Skip to content ↓ | Skip to navigation ↓

Tripwire’s May 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Adobe, SaltStack, and VMware.

Up first on the patch priority list this month are patches for VMware vCenter Server and SaltStack Salt. The Metasploit exploit framework has recently integrated exploits for VMware vCenter Server (CVE-2020-3952) and SaltStack Salt (CVE-2020-11652, CVE-2020-11651). Administrators with these applications in their networks should patch these vulnerabilities as soon as possible.

Up next on the patch priority list this month are patches for Microsoft Scripting Engine, Internet Explorer, and Microsoft Edge. These patches resolve 12 vulnerabilities including remote code execution, spoofing, elevation of privilege, and memory corruption vulnerabilities.

Next on the list is a patch for Microsoft Excel, which resolves a remote code execution vulnerability.

Up next are patches for Adobe Reader and Acrobat. These patches fix 24 vulnerabilities including denial of service, arbitrary code execution, security feature bypass, and information disclosure vulnerabilities.

Next this month are patches that affect components of the Windows operating systems. These patches resolve more than 70 vulnerabilities including denial of service, elevation of privilege, information disclosure, remote code execution, and cross-site scripting vulnerabilities. These vulnerabilities affect Connected User Experiences and Telemetry Service, core Windows, Jet Database Engine, Windows Subsystem for Linux, CSRSS, Clipboard Service, GDI, Graphics Component, Kernel, Media Foundation, Error Reporting, Print Spooler, Printer Service, Windows Runtime, State Repository Service, Storage Service, DirectX, Color Management, Task Scheduler, Hyper-V, Windows Update, and Active Directory Federation Services.

Next are patches for .NET Framework & .NET Core, which resolves a denial of service and elevation of privilege vulnerabilities.

Finally, administrators should focus on server-side patches available for Microsoft Dynamics and SharePoint. These patches resolve remote code execution, cross-site scripting, information disclosure, and spoofing vulnerabilities.

Exploit Framework – Metasploit CVE-2020-3952, CVE-2020-11652, CVE-2020-11651
Internet Explorer CVE-2020-1092, CVE-2020-1062, CVE-2020-1064, CVE-2020-1093
Microsoft Edge CVE-2020-1056, CVE-2020-1096, CVE-2020-1059
Microsoft Scripting Engine CVE-2020-1037, CVE-2020-1065, CVE-2020-1060, CVE-2020-1058, CVE-2020-1035
Microsoft Office CVE-2020-0901
APSB20-24: Adobe Reader and Acrobat CVE-2020-9610, CVE-2020-9612, CVE-2020-9615, CVE-2020-9597, CVE-2020-9594, CVE-2020-9614, CVE-2020-9613, CVE-2020-9596, CVE-2020-9592, CVE-2020-9611, CVE-2020-9609, CVE-2020-9608, CVE-2020-9603, CVE-2020-9602, CVE-2020-9601, CVE-2020-9600, CVE-2020-9599, CVE-2020-9605, CVE-2020-9604, CVE-2020-9607, CVE-2020-9606, CVE-2020-9598, CVE-2020-9595, CVE-2020-9593
Microsoft Windows I CVE-2020-1075, CVE-2020-1109, CVE-2020-1110, CVE-2020-1061, CVE-2020-1084, CVE-2020-1123, CVE-2020-1150, CVE-2020-1126, CVE-2020-1136, CVE-2020-1028, CVE-2020-1010, CVE-2020-1079, CVE-2020-1068, CVE-2020-1118, CVE-2020-1143, CVE-2020-1112, CVE-2020-1116, CVE-2020-1166, CVE-2020-1165, CVE-2020-1111, CVE-2020-1121, CVE-2020-1076, CVE-2020-1088, CVE-2020-1082, CVE-2020-1021, CVE-2020-1132, CVE-2020-1078, CVE-2020-1072, CVE-2020-1070, CVE-2020-1048, CVE-2020-1081, CVE-2020-1137, CVE-2020-1071, CVE-2020-1067, CVE-2020-1156, CVE-2020-1157, CVE-2020-1155, CVE-2020-1151, CVE-2020-1077, CVE-2020-1158, CVE-2020-1090, CVE-2020-1164, CVE-2020-1086, CVE-2020-1125
Microsoft Windows II CVE-2020-1139, CVE-2020-1149, CVE-2020-1185, CVE-2020-1184, CVE-2020-1187, CVE-2020-1186, CVE-2020-1124, CVE-2020-1189, CVE-2020-1188, CVE-2020-1190, CVE-2020-1191, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1138, CVE-2020-1174, CVE-2020-1175, CVE-2020-1176, CVE-2020-1051, CVE-2020-1140, CVE-2020-1117, CVE-2020-1153, CVE-2020-1054, CVE-2020-1142, CVE-2020-1179, CVE-2020-0963, CVE-2020-1145, CVE-2020-1141, CVE-2020-1135, CVE-2020-1113, CVE-2020-1087, CVE-2020-1114, CVE-2020-1154, CVE-2020-0909, CVE-2020-1055
.NET Framework & .NET Core CVE-2020-1108, CVE-2020-1066
Microsoft Dynamics CVE-2020-1063
Microsoft Office SharePoint CVE-2020-1101, CVE-2020-1100, CVE-2020-1106, CVE-2020-1099, CVE-2020-1103, CVE-2020-1102, CVE-2020-1023, CVE-2020-1024, CVE-2020-1069, CVE-2020-1105, CVE-2020-1104, CVE-2020-1107