Microsoft’s May edition of Patch Tuesday landed yesterday, replete with critical updates for SharePoint Server as well as client-side patches for the Internet Explorer (IE) and Edge web browsers. Although the update batch tackles a bumper 111 flaws – including 16 rated as ‘critical’ – none have been exploited in the wild to date, according to Microsoft. A series of patches for SharePoint collectively address 12 security vulnerabilities, including four critical flaws that pose a remote code execution risk. “A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls,” Microsoft explains in an advisory on CVE-2020-1069, one of the bugs flagged as critical.
Source: Daily Swig