There are 103 published vulnerabilities for the following products this month: Windows OS, browsers and Microsoft Office. It seems that the monthly trend keeps up with high amount of vulnerabilities. Luckily, the criticality of the vulnerabilities do not reach the highest level this patch Tuesday.

The highest CVSS scoring is 8.8 includes two vulnerabilities: CVE-2020-1117 and CVE-2020-1126. In order to exploit these vulnerabilities the attacker must lure an user to access and open the malicious software.

This month there were no publicly disclosed and zero-day vulnerabilities published which is really good.

The impact and scoring of these and other vulnerabilities can be explored with Common Vulnerability Scoring System Calculator. Microsoft posts CVSS-calculator (maintained by National Vulnerability Database) links for all the vulnerabilities in their vulnerability articles. More thorough information of the vulnerabilities can be found from Microsoft’s MSRC-portal.

The known issues for the operating systems seem extremely good this month. This should encourage administrator to proceed rather quickly with the patches this month.

Operating system

Known issues (last month)

Windows 10, version 1909 ja 1903* and Windows Server, version 1903

0 (0)

Windows 10, version 1809 and Windows Server 2019

1 (1)

Windows 10, version 1803**

0 (1)

Windows 10, version 1709** and Windows Server, version 1709

0 (1)

Windows 10, version 1703***

0 (1)

Windows 10, version 1607*** and Windows Server 2016

1 (1)

Windows 8.1**** and Windows Server 2012 R2

0 (1)

Windows Server 2012

0 (1)

Windows 7**** and Windows Server 2008 R2 SP1

1 (1)

* 1909 shares the same core and system files with the predecessor 1903.

** The support for the specific feature update for version Home and Pro has ended.

*** The support for the specific feature update for all the version has ended.

**** Mainstream support for the operating system has ended: Windows 8.1 1/10/2023 and Windows 7 1/14/2020.

The security updates do not require any special exceptions or processes this month. Centero recommends to test the updates thoroughly before deploying them to production endpoints. In addition to this, all the known issues should be read through and reflected to own environment.

Microsoft maintains a list of Windows updates and their known issues on the following pages.

With Centero Software Manager Cloud and CSM Cloud for Servers it’s possible to deploy these updates into your environment and even on remote computers by the configuration you have defined.

Read more on this topic:

Comparing Patch Management solutions – Part 3/12 – Itarian

This blog series is based on our Patch Management Tools’ Comparison, conducted in 2019. In the third post of the series we’ll look at the features and function of Itarian solution.

Centero Webinar – Zero Trust and Best Practices for Securing Endpoint Applications

May 24 2021 renowned cyber security expert Sami Laiho returned as a keynote speaker in the second Centero webinar on Zero Trust, this time focused on securing endpoint applications.