Security Warnings

Classification
These posts contain security warnings, including digital loopholes, electronic attacks, technical updates, and they are classified base on the level of severity.

Critical

High

Medium

Low

Microsoft Updates

3080

Warning Date: 13 May, 2020

Severity Level ● High

Warning Number: 2020-1233

Target Sector: All

Description:

Microsoft has released security updates to address several vulnerabilities in the following products:

  • Microsoft Windows
  • Microsoft Edge (EdgeHTML-based)
  • Microsoft Edge (Chromium-based)
  • ChakraCore
  • Internet Explorer
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Windows Defender
  • Visual Studio
  • Microsoft Dynamics
  • .NET Framework
  • .NET Core
  • Power BI
  • Active Directory
  • Common Log File System Driver
  • Microsoft Graphics Component
  • Microsoft JET Database Engine
  • Microsoft Office SharePoint
  • Microsoft Scripting Engine
  • Windows Hyper-V
  • Windows Kernel
  • Windows Scripting
  • Windows Subsystem for Linux
  • Windows Task Scheduler
  • Windows Update Stack

Threats:

An attacker could exploit these vulnerabilities by doing the following:

  • Elevation of Privilege.
  • Authentication Bypass
  • Cross-site scripting (XSS)
  • Unauthorized disclosure of information
  • Execute arbitrary code - remotely.
  • Spoofing
  • Memory Corruption.
  • Denial of Service (DoS).

Best practice and Recommendations:

The CERT team encourages users to review Microsoft security advisory and apply the necessary updates:

Update instructions:

Last updated at 13 May, 2020