Tripwire's May 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Adobe, SaltStack, and VMware. Up first on the patch priority list this month are patches for VMware vCenter Server and SaltStack Salt. The Metasploit exploit framework has recently integrated exploits for VMware vCenter Server (CVE-2020-3952) and SaltStack Salt (CVE-2020-11652, CVE-2020-11651). Administrators with these applications in their networks should patch these vulnerabilities as soon as possible. Up next on the patch priority list this month are patches for Microsoft Scripting Engine, Internet Explorer, and Microsoft Edge. These patches resolve 12 vulnerabilities including remote code execution, spoofing, elevation of privilege, and memory corruption vulnerabilities. Next on the list is a patch for Microsoft Excel, which resolves a remote code execution vulnerability. Up next are patches for Adobe Reader and Acrobat. These patches fix 24 vulnerabilities including denial of service, arbitrary code execution, security feature bypass, and information disclosure vulnerabilities. Next this month are patches that affect components of the Windows operating systems. These patches resolve more than 70 vulnerabilities including denial of service, elevation of privilege, information disclosure, remote code execution, and cross-site scripting vulnerabilities. These vulnerabilities affect Connected User Experiences and Telemetry Service, core Windows, Jet Database Engine, Windows Subsystem for Linux, CSRSS, Clipboard Service, GDI, Graphics Component, Kernel, Media Foundation, Error Reporting, Print Spooler, Printer Service, Windows Runtime, State Repository Service, Storage Service, DirectX, Color Management, Task Scheduler, Hyper-V, Windows Update, and Active Directory Federation Services. Next are patches for .NET Framework & .NET Core, which resolves a denial of service and elevation of privilege vulnerabilities. Finally, administrators should focus on server-side patches available for Microsoft Dynamics and SharePoint. These patches resolve remote code execution, cross-site scripting, information disclosure, and spoofing vulnerabilities.
| BULLETIN | CVE |
| Exploit Framework - Metasploit | CVE-2020-3952, CVE-2020-11652, CVE-2020-11651 |
| Internet Explorer | CVE-2020-1092, CVE-2020-1062, CVE-2020-1064, CVE-2020-1093 |
| Microsoft Edge | CVE-2020-1056, CVE-2020-1096, CVE-2020-1059 |
| Microsoft Scripting Engine | CVE-2020-1037, CVE-2020-1065, CVE-2020-1060, CVE-2020-1058, CVE-2020-1035 |
| Microsoft Office | CVE-2020-0901 |
| APSB20-24: Adobe Reader and Acrobat | CVE-2020-9610, CVE-2020-9612, CVE-2020-9615, CVE-2020-9597, CVE-2020-9594, CVE-2020-9614, CVE-2020-9613, CVE-2020-9596, CVE-2020-9592, CVE-2020-9611, CVE-2020-9609, CVE-2020-9608, CVE-2020-9603, CVE-2020-9602, CVE-2020-9601, CVE-2020-9600, CVE-2020-9599, CVE-2020-9605, CVE-2020-9604, CVE-2020-9607, CVE-2020-9606, CVE-2020-9598, CVE-2020-9595, CVE-2020-9593 |
| Microsoft Windows I | CVE-2020-1075, CVE-2020-1109, CVE-2020-1110, CVE-2020-1061, CVE-2020-1084, CVE-2020-1123, CVE-2020-1150, CVE-2020-1126, CVE-2020-1136, CVE-2020-1028, CVE-2020-1010, CVE-2020-1079, CVE-2020-1068, CVE-2020-1118, CVE-2020-1143, CVE-2020-1112, CVE-2020-1116, CVE-2020-1166, CVE-2020-1165, CVE-2020-1111, CVE-2020-1121, CVE-2020-1076, CVE-2020-1088, CVE-2020-1082, CVE-2020-1021, CVE-2020-1132, CVE-2020-1078, CVE-2020-1072, CVE-2020-1070, CVE-2020-1048, CVE-2020-1081, CVE-2020-1137, CVE-2020-1071, CVE-2020-1067, CVE-2020-1156, CVE-2020-1157, CVE-2020-1155, CVE-2020-1151, CVE-2020-1077, CVE-2020-1158, CVE-2020-1090, CVE-2020-1164, CVE-2020-1086, CVE-2020-1125 |
| Microsoft Windows II | CVE-2020-1139, CVE-2020-1149, CVE-2020-1185, CVE-2020-1184, CVE-2020-1187, CVE-2020-1186, CVE-2020-1124, CVE-2020-1189, CVE-2020-1188, CVE-2020-1190, CVE-2020-1191, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1138, CVE-2020-1174, CVE-2020-1175, CVE-2020-1176, CVE-2020-1051, CVE-2020-1140, CVE-2020-1117, CVE-2020-1153, CVE-2020-1054, CVE-2020-1142, CVE-2020-1179, CVE-2020-0963, CVE-2020-1145, CVE-2020-1141, CVE-2020-1135, CVE-2020-1113, CVE-2020-1087, CVE-2020-1114, CVE-2020-1154, CVE-2020-0909, CVE-2020-1055 |
| .NET Framework & .NET Core | CVE-2020-1108, CVE-2020-1066 |
| Microsoft Dynamics | CVE-2020-1063 |
| Microsoft Office SharePoint | CVE-2020-1101, CVE-2020-1100, CVE-2020-1106, CVE-2020-1099, CVE-2020-1103, CVE-2020-1102, CVE-2020-1023, CVE-2020-1024, CVE-2020-1069, CVE-2020-1105, CVE-2020-1104, CVE-2020-1107 |
