Sun Apr 19 2020
Of those 113 flaws, only nineteen were rated ‘critical’ with the others rating as ‘important’
Microsoft released it’s scheduled April patch last Tuesday to address 113 cyber security vulnerabilities they’d identified over eleven of their products and platforms.
Of those 113 flaws, only nineteen were rated ‘critical’ with the others rating as ‘important’.
The security update included patches for:
It also released patches for three zero-day flaws that Microsoft were aware of being exploited by threat actors.
One of them, CVE-2020-1020, is a vulnerability in the Adobe Font Manager Library.
It was first discovered last month when Microsoft stated it had seen threat actors using it to launch cyber-attacks.
It let these hackers remotely execute arbitrary code on vulnerable systems after users opened a malicious file or viewed it in the Windows preview pane.
The second zero-day patch was CVE-2020-0938. This was a remote code execution (RCE) bug affecting OpenType font readers in Windows.
The particular vulnerability was caused by Windows Adobe Type Manager not handling a specially created multi-master font correctly, Adobe Type 1 PostScript format.
Any system running an operating system (OS) other than Windows 10 could potentially have allowed an attacker to remotely execute code if they’d successfully exploited the vulnerability.
For any systems running Windows 10, the bug let the attacker execute code in an AppContainer sandbox with limited privileges and capabilities. However, an attacker could then still create new accounts with full user rights, install programmes, view and change data.
The final zero-day patch released by Microsoft was CVE-2020-1027. This bug operated around Window kernel handling objects in memory, which let cyber-attackers elevate privileges to execute code with kernel access.
Sun Apr 19 2020