Microsoft’s May ‘Patch Tuesday’ remedies 111 vulnerabilities

Microsoft has released a set of software upgrades meant to address more than 100 vulnerabilities in the company’s products, the latest in a series of scheduled updates that comes as many corporate security executives are working remotely.

The announcement comes as part of Microsoft’s “Patch Tuesday” release, the batch of security updates that the company publishes each month to mitigate known vulnerabilities. The May 2020 list includes 111 vulnerabilities, including 13  “critical” issues, 91 classified as “important,” three “moderate” bugs and four “low” priority. Hackers don’t appear to be exploiting any of the vulnerabilities, according to the advisory.

The updates pertain to vulnerabilities in Microsoft Edge, the Windows Defender security software, Microsoft Office, Internet Explorer, and a number of other products.

Among the most urgent patches are meant to repair flaws in Microsoft SharePoint that could enable hackers to executive arbitrary code on a victim’s machine. One of the SharePoint vulnerabilities (CVE-2020-1069) requires attackers to upload a specially crafted pack to a SharePoint server in order to exploit the bug, according to researchers from Cisco’s Talos threat intelligence team. Other issues require users to open specific SharePoint files designed to infect them.

Another bug (CVE-2020-1062) is a memory corruption flaw. Hackers could use that issue if an Internet Explorer user visits a specific web page controlled by the attackers, then infiltrate a victim’s machine.

Microsoft previously patched 113 vulnerabilities in its April Patch Tuesday update, and 115 issues in March. The latest release also includes no zero-day vulnerabilities, unlike prior examples.

This release coincides with another security update for Adobe products, including patches for 24 vulnerabilities in the Acrobat and Acrobat reader software. While Adobe says hackers haven’t seized on any of those bugs, 12 of the 24 issues are described as “critical.”