remote Code Execution Vulnerability |
Microsoft Windows | CVE-2020-1072 | Windows Kernel Information Disclosure Vulnerability |
Microsoft Windows | CVE-2020-1081 | Windows Printer Service Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-1079 | Microsoft Windows Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-1077 | Windows Runtime Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-1190 | Windows State Repository Service Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-1158 | Windows Runtime Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-1157 | Windows Runtime Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-1186 | Windows State Repository Service Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-1156 | Windows Runtime Elevation of Privilege Vulnerability |
Microsoft Windows | CVE-2020-1189 | Windows State Repository Service Elevation of Privilege Vulnerability |
Power BI | CVE-2020-1173 | Microsoft Power BI Report Server Spoofing Vulnerability |
Visual Studio | CVE-2020-1192 | Visual Studio Code Python Extension Remote Code Execution Vulnerability |
Visual Studio | CVE-2020-1171 | Visual Studio Code Python Extension Remote Code Execution Vulnerability |
Windows Hyper-V | CVE-2020-0909 | Windows Hyper-V Denial of Service Vulnerability |
Windows Kernel | CVE-2020-1114 | Windows Kernel Elevation of Privilege Vulnerability |
Windows Kernel | CVE-2020-1087 | Windows Kernel Elevation of Privilege Vulnerability |
Windows Scripting | CVE-2020-1061 | Microsoft Script Runtime Remote Code Execution Vulnerability |
Windows Subsystem for Linux | CVE-2020-1075 | Windows Subsystem for Linux Information Disclosure Vulnerability |
Windows Task Scheduler | CVE-2020-1113 | Windows Task Scheduler Security Feature Bypass Vulnerability |
Windows Update Stack | CVE-2020-1109 | Windows Update Stack Elevation of Privilege Vulnerability |
Windows Update Stack | CVE-2020-1110 | Windows Update Stack Elevation of Privilege Vulnerability |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2020-0901 MITRE NVD |
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Excel handles objects in memory. FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. What is Microsoft 365 Apps for Enterprise? Office 365 ProPlus has been renamed to Microsoft 365 Apps for Enterprise. Please see Name change for Office 365 ProPlus for more information. Mitigations: None Workarounds: None Revision: 1.0    2020-05-12T07:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2020-0901 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft Excel 2010 Service Pack 2 (32-bit editions) | 4484384 (Security Update) | Important | Remote Code Execution | 4484285 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Excel 2010 Service Pack 2 (64-bit editions) | 4484384 (Security Update) | Important | Remote Code Execution | 4484285 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Excel 2013 RT Service Pack 1 | 4484365 (Security Update) | Important | Remote Code Execution | 4484283 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Excel 2013 Service Pack 1 (32-bit editions) | 4484365 (Security Update) | Important | Remote Code Execution | 4484283 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Excel 2013 Service Pack 1 (64-bit editions) | 4484365 (Security Update) | Important | Remote Code Execution | 4484283 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Excel 2016 (32-bit edition) | 4484338 (Security Update) | Important | Remote Code Execution | 4484273 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Excel 2016 (64-bit edition) | 4484338 (Security Update) | Important | Remote Code Execution | 4484273 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Office 2016 for Mac | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
Microsoft Office 2019 for Mac | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2020-0901 | Marcin 'Icewall' Noga of Cisco Talos |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2020-0909 MITRE NVD |
CVE Title: Windows Hyper-V Denial of Service Vulnerability
Description: A denial of service vulnerability exists when Hyper-V on a Windows Server fails to properly handle specially crafted network packets. To exploit the vulnerability, an attacker would send specially crafted network packets to the Hyper-V Server. The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to properly handle these network packets. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2020-05-12T07:00:00Z     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2020-0909 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for x64-based Systems | 4556826 (Security Update) | Important | Denial of Service | 4550930 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4556813 (Security Update) | Important | Denial of Service | 4550929 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4556812 (Security Update) | Important | Denial of Service | 4550927 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4556807 (Security Update) | Important | Denial of Service | 4550922 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4551853 (Security Update) | Important | Denial of Service | 4549949 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for x64-based Systems | 4556799 (Security Update) | Important | Denial of Service | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 4556799 (Security Update) | Important | Denial of Service | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4556836 (Monthly Rollup) 4556843 (Security Only) |
Important | Denial of Service | 4550964 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4556846 (Monthly Rollup) 4556853 (Security Only) |
Important | Denial of Service | 4550961 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4556860 (Monthly Rollup) 4556854 (Security Only) |
Important | Denial of Service | 4550951 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4556860 (Monthly Rollup) 4556854 (Security Only) |
Important | Denial of Service | 4550951 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4556836 (Monthly Rollup) 4556843 (Security Only) |
Important | Denial of Service | 4550964 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4556836 (Monthly Rollup) 4556843 (Security Only) |
Important | Denial of Service | 4550964 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4556840 (Monthly Rollup) 4556852 (Security Only) |
Important | Denial of Service | 4550917 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4556840 (Monthly Rollup) 4556852 (Security Only) |
Important | Denial of Service | 4550917 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4556846 (Monthly Rollup) 4556853 (Security Only) |
Important | Denial of Service | 4550961 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4556846 (Monthly Rollup) 4556853 (Security Only) |
Important | Denial of Service | 4550961 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4556813 (Security Update) | Important | Denial of Service | 4550929 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4556813 (Security Update) | Important | Denial of Service | 4550929 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4551853 (Security Update) | Important | Denial of Service | 4549949 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4551853 (Security Update) | Important | Denial of Service | 4549949 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4556807 (Security Update) | Important | Denial of Service | 4550922 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1903 (Server Core installation) | 4556799 (Security Update) | Important | Denial of Service | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1909 (Server Core installation) | 4556799 (Security Update) | Important | Denial of Service | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2020-0909 | Huichen Lin and Dong Seong Kim of School of Information Technology and Electrical Engineering - The University of Queensland |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2020-1021 MITRE NVD |
CVE Title: Windows Error Reporting Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it. An attacker who successfully exploited the vulnerability could gain greater access to sensitive information and system functionality. To exploit the vulnerability, an attacker could run a specially crafted application. The security update addresses the vulnerability by correcting the way that WER handles and executes files. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2020-05-12T07:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2020-1021 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4556826 (Security Update) | Important | Elevation of Privilege | 4550930 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4556826 (Security Update) | Important | Elevation of Privilege | 4550930 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4556813 (Security Update) | Important | Elevation of Privilege | 4550929 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4556813 (Security Update) | Important | Elevation of Privilege | 4550929 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4556812 (Security Update) | Important | Elevation of Privilege | 4550927 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4556812 (Security Update) | Important | Elevation of Privilege | 4550927 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4556812 (Security Update) | Important | Elevation of Privilege | 4550927 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4556807 (Security Update) | Important | Elevation of Privilege | 4550922 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4556807 (Security Update) | Important | Elevation of Privilege | 4550922 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4556807 (Security Update) | Important | Elevation of Privilege | 4550922 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4551853 (Security Update) | Important | Elevation of Privilege | 4549949 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4551853 (Security Update) | Important | Elevation of Privilege | 4549949 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4551853 (Security Update) | Important | Elevation of Privilege | 4549949 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for 32-bit Systems | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for ARM64-based Systems | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for x64-based Systems | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4556813 (Security Update) | Important | Elevation of Privilege | 4550929 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4556813 (Security Update) | Important | Elevation of Privilege | 4550929 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4551853 (Security Update) | Important | Elevation of Privilege | 4549949 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4551853 (Security Update) | Important | Elevation of Privilege | 4549949 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4556807 (Security Update) | Important | Elevation of Privilege | 4550922 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1903 (Server Core installation) | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1909 (Server Core installation) | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2020-1021 | Gal De Leon of Palo Alto Networks Yuki Chen of Qihoo 360 Vulcan Team |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2020-1023 MITRE NVD |
CVE Title: Microsoft SharePoint Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account. Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint. The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2020-05-12T07:00:00Z     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2020-1023 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft SharePoint Enterprise Server 2016 | 4484336 (Security Update) | Critical | Remote Code Execution | 4484299 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft SharePoint Foundation 2013 Service Pack 1 | 4484364 (Security Update) | Critical | Remote Code Execution | 4484321 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft SharePoint Server 2019 | 4484332 (Security Update) | Critical | Remote Code Execution | 4484292 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
CVE ID | Acknowledgements |
CVE-2020-1023 | Ivan Vagunin, |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2020-1024 MITRE NVD |
CVE Title: Microsoft SharePoint Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account. Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint. The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2020-05-12T07:00:00Z     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2020-1024 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft SharePoint Enterprise Server 2016 | 4484336 (Security Update) | Critical | Remote Code Execution | 4484299 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft SharePoint Foundation 2013 Service Pack 1 | 4484364 (Security Update) | Critical | Remote Code Execution | 4484321 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft SharePoint Server 2019 | 4484332 (Security Update) | Critical | Remote Code Execution | 4484292 | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
CVE ID | Acknowledgements |
CVE-2020-1024 | Ivan Vagunin, |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2020-1028 MITRE NVD |
CVE Title: Media Foundation Memory Corruption Vulnerability
Description: A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2020-05-12T07:00:00Z     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2020-1028 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 Version 1607 for 32-bit Systems | 4556813 (Security Update) | Critical | Remote Code Execution | 4550929 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4556813 (Security Update) | Critical | Remote Code Execution | 4550929 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4556812 (Security Update) | Critical | Remote Code Execution | 4550927 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4556812 (Security Update) | Critical | Remote Code Execution | 4550927 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4556812 (Security Update) | Critical | Remote Code Execution | 4550927 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4556807 (Security Update) | Critical | Remote Code Execution | 4550922 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4556807 (Security Update) | Critical | Remote Code Execution | 4550922 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4556807 (Security Update) | Critical | Remote Code Execution | 4550922 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4551853 (Security Update) | Critical | Remote Code Execution | 4549949 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4551853 (Security Update) | Critical | Remote Code Execution | 4549949 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4551853 (Security Update) | Critical | Remote Code Execution | 4549949 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for 32-bit Systems | 4556799 (Security Update) | Critical | Remote Code Execution | 4549951 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for ARM64-based Systems | 4556799 (Security Update) | Critical | Remote Code Execution | 4549951 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for x64-based Systems | 4556799 (Security Update) | Critical | Remote Code Execution | 4549951 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 4556799 (Security Update) | Critical | Remote Code Execution | 4549951 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 4556799 (Security Update) | Critical | Remote Code Execution | 4549951 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 4556799 (Security Update) | Critical | Remote Code Execution | 4549951 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4556813 (Security Update) | Critical | Remote Code Execution | 4550929 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4556813 (Security Update) | Critical | Remote Code Execution | 4550929 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4551853 (Security Update) | Critical | Remote Code Execution | 4549949 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4551853 (Security Update) | Critical | Remote Code Execution | 4549949 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4556807 (Security Update) | Critical | Remote Code Execution | 4550922 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1903 (Server Core installation) | 4556799 (Security Update) | Critical | Remote Code Execution | 4549951 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1909 (Server Core installation) | 4556799 (Security Update) | Critical | Remote Code Execution | 4549951 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2020-1028 | Hossein Lotfi of Trend Micro Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2020-1192 MITRE NVD |
CVE Title: Visual Studio Code Python Extension Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads workspace settings from a notebook file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to convince a target to open a specially crafted file in Visual Studio Code with the Python extension installed. The update address the vulnerability by modifying the way Visual Studio Code Python extension enforces user settings. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2020-05-12T07:00:00Z     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2020-1192 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Visual Studio Code | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
CVE ID | Acknowledgements |
CVE-2020-1192 | Ron Masas |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2020-0963 MITRE NVD |
CVE Title: Windows GDI Information Disclosure Vulnerability
Description: An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. Mitigations: None Workarounds: None Revision: 1.0    2020-05-12T07:00:00Z     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2020-0963 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4556826 (Security Update) | Important | Information Disclosure | 4550930 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4556826 (Security Update) | Important | Information Disclosure | 4550930 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4556813 (Security Update) | Important | Information Disclosure | 4550929 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4556813 (Security Update) | Important | Information Disclosure | 4550929 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4556812 (Security Update) | Important | Information Disclosure | 4550927 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4556812 (Security Update) | Important | Information Disclosure | 4550927 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4556812 (Security Update) | Important | Information Disclosure | 4550927 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4556807 (Security Update) | Important | Information Disclosure | 4550922 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4556807 (Security Update) | Important | Information Disclosure | 4550922 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4556807 (Security Update) | Important | Information Disclosure | 4550922 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4551853 (Security Update) | Important | Information Disclosure | 4549949 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4551853 (Security Update) | Important | Information Disclosure | 4549949 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4551853 (Security Update) | Important | Information Disclosure | 4549949 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for 32-bit Systems | 4556799 (Security Update) | Important | Information Disclosure | 4549951 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for ARM64-based Systems | 4556799 (Security Update) | Important | Information Disclosure | 4549951 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for x64-based Systems | 4556799 (Security Update) | Important | Information Disclosure | 4549951 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 4556799 (Security Update) | Important | Information Disclosure | 4549951 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 4556799 (Security Update) | Important | Information Disclosure | 4549951 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 4556799 (Security Update) | Important | Information Disclosure | 4549951 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4556836 (Monthly Rollup) 4556843 (Security Only) |
Important | Information Disclosure | 4550964 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4556836 (Monthly Rollup) 4556843 (Security Only) |
Important | Information Disclosure | 4550964 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4556846 (Monthly Rollup) 4556853 (Security Only) |
Important | Information Disclosure | 4550961 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4556846 (Monthly Rollup) 4556853 (Security Only) |
Important | Information Disclosure | 4550961 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4556846 (Monthly Rollup) | Important | Information Disclosure | 4550961 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4556860 (Monthly Rollup) 4556854 (Security Only) |
Important | Information Disclosure | 4550951 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4556860 (Monthly Rollup) 4556854 (Security Only) |
Important | Information Disclosure | 4550951 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4556860 (Monthly Rollup) 4556854 (Security Only) |
Important | Information Disclosure | 4550951 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4556860 (Monthly Rollup) 4556854 (Security Only) |
Important | Information Disclosure | 4550951 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4556860 (Monthly Rollup) 4556854 (Security Only) |
Important | Information Disclosure | 4550951 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4556836 (Monthly Rollup) 4556843 (Security Only) |
Important | Information Disclosure | 4550964 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4556836 (Monthly Rollup) 4556843 (Security Only) |
Important | Information Disclosure | 4550964 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4556836 (Monthly Rollup) 4556843 (Security Only) |
Important | Information Disclosure | 4550964 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4556840 (Monthly Rollup) 4556852 (Security Only) |
Important | Information Disclosure | 4550917 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4556840 (Monthly Rollup) 4556852 (Security Only) |
Important | Information Disclosure | 4550917 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4556846 (Monthly Rollup) 4556853 (Security Only) |
Important | Information Disclosure | 4550961 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4556846 (Monthly Rollup) 4556853 (Security Only) |
Important | Information Disclosure | 4550961 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4556813 (Security Update) | Important | Information Disclosure | 4550929 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4556813 (Security Update) | Important | Information Disclosure | 4550929 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4551853 (Security Update) | Important | Information Disclosure | 4549949 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4551853 (Security Update) | Important | Information Disclosure | 4549949 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4556807 (Security Update) | Important | Information Disclosure | 4550922 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1903 (Server Core installation) | 4556799 (Security Update) | Important | Information Disclosure | 4549951 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1909 (Server Core installation) | 4556799 (Security Update) | Important | Information Disclosure | 4549951 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2020-0963 | Ke Liu of Tencent Security Xuanwu Lab
Jaanus Kääp of Clarified Security |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2020-1010 MITRE NVD |
CVE Title: Microsoft Windows Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in Windows Block Level Backup Engine Service (wbengine) that allows file deletion in arbitrary locations. To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses the vulnerability by correcting how the Windows Block Level Backup Engine Service handles file operations. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2020-05-12T07:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2020-1010 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4556826 (Security Update) | Important | Elevation of Privilege | 4550930 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4556826 (Security Update) | Important | Elevation of Privilege | 4550930 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4556813 (Security Update) | Important | Elevation of Privilege | 4550929 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4556813 (Security Update) | Important | Elevation of Privilege | 4550929 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4556812 (Security Update) | Important | Elevation of Privilege | 4550927 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4556812 (Security Update) | Important | Elevation of Privilege | 4550927 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4556812 (Security Update) | Important | Elevation of Privilege | 4550927 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4556807 (Security Update) | Important | Elevation of Privilege | 4550922 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4556807 (Security Update) | Important | Elevation of Privilege | 4550922 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4556807 (Security Update) | Important | Elevation of Privilege | 4550922 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4551853 (Security Update) | Important | Elevation of Privilege | 4549949 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4551853 (Security Update) | Important | Elevation of Privilege | 4549949 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4551853 (Security Update) | Important | Elevation of Privilege | 4549949 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for 32-bit Systems | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for ARM64-based Systems | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for x64-based Systems | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4556836 (Monthly Rollup) 4556843 (Security Only) |
Important | Elevation of Privilege | 4550964 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4556836 (Monthly Rollup) 4556843 (Security Only) |
Important | Elevation of Privilege | 4550964 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4556846 (Monthly Rollup) 4556853 (Security Only) |
Important | Elevation of Privilege | 4550961 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4556846 (Monthly Rollup) 4556853 (Security Only) |
Important | Elevation of Privilege | 4550961 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4556846 (Monthly Rollup) | Important | Elevation of Privilege | 4550961 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4556836 (Monthly Rollup) 4556843 (Security Only) |
Important | Elevation of Privilege | 4550964 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4556836 (Monthly Rollup) 4556843 (Security Only) |
Important | Elevation of Privilege | 4550964 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4556836 (Monthly Rollup) 4556843 (Security Only) |
Important | Elevation of Privilege | 4550964 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4556840 (Monthly Rollup) 4556852 (Security Only) |
Important | Elevation of Privilege | 4550917 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4556840 (Monthly Rollup) 4556852 (Security Only) |
Important | Elevation of Privilege | 4550917 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4556846 (Monthly Rollup) 4556853 (Security Only) |
Important | Elevation of Privilege | 4550961 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4556846 (Monthly Rollup) 4556853 (Security Only) |
Important | Elevation of Privilege | 4550961 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4556813 (Security Update) | Important | Elevation of Privilege | 4550929 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4556813 (Security Update) | Important | Elevation of Privilege | 4550929 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4551853 (Security Update) | Important | Elevation of Privilege | 4549949 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4551853 (Security Update) | Important | Elevation of Privilege | 4549949 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4556807 (Security Update) | Important | Elevation of Privilege | 4550922 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1903 (Server Core installation) | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1909 (Server Core installation) | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2020-1010 | Zhiniang Peng (@edwardzpeng) of Qihoo 360 Core security & Xuefeng Li |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2020-1035 MITRE NVD |
CVE Title: VBScript Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2020-05-12T07:00:00Z     Information published. |
Low | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2020-1035 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Internet Explorer 11 on Windows 10 for 32-bit Systems | 4556826 (Security Update) | Important | Remote Code Execution | 4550930 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 for x64-based Systems | 4556826 (Security Update) | Important | Remote Code Execution | 4550930 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems | 4556813 (Security Update) | Important | Remote Code Execution | 4550929 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems | 4556813 (Security Update) | Important | Remote Code Execution | 4550929 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems | 4556812 (Security Update) | Important | Remote Code Execution | 4550927 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for ARM64-based Systems | 4556812 (Security Update) | Important | Remote Code Execution | 4550927 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems | 4556812 (Security Update) | Important | Remote Code Execution | 4550927 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems | 4556807 (Security Update) | Important | Remote Code Execution | 4550922 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems | 4556807 (Security Update) | Important | Remote Code Execution | 4550922 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems | 4556807 (Security Update) | Important | Remote Code Execution | 4550922 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems | 4551853 (Security Update) | Important | Remote Code Execution | 4549949 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems | 4551853 (Security Update) | Important | Remote Code Execution | 4549949 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems | 4551853 (Security Update) | Important | Remote Code Execution | 4549949 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems | 4556799 (Security Update) | Important | Remote Code Execution | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems | 4556799 (Security Update) | Important | Remote Code Execution | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems | 4556799 (Security Update) | Important | Remote Code Execution | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems | 4556799 (Security Update) | Important | Remote Code Execution | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems | 4556799 (Security Update) | Important | Remote Code Execution | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems | 4556799 (Security Update) | Important | Remote Code Execution | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 | 4556798 (IE Cumulative) 4556836 (Monthly Rollup) |
Important | Remote Code Execution | 4550905 4550964 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 | 4556798 (IE Cumulative) 4556836 (Monthly Rollup) |
Important | Remote Code Execution | 4550905 4550964 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 8.1 for 32-bit systems | 4556798 (IE Cumulative) 4556846 (Monthly Rollup) |
Important | Remote Code Execution | 4550905 4550961 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 8.1 for x64-based systems | 4556798 (IE Cumulative) 4556846 (Monthly Rollup) |
Important | Remote Code Execution | 4550905 4550961 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows RT 8.1 | 4556846 (Monthly Rollup) | Important | Remote Code Execution | 4550961 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4556798 (IE Cumulative) 4556836 (Monthly Rollup) |
Low | Remote Code Execution | 4550905 4550964 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2012 | 4556798 (IE Cumulative) 4556840 (Monthly Rollup) |
Low | Remote Code Execution | 4550905 4550917 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2012 R2 | 4556798 (IE Cumulative) 4556846 (Monthly Rollup) |
Low | Remote Code Execution | 4550905 4550961 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2016 | 4556813 (Security Update) | Low | Remote Code Execution | 4550929 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2019 | 4551853 (Security Update) | Low | Remote Code Execution | 4549949 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 4556860 (Monthly Rollup) 4556798 (IE Cumulative) |
Low | Remote Code Execution | 4550951 4550905 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2 | 4556860 (Monthly Rollup) 4556798 (IE Cumulative) |
Low | Remote Code Execution | 4550951 4550905 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2020-1035 | Yuki Chen of Qihoo 360 Vulcan Team |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2020-1037 MITRE NVD |
CVE Title: Chakra Scripting Engine Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2020-05-12T07:00:00Z     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2020-1037 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
ChakraCore | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Maybe |
Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems | 4556826 (Security Update) | Critical | Remote Code Execution | 4550930 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems | 4556826 (Security Update) | Critical | Remote Code Execution | 4550930 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems | 4556813 (Security Update) | Critical | Remote Code Execution | 4550929 |
Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems | 4556813 (Security Update) | Critical | Remote Code Execution | 4550929 |
Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systems | 4556812 (Security Update) | Critical | Remote Code Execution | 4550927 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systems | 4556812 (Security Update) | Critical | Remote Code Execution | 4550927 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systems | 4556812 (Security Update) | Critical | Remote Code Execution | 4550927 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems | 4556807 (Security Update) | Critical | Remote Code Execution | 4550922 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems | 4556807 (Security Update) | Critical | Remote Code Execution | 4550922 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems | 4556807 (Security Update) | Critical | Remote Code Execution | 4550922 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems | 4551853 (Security Update) | Critical | Remote Code Execution | 4549949 |
Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems | 4551853 (Security Update) | Critical | Remote Code Execution | 4549949 |
Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems | 4551853 (Security Update) | Critical | Remote Code Execution | 4549949 |
Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems | 4556799 (Security Update) | Critical | Remote Code Execution | 4549951 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems | 4556799 (Security Update) | Critical | Remote Code Execution | 4549951 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems | 4556799 (Security Update) | Critical | Remote Code Execution | 4549951 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems | 4556799 (Security Update) | Critical | Remote Code Execution | 4549951 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems | 4556799 (Security Update) | Critical | Remote Code Execution | 4549951 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems | 4556799 (Security Update) | Critical | Remote Code Execution | 4549951 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows Server 2016 | 4556813 (Security Update) | Moderate | Remote Code Execution | 4550929 |
Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows Server 2019 | 4551853 (Security Update) | Moderate | Remote Code Execution | 4549949 |
Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2020-1037 | Qixun Zhao of Qihoo 360 Vulcan Team |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2020-1048 MITRE NVD |
CVE Title: Windows Print Spooler Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application. The update addresses the vulnerability by correcting how the Windows Print Spooler Component writes to the file system. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2020-05-12T07:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2020-1048 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4556826 (Security Update) | Important | Elevation of Privilege | 4550930 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4556826 (Security Update) | Important | Elevation of Privilege | 4550930 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4556813 (Security Update) | Important | Elevation of Privilege | 4550929 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4556813 (Security Update) | Important | Elevation of Privilege | 4550929 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4556812 (Security Update) | Important | Elevation of Privilege | 4550927 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4556812 (Security Update) | Important | Elevation of Privilege | 4550927 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4556812 (Security Update) | Important | Elevation of Privilege | 4550927 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4556807 (Security Update) | Important | Elevation of Privilege | 4550922 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4556807 (Security Update) | Important | Elevation of Privilege | 4550922 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4556807 (Security Update) | Important | Elevation of Privilege | 4550922 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4551853 (Security Update) | Important | Elevation of Privilege | 4549949 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4551853 (Security Update) | Important | Elevation of Privilege | 4549949 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4551853 (Security Update) | Important | Elevation of Privilege | 4549949 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for 32-bit Systems | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for ARM64-based Systems | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for x64-based Systems | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4556836 (Monthly Rollup) 4556843 (Security Only) |
Important | Elevation of Privilege | 4550964 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4556836 (Monthly Rollup) 4556843 (Security Only) |
Important | Elevation of Privilege | 4550964 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4556846 (Monthly Rollup) 4556853 (Security Only) |
Important | Elevation of Privilege | 4550961 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4556846 (Monthly Rollup) 4556853 (Security Only) |
Important | Elevation of Privilege | 4550961 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4556846 (Monthly Rollup) | Important | Elevation of Privilege | 4550961 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4556860 (Monthly Rollup) 4556854 (Security Only) |
Important | Elevation of Privilege | 4550951 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4556860 (Monthly Rollup) 4556854 (Security Only) |
Important | Elevation of Privilege | 4550951 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4556860 (Monthly Rollup) 4556854 (Security Only) |
Important | Elevation of Privilege | 4550951 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4556860 (Monthly Rollup) 4556854 (Security Only) |
Important | Elevation of Privilege | 4550951 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4556860 (Monthly Rollup) 4556854 (Security Only) |
Important | Elevation of Privilege | 4550951 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4556836 (Monthly Rollup) 4556843 (Security Only) |
Important | Elevation of Privilege | 4550964 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4556836 (Monthly Rollup) 4556843 (Security Only) |
Important | Elevation of Privilege | 4550964 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4556836 (Monthly Rollup) 4556843 (Security Only) |
Important | Elevation of Privilege | 4550964 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4556840 (Monthly Rollup) 4556852 (Security Only) |
Important | Elevation of Privilege | 4550917 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4556840 (Monthly Rollup) 4556852 (Security Only) |
Important | Elevation of Privilege | 4550917 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4556846 (Monthly Rollup) 4556853 (Security Only) |
Important | Elevation of Privilege | 4550961 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4556846 (Monthly Rollup) 4556853 (Security Only) |
Important | Elevation of Privilege | 4550961 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4556813 (Security Update) | Important | Elevation of Privilege | 4550929 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4556813 (Security Update) | Important | Elevation of Privilege | 4550929 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4551853 (Security Update) | Important | Elevation of Privilege | 4549949 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4551853 (Security Update) | Important | Elevation of Privilege | 4549949 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4556807 (Security Update) | Important | Elevation of Privilege | 4550922 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1903 (Server Core installation) | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1909 (Server Core installation) | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2020-1048 | Peleg Hadar (@peleghd) and Tomer Bar of SafeBreach Labs |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2020-1054 MITRE NVD |
CVE Title: Win32k Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2020-05-12T07:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2020-1054 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4556826 (Security Update) | Important | Elevation of Privilege | 4550930 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4556826 (Security Update) | Important | Elevation of Privilege | 4550930 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4556813 (Security Update) | Important | Elevation of Privilege | 4550929 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4556813 (Security Update) | Important | Elevation of Privilege | 4550929 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4556812 (Security Update) | Important | Elevation of Privilege | 4550927 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4556812 (Security Update) | Important | Elevation of Privilege | 4550927 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4556812 (Security Update) | Important | Elevation of Privilege | 4550927 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4556807 (Security Update) | Important | Elevation of Privilege | 4550922 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4556807 (Security Update) | Important | Elevation of Privilege | 4550922 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4556807 (Security Update) | Important | Elevation of Privilege | 4550922 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4551853 (Security Update) | Important | Elevation of Privilege | 4549949 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4551853 (Security Update) | Important | Elevation of Privilege | 4549949 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4551853 (Security Update) | Important | Elevation of Privilege | 4549949 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for 32-bit Systems | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for ARM64-based Systems | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for x64-based Systems | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4556836 (Monthly Rollup) 4556843 (Security Only) |
Important | Elevation of Privilege | 4550964 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4556836 (Monthly Rollup) 4556843 (Security Only) |
Important | Elevation of Privilege | 4550964 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4556846 (Monthly Rollup) 4556853 (Security Only) |
Important | Elevation of Privilege | 4550961 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4556846 (Monthly Rollup) 4556853 (Security Only) |
Important | Elevation of Privilege | 4550961 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4556846 (Monthly Rollup) | Important | Elevation of Privilege | 4550961 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4556860 (Monthly Rollup) 4556854 (Security Only) |
Important | Elevation of Privilege | 4550951 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4556860 (Monthly Rollup) 4556854 (Security Only) |
Important | Elevation of Privilege | 4550951 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4556860 (Monthly Rollup) 4556854 (Security Only) |
Important | Elevation of Privilege | 4550951 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4556860 (Monthly Rollup) 4556854 (Security Only) |
Important | Elevation of Privilege | 4550951 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4556860 (Monthly Rollup) 4556854 (Security Only) |
Important | Elevation of Privilege | 4550951 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4556836 (Monthly Rollup) 4556843 (Security Only) |
Important | Elevation of Privilege | 4550964 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4556836 (Monthly Rollup) 4556843 (Security Only) |
Important | Elevation of Privilege | 4550964 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4556836 (Monthly Rollup) 4556843 (Security Only) |
Important | Elevation of Privilege | 4550964 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4556840 (Monthly Rollup) 4556852 (Security Only) |
Important | Elevation of Privilege | 4550917 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4556840 (Monthly Rollup) 4556852 (Security Only) |
Important | Elevation of Privilege | 4550917 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4556846 (Monthly Rollup) 4556853 (Security Only) |
Important | Elevation of Privilege | 4550961 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4556846 (Monthly Rollup) 4556853 (Security Only) |
Important | Elevation of Privilege | 4550961 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4556813 (Security Update) | Important | Elevation of Privilege | 4550929 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4556813 (Security Update) | Important | Elevation of Privilege | 4550929 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4551853 (Security Update) | Important | Elevation of Privilege | 4549949 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4551853 (Security Update) | Important | Elevation of Privilege | 4549949 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4556807 (Security Update) | Important | Elevation of Privilege | 4550922 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1903 (Server Core installation) | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1909 (Server Core installation) | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2020-1054 | Netanel Ben-Simon and Yoav Alon from Check Point Research |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2020-1055 MITRE NVD |
CVE Title: Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability
Description: A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize user inputs. An un-authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected ADFS server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run scripts in the security context of the current user. This security update addresses the vulnerability by ensuring that ADFS properly sanitizes user inputs. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2020-05-12T07:00:00Z     Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2020-1055 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 4551853 (Security Update) | Important | Spoofing | 4549949 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4551853 (Security Update) | Important | Spoofing | 4549949 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4551853 (Security Update) | Important | Spoofing | 4549949 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 1903 for 32-bit Systems | 4556799 (Security Update) | Important | Spoofing | 4549951 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 1903 for ARM64-based Systems | 4556799 (Security Update) | Important | Spoofing | 4549951 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 1903 for x64-based Systems | 4556799 (Security Update) | Important | Spoofing | 4549951 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 4556799 (Security Update) | Important | Spoofing | 4549951 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 4556799 (Security Update) | Important | Spoofing | 4549951 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows 10 Version 1909 for x64-based Systems | 4556799 (Security Update) | Important | Spoofing | 4549951 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2019 | 4551853 (Security Update) | Important | Spoofing | 4549949 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server 2019 (Server Core installation) | 4551853 (Security Update) | Important | Spoofing | 4549949 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server, version 1903 (Server Core installation) | 4556799 (Security Update) | Important | Spoofing | 4549951 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
Windows Server, version 1909 (Server Core installation) | 4556799 (Security Update) | Important | Spoofing | 4549951 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
CVE ID | Acknowledgements |
CVE-2020-1055 | Steve Patches |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2020-1058 MITRE NVD |
CVE Title: VBScript Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2020-05-12T07:00:00Z     Information published. |
Low | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2020-1058 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Internet Explorer 11 on Windows 10 for 32-bit Systems | 4556826 (Security Update) | Important | Remote Code Execution | 4550930 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 for x64-based Systems | 4556826 (Security Update) | Important | Remote Code Execution | 4550930 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems | 4556813 (Security Update) | Important | Remote Code Execution | 4550929 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems | 4556813 (Security Update) | Important | Remote Code Execution | 4550929 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems | 4556812 (Security Update) | Important | Remote Code Execution | 4550927 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for ARM64-based Systems | 4556812 (Security Update) | Important | Remote Code Execution | 4550927 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems | 4556812 (Security Update) | Important | Remote Code Execution | 4550927 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems | 4556807 (Security Update) | Important | Remote Code Execution | 4550922 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems | 4556807 (Security Update) | Important | Remote Code Execution | 4550922 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems | 4556807 (Security Update) | Important | Remote Code Execution | 4550922 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems | 4551853 (Security Update) | Important | Remote Code Execution | 4549949 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems | 4551853 (Security Update) | Important | Remote Code Execution | 4549949 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems | 4551853 (Security Update) | Important | Remote Code Execution | 4549949 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems | 4556799 (Security Update) | Important | Remote Code Execution | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems | 4556799 (Security Update) | Important | Remote Code Execution | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems | 4556799 (Security Update) | Important | Remote Code Execution | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems | 4556799 (Security Update) | Important | Remote Code Execution | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems | 4556799 (Security Update) | Important | Remote Code Execution | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems | 4556799 (Security Update) | Important | Remote Code Execution | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 | 4556798 (IE Cumulative) 4556836 (Monthly Rollup) |
Important | Remote Code Execution | 4550905 4550964 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 | 4556798 (IE Cumulative) 4556836 (Monthly Rollup) |
Important | Remote Code Execution | 4550905 4550964 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 8.1 for 32-bit systems | 4556798 (IE Cumulative) 4556846 (Monthly Rollup) |
Important | Remote Code Execution | 4550905 4550961 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 8.1 for x64-based systems | 4556798 (IE Cumulative) 4556846 (Monthly Rollup) |
Important | Remote Code Execution | 4550905 4550961 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows RT 8.1 | 4556846 (Monthly Rollup) | Important | Remote Code Execution | 4550961 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4556798 (IE Cumulative) 4556836 (Monthly Rollup) |
Low | Remote Code Execution | 4550905 4550964 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2012 | 4556798 (IE Cumulative) 4556840 (Monthly Rollup) |
Low | Remote Code Execution | 4550905 4550917 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2012 R2 | 4556798 (IE Cumulative) 4556846 (Monthly Rollup) |
Low | Remote Code Execution | 4550905 4550961 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2016 | 4556813 (Security Update) | Low | Remote Code Execution | 4550929 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2019 | 4551853 (Security Update) | Low | Remote Code Execution | 4549949 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 4556860 (Monthly Rollup) 4556798 (IE Cumulative) |
Low | Remote Code Execution | 4550951 4550905 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2 | 4556860 (Monthly Rollup) 4556798 (IE Cumulative) |
Low | Remote Code Execution | 4550951 4550905 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2020-1058 | Yuki Chen of Qihoo 360 Vulcan Team |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2020-1059 MITRE NVD |
CVE Title: Microsoft Edge Spoofing Vulnerability
Description: A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services. To exploit the vulnerability, the user must click a specially crafted URL. In an email attack scenario, an attacker could send an email message containing the specially crafted URL to the user in an attempt to convince the user to click it. In a web-based attack scenario, an attacker could host a specially crafted website designed to appear as a legitimate website to the user. However, the attacker would have no way to force the user to visit the specially crafted website. The attacker would have to convince the user to visit the specially crafted website, typically by way of enticement in an email or instant message, and then convince the user to interact with content on the website. The update addresses the vulnerability by correcting how Microsoft Edge parses HTTP responses. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2020-05-12T07:00:00Z     Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2020-1059 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems | 4556807 (Security Update) | Important | Spoofing | 4550922 | Base: 4.3 Temporal: 3.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems | 4556807 (Security Update) | Important | Spoofing | 4550922 | Base: 4.3 Temporal: 3.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems | 4556807 (Security Update) | Important | Spoofing | 4550922 | Base: 4.3 Temporal: 3.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems | 4551853 (Security Update) | Important | Spoofing | 4549949 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems | 4551853 (Security Update) | Important | Spoofing | 4549949 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems | 4551853 (Security Update) | Important | Spoofing | 4549949 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems | 4556799 (Security Update) | Important | Spoofing | 4549951 | Base: 4.3 Temporal: 3.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems | 4556799 (Security Update) | Important | Spoofing | 4549951 | Base: 4.3 Temporal: 3.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems | 4556799 (Security Update) | Important | Spoofing | 4549951 | Base: 4.3 Temporal: 3.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems | 4556799 (Security Update) | Important | Spoofing | 4549951 | Base: 4.3 Temporal: 3.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems | 4556799 (Security Update) | Important | Spoofing | 4549951 | Base: 4.3 Temporal: 3.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems | 4556799 (Security Update) | Important | Spoofing | 4549951 | Base: 4.3 Temporal: 3.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows Server 2019 | 4551853 (Security Update) | Low | Spoofing | 4549949 |
Base: 4.3 Temporal: 3.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2020-1059 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2020-1060 MITRE NVD |
CVE Title: VBScript Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2020-05-12T07:00:00Z     Information published. |
Low | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2020-1060 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Internet Explorer 11 on Windows 10 for 32-bit Systems | 4556826 (Security Update) | Important | Remote Code Execution | 4550930 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 for x64-based Systems | 4556826 (Security Update) | Important | Remote Code Execution | 4550930 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems | 4556813 (Security Update) | Important | Remote Code Execution | 4550929 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems | 4556813 (Security Update) | Important | Remote Code Execution | 4550929 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems | 4556812 (Security Update) | Important | Remote Code Execution | 4550927 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for ARM64-based Systems | 4556812 (Security Update) | Important | Remote Code Execution | 4550927 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems | 4556812 (Security Update) | Important | Remote Code Execution | 4550927 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems | 4556807 (Security Update) | Important | Remote Code Execution | 4550922 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems | 4556807 (Security Update) | Important | Remote Code Execution | 4550922 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems | 4556807 (Security Update) | Important | Remote Code Execution | 4550922 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems | 4551853 (Security Update) | Important | Remote Code Execution | 4549949 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems | 4551853 (Security Update) | Important | Remote Code Execution | 4549949 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems | 4551853 (Security Update) | Important | Remote Code Execution | 4549949 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems | 4556799 (Security Update) | Important | Remote Code Execution | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems | 4556799 (Security Update) | Important | Remote Code Execution | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems | 4556799 (Security Update) | Important | Remote Code Execution | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems | 4556799 (Security Update) | Important | Remote Code Execution | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems | 4556799 (Security Update) | Important | Remote Code Execution | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems | 4556799 (Security Update) | Important | Remote Code Execution | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 | 4556798 (IE Cumulative) 4556836 (Monthly Rollup) |
Important | Remote Code Execution | 4550905 4550964 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 | 4556798 (IE Cumulative) 4556836 (Monthly Rollup) |
Important | Remote Code Execution | 4550905 4550964 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 8.1 for 32-bit systems | 4556798 (IE Cumulative) 4556846 (Monthly Rollup) |
Important | Remote Code Execution | 4550905 4550961 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 8.1 for x64-based systems | 4556798 (IE Cumulative) 4556846 (Monthly Rollup) |
Important | Remote Code Execution | 4550905 4550961 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows RT 8.1 | 4556846 (Monthly Rollup) | Important | Remote Code Execution | 4550961 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4556798 (IE Cumulative) 4556836 (Monthly Rollup) |
Low | Remote Code Execution | 4550905 4550964 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2012 | 4556798 (IE Cumulative) 4556840 (Monthly Rollup) |
Low | Remote Code Execution | 4550905 4550917 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2012 R2 | 4556798 (IE Cumulative) 4556846 (Monthly Rollup) |
Low | Remote Code Execution | 4550905 4550961 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2016 | 4556813 (Security Update) | Low | Remote Code Execution | 4550929 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2019 | 4551853 (Security Update) | Low | Remote Code Execution | 4549949 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 4556860 (Monthly Rollup) 4556798 (IE Cumulative) |
Low | Remote Code Execution | 4550951 4550905 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2 | 4556860 (Monthly Rollup) 4556798 (IE Cumulative) |
Low | Remote Code Execution | 4550951 4550905 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2020-1060 | Yuki Chen of Qihoo 360 Vulcan Team |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2020-1061 MITRE NVD |
CVE Title: Microsoft Script Runtime Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way that the Microsoft Script Runtime handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Microsoft Script Runtime handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2020-05-12T07:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2020-1061 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4556826 (Security Update) | Important | Remote Code Execution | 4550930 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4556826 (Security Update) | Important | Remote Code Execution | 4550930 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4556813 (Security Update) | Important | Remote Code Execution | 4550929 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4556813 (Security Update) | Important | Remote Code Execution | 4550929 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4556812 (Security Update) | Important | Remote Code Execution | 4550927 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4556812 (Security Update) | Important | Remote Code Execution | 4550927 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4556812 (Security Update) | Important | Remote Code Execution | 4550927 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4556807 (Security Update) | Important | Remote Code Execution | 4550922 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4556807 (Security Update) | Important | Remote Code Execution | 4550922 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4556807 (Security Update) | Important | Remote Code Execution | 4550922 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4551853 (Security Update) | Important | Remote Code Execution | 4549949 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4551853 (Security Update) | Important | Remote Code Execution | 4549949 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4551853 (Security Update) | Important | Remote Code Execution | 4549949 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for 32-bit Systems | 4556799 (Security Update) | Important | Remote Code Execution | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for ARM64-based Systems | 4556799 (Security Update) | Important | Remote Code Execution | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for x64-based Systems | 4556799 (Security Update) | Important | Remote Code Execution | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 4556799 (Security Update) | Important | Remote Code Execution | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 4556799 (Security Update) | Important | Remote Code Execution | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 4556799 (Security Update) | Important | Remote Code Execution | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4556836 (Monthly Rollup) 4556843 (Security Only) |
Important | Remote Code Execution | 4550964 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4556836 (Monthly Rollup) 4556843 (Security Only) |
Important | Remote Code Execution | 4550964 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4556846 (Monthly Rollup) 4556853 (Security Only) |
Important | Remote Code Execution | 4550961 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4556846 (Monthly Rollup) 4556853 (Security Only) |
Important | Remote Code Execution | 4550961 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4556846 (Monthly Rollup) | Important | Remote Code Execution | 4550961 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4556860 (Monthly Rollup) 4556854 (Security Only) |
Important | Remote Code Execution | 4550951 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4556860 (Monthly Rollup) 4556854 (Security Only) |
Important | Remote Code Execution | 4550951 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4556860 (Monthly Rollup) 4556854 (Security Only) |
Important | Remote Code Execution | 4550951 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4556860 (Monthly Rollup) 4556854 (Security Only) |
Important | Remote Code Execution | 4550951 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4556860 (Monthly Rollup) 4556854 (Security Only) |
Important | Remote Code Execution | 4550951 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4556836 (Monthly Rollup) 4556843 (Security Only) |
Important | Remote Code Execution | 4550964 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4556836 (Monthly Rollup) 4556843 (Security Only) |
Important | Remote Code Execution | 4550964 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4556836 (Monthly Rollup) 4556843 (Security Only) |
Important | Remote Code Execution | 4550964 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4556840 (Monthly Rollup) 4556852 (Security Only) |
Important | Remote Code Execution | 4550917 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4556840 (Monthly Rollup) 4556852 (Security Only) |
Important | Remote Code Execution | 4550917 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4556846 (Monthly Rollup) 4556853 (Security Only) |
Important | Remote Code Execution | 4550961 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4556846 (Monthly Rollup) 4556853 (Security Only) |
Important | Remote Code Execution | 4550961 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4556813 (Security Update) | Important | Remote Code Execution | 4550929 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4556813 (Security Update) | Important | Remote Code Execution | 4550929 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4551853 (Security Update) | Important | Remote Code Execution | 4549949 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4551853 (Security Update) | Important | Remote Code Execution | 4549949 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4556807 (Security Update) | Important | Remote Code Execution | 4550922 | Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1903 (Server Core installation) | 4556799 (Security Update) | Important | Remote Code Execution | 4549951 | Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1909 (Server Core installation) | 4556799 (Security Update) | Important | Remote Code Execution | 4549951 | Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2020-1061 | Yuki Chen of Qihoo 360 Vulcan Team |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2020-1062 MITRE NVD |
CVE Title: Internet Explorer Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could host a specially crafted website designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action, typically by an enticement in an email or instant message, or by getting the user to open an attachment sent through email. The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2020-05-12T07:00:00Z     Information published. |
Moderate | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | Exploitation More Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2020-1062 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Internet Explorer 11 on Windows 10 for 32-bit Systems | 4556826 (Security Update) | Critical | Remote Code Execution | 4550930 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 for x64-based Systems | 4556826 (Security Update) | Critical | Remote Code Execution | 4550930 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems | 4556813 (Security Update) | Critical | Remote Code Execution | 4550929 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems | 4556813 (Security Update) | Critical | Remote Code Execution | 4550929 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems | 4556812 (Security Update) | Critical | Remote Code Execution | 4550927 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for ARM64-based Systems | 4556812 (Security Update) | Critical | Remote Code Execution | 4550927 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems | 4556812 (Security Update) | Critical | Remote Code Execution | 4550927 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems | 4556807 (Security Update) | Critical | Remote Code Execution | 4550922 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems | 4556807 (Security Update) | Critical | Remote Code Execution | 4550922 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems | 4556807 (Security Update) | Critical | Remote Code Execution | 4550922 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems | 4551853 (Security Update) | Critical | Remote Code Execution | 4549949 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems | 4551853 (Security Update) | Critical | Remote Code Execution | 4549949 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems | 4551853 (Security Update) | Critical | Remote Code Execution | 4549949 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems | 4556799 (Security Update) | Critical | Remote Code Execution | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems | 4556799 (Security Update) | Critical | Remote Code Execution | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems | 4556799 (Security Update) | Critical | Remote Code Execution | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems | 4556799 (Security Update) | Critical | Remote Code Execution | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems | 4556799 (Security Update) | Critical | Remote Code Execution | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems | 4556799 (Security Update) | Critical | Remote Code Execution | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 | 4556798 (IE Cumulative) 4556836 (Monthly Rollup) |
Critical | Remote Code Execution | 4550905 4550964 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 | 4556798 (IE Cumulative) 4556836 (Monthly Rollup) |
Critical | Remote Code Execution | 4550905 4550964 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 8.1 for 32-bit systems | 4556798 (IE Cumulative) 4556846 (Monthly Rollup) |
Critical | Remote Code Execution | 4550905 4550961 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 8.1 for x64-based systems | 4556798 (IE Cumulative) 4556846 (Monthly Rollup) |
Critical | Remote Code Execution | 4550905 4550961 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows RT 8.1 | 4556846 (Monthly Rollup) | Critical | Remote Code Execution | 4550961 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4556798 (IE Cumulative) 4556836 (Monthly Rollup) |
Moderate | Remote Code Execution | 4550905 4550964 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2012 | 4556798 (IE Cumulative) 4556840 (Monthly Rollup) |
Moderate | Remote Code Execution | 4550905 4550917 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2012 R2 | 4556798 (IE Cumulative) 4556846 (Monthly Rollup) |
Moderate | Remote Code Execution | 4550905 4550961 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2016 | 4556813 (Security Update) | Moderate | Remote Code Execution | 4550929 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2019 | 4551853 (Security Update) | Moderate | Remote Code Execution | 4549949 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 4556860 (Monthly Rollup) 4556798 (IE Cumulative) |
Moderate | Remote Code Execution | 4550951 4550905 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2 | 4556860 (Monthly Rollup) 4556798 (IE Cumulative) |
Moderate | Remote Code Execution | 4550951 4550905 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2020-1062 | Edward Thompson working with iDefense Labs Anonymous working with Trend Micro's Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2020-1063 MITRE NVD |
CVE Title: Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
Description: A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current authenticated user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions within Dynamics Server on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that Dynamics Server properly sanitizes web requests. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2020-05-12T07:00:00Z     Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2020-1063 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Dynamics 365 (on-premises) version 8.2 | 4551998 (Security Update) | Important | Spoofing | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Dynamics 365 (on-premises) version 9.0 | 4552002 (Security Update) | Important | Spoofing | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
CVE ID | Acknowledgements |
CVE-2020-1063 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2020-1064 MITRE NVD |
CVE Title: MSHTML Engine Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a HTML editing attack scenario, an attacker could trick a user into editing a specially crafted file that is designed to exploit the vulnerability. The security update addresses the vulnerability by modifying how MSHTML engine validates input. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2020-05-12T07:00:00Z     Information published. |
Moderate | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2020-1064 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Internet Explorer 11 on Windows 10 for 32-bit Systems | 4556826 (Security Update) | Critical | Remote Code Execution | 4550930 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 for x64-based Systems | 4556826 (Security Update) | Critical | Remote Code Execution | 4550930 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems | 4556813 (Security Update) | Critical | Remote Code Execution | 4550929 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems | 4556813 (Security Update) | Critical | Remote Code Execution | 4550929 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems | 4556812 (Security Update) | Critical | Remote Code Execution | 4550927 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for ARM64-based Systems | 4556812 (Security Update) | Critical | Remote Code Execution | 4550927 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems | 4556812 (Security Update) | Critical | Remote Code Execution | 4550927 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems | 4556807 (Security Update) | Critical | Remote Code Execution | 4550922 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems | 4556807 (Security Update) | Critical | Remote Code Execution | 4550922 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems | 4556807 (Security Update) | Critical | Remote Code Execution | 4550922 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems | 4551853 (Security Update) | Critical | Remote Code Execution | 4549949 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems | 4551853 (Security Update) | Critical | Remote Code Execution | 4549949 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems | 4551853 (Security Update) | Critical | Remote Code Execution | 4549949 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems | 4556799 (Security Update) | Critical | Remote Code Execution | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems | 4556799 (Security Update) | Critical | Remote Code Execution | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems | 4556799 (Security Update) | Critical | Remote Code Execution | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems | 4556799 (Security Update) | Critical | Remote Code Execution | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems | 4556799 (Security Update) | Critical | Remote Code Execution | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems | 4556799 (Security Update) | Critical | Remote Code Execution | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 | 4556798 (IE Cumulative) 4556836 (Monthly Rollup) |
Critical | Remote Code Execution | 4550905 4550964 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 | 4556798 (IE Cumulative) 4556836 (Monthly Rollup) |
Critical | Remote Code Execution | 4550905 4550964 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 8.1 for 32-bit systems | 4556798 (IE Cumulative) 4556846 (Monthly Rollup) |
Critical | Remote Code Execution | 4550905 4550961 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 8.1 for x64-based systems | 4556798 (IE Cumulative) 4556846 (Monthly Rollup) |
Critical | Remote Code Execution | 4550905 4550961 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows RT 8.1 | 4556846 (Monthly Rollup) | Critical | Remote Code Execution | 4550961 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4556798 (IE Cumulative) 4556836 (Monthly Rollup) |
Moderate | Remote Code Execution | 4550905 4550964 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2012 | 4556798 (IE Cumulative) 4556840 (Monthly Rollup) |
Moderate | Remote Code Execution | 4550905 4550917 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2012 R2 | 4556798 (IE Cumulative) 4556846 (Monthly Rollup) |
Moderate | Remote Code Execution | 4550905 4550961 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2016 | 4556813 (Security Update) | Moderate | Remote Code Execution | 4550929 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2019 | 4551853 (Security Update) | Moderate | Remote Code Execution | 4549949 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 4556860 (Monthly Rollup) 4556798 (IE Cumulative) |
Moderate | Remote Code Execution | 4550951 4550905 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2 | 4556860 (Monthly Rollup) 4556798 (IE Cumulative) |
Moderate | Remote Code Execution | 4550951 4550905 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2020-1064 | Yuki Chen of Qihoo 360 Vulcan Team |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2020-1065 MITRE NVD |
CVE Title: Scripting Engine Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by modifying how the ChakraCore scripting engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2020-05-12T07:00:00Z     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2020-1065 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
ChakraCore | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Maybe |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems | 4556807 (Security Update) | Critical | Remote Code Execution | 4550922 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems | 4556807 (Security Update) | Critical | Remote Code Execution | 4550922 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems | 4556807 (Security Update) | Critical | Remote Code Execution | 4550922 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems | 4551853 (Security Update) | Critical | Remote Code Execution | 4549949 |
Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems | 4551853 (Security Update) | Critical | Remote Code Execution | 4549949 |
Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems | 4551853 (Security Update) | Critical | Remote Code Execution | 4549949 |
Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems | 4556799 (Security Update) | Critical | Remote Code Execution | 4549951 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems | 4556799 (Security Update) | Critical | Remote Code Execution | 4549951 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems | 4556799 (Security Update) | Critical | Remote Code Execution | 4549951 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems | 4556799 (Security Update) | Critical | Remote Code Execution | 4549951 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems | 4556799 (Security Update) | Critical | Remote Code Execution | 4549951 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems | 4556799 (Security Update) | Critical | Remote Code Execution | 4549951 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows Server 2019 | 4551853 (Security Update) | Moderate | Remote Code Execution | 4549949 |
Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2020-1065 | Looben Yang |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2020-1066 MITRE NVD |
CVE Title: .NET Framework Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level. To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program. The update addresses the vulnerability by correcting how .NET Framework activates COM objects. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2020-05-12T07:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2020-1066 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 4556402 (Monthly Rollup) 4556406 (Security Only) |
Important | Elevation of Privilege | Base: N/A Temporal: N/A Vector: N/A |
Maybe | |
Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4556402 (Monthly Rollup) 4556406 (Security Only) |
Important | Elevation of Privilege | Base: N/A Temporal: N/A Vector: N/A |
Maybe | |
Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2 | 4556402 (Monthly Rollup) 4556406 (Security Only) |
Important | Elevation of Privilege | Base: N/A Temporal: N/A Vector: N/A |
Maybe | |
Microsoft .NET Framework 3.5.1 on Windows 7 for 32-bit Systems Service Pack 1 | 4556399 (Monthly Rollup) 4556403 (Security Only) |
Important | Elevation of Privilege | Base: N/A Temporal: N/A Vector: N/A |
Maybe | |
Microsoft .NET Framework 3.5.1 on Windows 7 for x64-based Systems Service Pack 1 | 4556399 (Monthly Rollup) 4556403 (Security Only) |
Important | Elevation of Privilege | Base: N/A Temporal: N/A Vector: N/A |
Maybe | |
Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4556399 (Monthly Rollup) 4556403 (Security Only) |
Important | Elevation of Privilege | Base: N/A Temporal: N/A Vector: N/A |
Maybe | |
Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4556399 (Monthly Rollup) 4556403 (Security Only) |
Important | Elevation of Privilege | Base: N/A Temporal: N/A Vector: N/A |
Maybe | |
Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4556399 (Monthly Rollup) 4556403 (Security Only) |
Important | Elevation of Privilege | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
CVE ID | Acknowledgements |
CVE-2020-1066 | ChengBin Wang(@cbwang505) from ZheJiang Guoli Security Technology |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2020-1071 MITRE NVD |
CVE Title: Windows Remote Access Common Dialog Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when Windows improperly handles errors tied to Remote Access Common Dialog. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit this vulnerability an attacker would need to physically access the booted machine to reach the logon screen. An attacker could then exploit the vulnerability and take control of an affected system. The update addresses the vulnerability by correcting how the Windows handles errors tied to Remote Access Common Dialog. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2020-05-12T07:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2020-1071 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4556826 (Security Update) | Important | Elevation of Privilege | 4550930 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4556826 (Security Update) | Important | Elevation of Privilege | 4550930 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4556813 (Security Update) | Important | Elevation of Privilege | 4550929 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4556813 (Security Update) | Important | Elevation of Privilege | 4550929 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4556812 (Security Update) | Important | Elevation of Privilege | 4550927 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4556812 (Security Update) | Important | Elevation of Privilege | 4550927 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4556812 (Security Update) | Important | Elevation of Privilege | 4550927 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4556807 (Security Update) | Important | Elevation of Privilege | 4550922 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4556807 (Security Update) | Important | Elevation of Privilege | 4550922 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4556807 (Security Update) | Important | Elevation of Privilege | 4550922 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4551853 (Security Update) | Important | Elevation of Privilege | 4549949 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4551853 (Security Update) | Important | Elevation of Privilege | 4549949 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4551853 (Security Update) | Important | Elevation of Privilege | 4549949 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for 32-bit Systems | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for ARM64-based Systems | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for x64-based Systems | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4556836 (Monthly Rollup) 4556843 (Security Only) |
Important | Elevation of Privilege | 4550964 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4556836 (Monthly Rollup) 4556843 (Security Only) |
Important | Elevation of Privilege | 4550964 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4556846 (Monthly Rollup) 4556853 (Security Only) |
Important | Elevation of Privilege | 4550961 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4556846 (Monthly Rollup) 4556853 (Security Only) |
Important | Elevation of Privilege | 4550961 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4556846 (Monthly Rollup) | Important | Elevation of Privilege | 4550961 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4556836 (Monthly Rollup) 4556843 (Security Only) |
Important | Elevation of Privilege | 4550964 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4556836 (Monthly Rollup) 4556843 (Security Only) |
Important | Elevation of Privilege | 4550964 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4556836 (Monthly Rollup) 4556843 (Security Only) |
Important | Elevation of Privilege | 4550964 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4556840 (Monthly Rollup) 4556852 (Security Only) |
Important | Elevation of Privilege | 4550917 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4556840 (Monthly Rollup) 4556852 (Security Only) |
Important | Elevation of Privilege | 4550917 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4556846 (Monthly Rollup) 4556853 (Security Only) |
Important | Elevation of Privilege | 4550961 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4556846 (Monthly Rollup) 4556853 (Security Only) |
Important | Elevation of Privilege | 4550961 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4556813 (Security Update) | Important | Elevation of Privilege | 4550929 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4556813 (Security Update) | Important | Elevation of Privilege | 4550929 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4551853 (Security Update) | Important | Elevation of Privilege | 4549949 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4551853 (Security Update) | Important | Elevation of Privilege | 4549949 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4556807 (Security Update) | Important | Elevation of Privilege | 4550922 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1903 (Server Core installation) | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1909 (Server Core installation) | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2020-1071 | GhostInTheMachine |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2020-1076 MITRE NVD |
CVE Title: Windows Denial of Service Vulnerability
Description: A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to cause a target system to stop responding. The update addresses the vulnerability by correcting how Windows handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2020-05-12T07:00:00Z     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2020-1076 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4556826 (Security Update) | Important | Denial of Service | 4550930 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4556826 (Security Update) | Important | Denial of Service | 4550930 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4556813 (Security Update) | Important | Denial of Service | 4550929 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4556813 (Security Update) | Important | Denial of Service | 4550929 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4556812 (Security Update) | Important | Denial of Service | 4550927 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4556812 (Security Update) | Important | Denial of Service | 4550927 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4556812 (Security Update) | Important | Denial of Service | 4550927 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4556807 (Security Update) | Important | Denial of Service | 4550922 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4556807 (Security Update) | Important | Denial of Service | 4550922 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4556807 (Security Update) | Important | Denial of Service | 4550922 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4551853 (Security Update) | Important | Denial of Service | 4549949 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4551853 (Security Update) | Important | Denial of Service | 4549949 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4551853 (Security Update) | Important | Denial of Service | 4549949 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for 32-bit Systems | 4556799 (Security Update) | Important | Denial of Service | 4549951 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for ARM64-based Systems | 4556799 (Security Update) | Important | Denial of Service | 4549951 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for x64-based Systems | 4556799 (Security Update) | Important | Denial of Service | 4549951 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 4556799 (Security Update) | Important | Denial of Service | 4549951 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 4556799 (Security Update) | Important | Denial of Service | 4549951 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 4556799 (Security Update) | Important | Denial of Service | 4549951 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4556846 (Monthly Rollup) 4556853 (Security Only) |
Important | Denial of Service | 4550961 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4556846 (Monthly Rollup) 4556853 (Security Only) |
Important | Denial of Service | 4550961 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4556846 (Monthly Rollup) | Important | Denial of Service | 4550961 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4556840 (Monthly Rollup) 4556852 (Security Only) |
Important | Denial of Service | 4550917 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4556840 (Monthly Rollup) 4556852 (Security Only) |
Important | Denial of Service | 4550917 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4556846 (Monthly Rollup) 4556853 (Security Only) |
Important | Denial of Service | 4550961 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4556846 (Monthly Rollup) 4556853 (Security Only) |
Important | Denial of Service | 4550961 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4556813 (Security Update) | Important | Denial of Service | 4550929 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4556813 (Security Update) | Important | Denial of Service | 4550929 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4551853 (Security Update) | Important | Denial of Service | 4549949 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4551853 (Security Update) | Important | Denial of Service | 4549949 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4556807 (Security Update) | Important | Denial of Service | 4550922 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1903 (Server Core installation) | 4556799 (Security Update) | Important | Denial of Service | 4549951 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1909 (Server Core installation) | 4556799 (Security Update) | Important | Denial of Service | 4549951 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2020-1076 | Gábor Selján (@GaborSeljan) |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2020-1078 MITRE NVD |
CVE Title: Windows Installer Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations. To exploit the vulnerability, an attacker would require unprivileged execution on the victim system. After successfully exploiting the vulnerability, an attacker could run arbitrary code with elevated privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the way Windows Installer handles certain filesystem operations. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2020-05-12T07:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2020-1078 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4556826 (Security Update) | Important | Elevation of Privilege | 4550930 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4556826 (Security Update) | Important | Elevation of Privilege | 4550930 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4556813 (Security Update) | Important | Elevation of Privilege | 4550929 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4556813 (Security Update) | Important | Elevation of Privilege | 4550929 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4556812 (Security Update) | Important | Elevation of Privilege | 4550927 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4556812 (Security Update) | Important | Elevation of Privilege | 4550927 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4556812 (Security Update) | Important | Elevation of Privilege | 4550927 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4556807 (Security Update) | Important | Elevation of Privilege | 4550922 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4556807 (Security Update) | Important | Elevation of Privilege | 4550922 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4556807 (Security Update) | Important | Elevation of Privilege | 4550922 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4551853 (Security Update) | Important | Elevation of Privilege | 4549949 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4551853 (Security Update) | Important | Elevation of Privilege | 4549949 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4551853 (Security Update) | Important | Elevation of Privilege | 4549949 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for 32-bit Systems | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for ARM64-based Systems | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for x64-based Systems | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 4556836 (Monthly Rollup) 4556843 (Security Only) |
Important | Elevation of Privilege | 4550964 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 4556836 (Monthly Rollup) 4556843 (Security Only) |
Important | Elevation of Privilege | 4550964 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 4556846 (Monthly Rollup) 4556853 (Security Only) |
Important | Elevation of Privilege | 4550961 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 4556846 (Monthly Rollup) 4556853 (Security Only) |
Important | Elevation of Privilege | 4550961 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 4556846 (Monthly Rollup) | Important | Elevation of Privilege | 4550961 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 4556860 (Monthly Rollup) 4556854 (Security Only) |
Important | Elevation of Privilege | 4550951 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 4556860 (Monthly Rollup) 4556854 (Security Only) |
Important | Elevation of Privilege | 4550951 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for Itanium-Based Systems Service Pack 2 | 4556860 (Monthly Rollup) 4556854 (Security Only) |
Important | Elevation of Privilege | 4550951 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 4556860 (Monthly Rollup) 4556854 (Security Only) |
Important | Elevation of Privilege | 4550951 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 4556860 (Monthly Rollup) 4556854 (Security Only) |
Important | Elevation of Privilege | 4550951 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 | 4556836 (Monthly Rollup) 4556843 (Security Only) |
Important | Elevation of Privilege | 4550964 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4556836 (Monthly Rollup) 4556843 (Security Only) |
Important | Elevation of Privilege | 4550964 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 4556836 (Monthly Rollup) 4556843 (Security Only) |
Important | Elevation of Privilege | 4550964 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 4556840 (Monthly Rollup) 4556852 (Security Only) |
Important | Elevation of Privilege | 4550917 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 4556840 (Monthly Rollup) 4556852 (Security Only) |
Important | Elevation of Privilege | 4550917 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 4556846 (Monthly Rollup) 4556853 (Security Only) |
Important | Elevation of Privilege | 4550961 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 4556846 (Monthly Rollup) 4556853 (Security Only) |
Important | Elevation of Privilege | 4550961 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4556813 (Security Update) | Important | Elevation of Privilege | 4550929 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4556813 (Security Update) | Important | Elevation of Privilege | 4550929 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4551853 (Security Update) | Important | Elevation of Privilege | 4549949 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4551853 (Security Update) | Important | Elevation of Privilege | 4549949 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4556807 (Security Update) | Important | Elevation of Privilege | 4550922 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1903 (Server Core installation) | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1909 (Server Core installation) | 4556799 (Security Update) | Important | Elevation of Privilege | 4549951 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2020-1078 | JeongOh Kyea(@kkokkokye) of THEORI
|
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2020-1084 MITRE NVD |
CVE Title: Connected User Experiences and Telemetry Service Denial of Service Vulnerability
Description: A Denial Of Service vulnerability exists when Connected User Experiences and Telemetry Service fails to validate certain function values. An attacker who successfully exploited this vulnerability could deny dependent security feature functionality. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service validates certain function values. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2020-05-12T07:00:00Z     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2020-1084 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 4556826 (Security Update) | Important | Denial of Service | 4550930 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 4556826 (Security Update) | Important | Denial of Service | 4550930 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 4556813 (Security Update) | Important | Denial of Service | 4550929 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 4556813 (Security Update) | Important | Denial of Service | 4550929 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for 32-bit Systems | 4556812 (Security Update) | Important | Denial of Service | 4550927 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for ARM64-based Systems | 4556812 (Security Update) | Important | Denial of Service | 4550927 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1709 for x64-based Systems | 4556812 (Security Update) | Important | Denial of Service | 4550927 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for 32-bit Systems | 4556807 (Security Update) | Important | Denial of Service | 4550922 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for ARM64-based Systems | 4556807 (Security Update) | Important | Denial of Service | 4550922 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1803 for x64-based Systems | 4556807 (Security Update) | Important | Denial of Service | 4550922 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 4551853 (Security Update) | Important | Denial of Service | 4549949 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 4551853 (Security Update) | Important | Denial of Service | 4549949 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 4551853 (Security Update) | Important | Denial of Service | 4549949 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for 32-bit Systems | 4556799 (Security Update) | Important | Denial of Service | 4549951 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for ARM64-based Systems | 4556799 (Security Update) | Important | Denial of Service | 4549951 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1903 for x64-based Systems | 4556799 (Security Update) | Important | Denial of Service | 4549951 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 4556799 (Security Update) | Important | Denial of Service | 4549951 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 4556799 (Security Update) | Important | Denial of Service | 4549951 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 4556799 (Security Update) | Important | Denial of Service | 4549951 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 4556813 (Security Update) | Important | Denial of Service | 4550929 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 4556813 (Security Update) | Important | Denial of Service | 4550929 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 4551853 (Security Update) | Important | Denial of Service | 4549949 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 4551853 (Security Update) | Important | Denial of Service | 4549949 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1803 (Server Core Installation) | 4556807 (Security Update) | Important | Denial of Service | 4550922 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1903 (Server Core installation) | 4556799 (Security Update) | Important | Denial of Service | 4549951 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 1909 (Server Core installation) | 4556799 (Security Update) | Important | Denial of Service | 4549951 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2020-1084 | Somaro Sai Cheng with ChengDu MeetSec Technology Co., Ltd. Zhiniang Peng (@edwardzpeng) of Qihoo 360 Core security & Xuefeng Li Somaro2 |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2020-1093 MITRE NVD |
CVE Title: VBScript Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2020-05-12T07:00:00Z     Information published. |
Moderate | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2020-1093 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Internet Explorer 11 on Windows 10 for 32-bit Systems | 4556826 (Security Update) | Critical | Remote Code Execution | 4550930 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 for x64-based Systems | 4556826 (Security Update) | Critical | Remote Code Execution | 4550930 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems | 4556813 (Security Update) | Critical | Remote Code Execution | 4550929 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems | 4556813 (Security Update) | Critical | Remote Code Execution | 4550929 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems | 4556812 (Security Update) | Critical | Remote Code Execution | 4550927 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for ARM64-based Systems | 4556812 (Security Update) | Critical | Remote Code Execution | 4550927 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems | 4556812 (Security Update) | Critical | Remote Code Execution | 4550927 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems | 4556807 (Security Update) | Critical | Remote Code Execution | 4550922 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems | 4556807 (Security Update) | Critical | Remote Code Execution | 4550922 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems | 4556807 (Security Update) | Critical | Remote Code Execution | 4550922 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems | 4551853 (Security Update) | Critical | Remote Code Execution | 4549949 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems | 4551853 (Security Update) | Critical | Remote Code Execution | 4549949 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems | 4551853 (Security Update) | Critical | Remote Code Execution | 4549949 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems | 4556799 (Security Update) | Critical | Remote Code Execution | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems | 4556799 (Security Update) | Critical | Remote Code Execution | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems | 4556799 (Security Update) | Critical | Remote Code Execution | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems | 4556799 (Security Update) | Critical | Remote Code Execution | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems | 4556799 (Security Update) | Critical | Remote Code Execution | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems | 4556799 (Security Update) | Critical | Remote Code Execution | 4549951 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 | 4556798 (IE Cumulative) 4556836 (Monthly Rollup) |
Critical | Remote Code Execution | 4550905 4550964 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 | 4556798 (IE Cumulative) 4556836 (Monthly Rollup) |
Critical | Remote Code Execution | 4550905 4550964 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 8.1 for 32-bit systems | 4556798 (IE Cumulative) 4556846 (Monthly Rollup) |
Critical | Remote Code Execution | 4550905 4550961 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows 8.1 for x64-based systems | 4556798 (IE Cumulative) 4556846 (Monthly Rollup) |
Critical | Remote Code Execution | 4550905 4550961 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows RT 8.1 | 4556846 (Monthly Rollup) | Critical | Remote Code Execution | 4550961 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4556798 (IE Cumulative) 4556836 (Monthly Rollup) |
Moderate | Remote Code Execution | 4550905 4550964 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2012 | 4556798 (IE Cumulative) 4556840 (Monthly Rollup) |
Moderate | Remote Code Execution | 4550905 4550917 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2012 R2 | 4556798 (IE Cumulative) 4556846 (Monthly Rollup) |
Moderate | Remote Code Execution | 4550905 4550961 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2016 | 4556813 (Security Update) | Moderate | Remote Code Execution | 4550929 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 11 on Windows Server 2019 | 4551853 (Security Update) | Moderate | Remote Code Execution | 4549949 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 4556860 (Monthly Rollup) 4556798 (IE Cumulative) |
Moderate | Remote Code Execution | 4550951 4550905 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2 | 4556860 (Monthly Rollup) 4556798 (IE Cumulative) |
Moderate | Remote Code Execution | 4550951 4550905 |
Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2020-1093 | Yuki Chen of Qihoo 360 Vulcan Team |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2020-1096 MITRE NVD |
CVE Title: Microsoft Edge PDF Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website that contains malicious PDF content. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted PDF content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site. The security update addresses the vulnerability by modifying how Microsoft Edge PDF Reader handles objects in memory. FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2020-05-12T07:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment for Latest Software Release | Exploitability Assessment for Older Software Release | Denial of Service Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Exploitation Less Likely | Not Applicable | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2020-1096 | ||||||
Product | KB Article | Severity | Impact | Supersedence | CVSS Score Set | Restart Required |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems | 4556807 (Security Update) | Important | Remote Code Execution | 4550922 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems | 4556807 (Security Update) | Important | Remote Code Execution | 4550922 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems | 4556807 (Security Update) | Important | Remote Code Execution | 4550922 | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C |
Yes |
Microsoft Edge |