The Windows 10 May 2020 Patch Tuesday did not go down smoothly for a few security patches. While the majority of the security updates for multiple iterations of Windows 10 installed successfully, a few failed to install. The latest May Patch-Day Security Updates contained several security patches but the most notable were meant for the .NET Framework and .NET Core.
Microsoft Re-Releases Security Patches Issued On May 12th Patch Day After ‘Failure To Install’ Issue:
Microsoft acknowledged that some users had problems installing the security updates that the company had released on Patch Day. The Patch Tuesday schedule has seldom gone smoothly, and the latest one had a few problems as well. Incidentally, most of the security patches were reportedly installed without any issue, but few simply failed to install.
— Cyber Security Daily News (@CyberSecDN) May 16, 2020 Microsoft has merely indicated that some patches failed to install but hasn’t offered precise information on how widespread the problem is and which operating system versions were affected. Accordingly, the company has now revised some of the updates released for Patch Day on May 12th, 2020. The company has revised the corresponding update guides and published the changes for the .NET Framework and .NET Core. The update for CVE-2020-1108 was included in the revision. It has been classified as ‘Important’. Interestingly, Microsoft also included PowerShell Core 6.2 and 7.0. It appears a few users couldn’t install the relevant updates as well.
No Windows OS Security Vulnerabilities Exploited In the Wild, Claims Microsoft:
Incidentally, the security update of the May 2020 Patch Tuesday is available for Windows 7, 8.1, 10, and the server versions 2008, 2012, 2016, and 2019, among others. Microsoft insists that none of the security vulnerabilities that were patched have been exploited in the wild. In other words, Microsoft reportedly discovered and patched the security loopholes before they were used by malicious code writers.
— Joe Glines (@JoeGlines) May 16, 2020 Some of the most notable security flaws that the recent Patch Tuesday addresses are as follows:
A denial of service vulnerability exists when the .NET Core or .NET Framework improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service for a .NET Core or .NET Framework web application. The vulnerability could be exploited remotely and without authentication.An unauthenticated remote attacker could exploit this vulnerability by placing specially crafted requirements on the .NET Core or .NET Framework application.The update addresses the vulnerability by correcting how the .NET Core or .NET Framework web application handles web requests.