Microsoft's fifth Patch Tuesday of the year brings us fixes for 111 different security issues, just a touch under what we saw from them last month but still on the higher side of their typical volume. No 0-days to speak of, and no vulnerabilities that had been publicly disclosed before today.
The bulk of this month's fixes, as well as most of the critical ones, are for core components of the Windows operating system itself. 44 of the 55 Windows vulnerabilities allow elevation of privilege, a favourite for attackers who want to expand their capabilities after getting an initial foothold (perhaps by first exploiting CVE-2020-1126, for example, a new Remote Code Execution (RCE) vulnerability in Windows Media Foundation).
There is a smattering of browser vulnerabilities, fewer than usual but still worth your attention. CVE-2020-1062 and CVE-2020-1035 are two of several vulnerabilities this month that allows RCE in Internet Explorer. Three vulnerabilities in Edge could allow spoofing (CVE-2020-1059), RCE (CVE-2020-1096, related to Edge's PDF reader), or elevation of privilege (CVE-2020-1056) for anyone an attacker can convince to visit a malicious website. Only one vulnerability is being patched in Office: patch tuesday
