cloudThing logo in white
Menu open icon
email: info@cloudthing.com
tel: +44 (0) 121 393 4700
Menu closed icon

General

Generally useful pages

Sectors

We know loads about this stuff

What we do

The Building Blocks for cloudThing Magic

Keyboard underlit with red light

Latest Microsoft Patch Fixes 113 Vulnerabilities, Including Three Zero-Days

Sun Apr 19 2020

Of those 113 flaws, only nineteen were rated ‘critical’ with the others rating as ‘important’

Microsoft released it’s scheduled April patch last Tuesday to address 113 cyber security vulnerabilities they’d identified over eleven of their products and platforms.

Of those 113 flaws, only nineteen were rated ‘critical’ with the others rating as ‘important’.

The security update included patches for:

 

  • Microsoft Windows
  • Windows Defender
  • Microsoft Dynamics
  • Visual Studio
  • ChakraCore
  • Microsoft Edge (Chromium- and EdgeHTML-based versions)
  • Internet Explorer
  • Microsoft Office
  • Microsoft Office Services and Web Apps
  • Microsoft Apps for Mac
  • Microsoft Apps for Android

 

It also released patches for three zero-day flaws that Microsoft were aware of being exploited by threat actors.

One of them, CVE-2020-1020, is a vulnerability in the Adobe Font Manager Library.

It was first discovered last month when Microsoft stated it had seen threat actors using it to launch cyber-attacks.

It let these hackers remotely execute arbitrary code on vulnerable systems after users opened a malicious file or viewed it in the Windows preview pane.

 

The second zero-day patch was CVE-2020-0938. This was a remote code execution (RCE) bug affecting OpenType font readers in Windows.

The particular vulnerability was caused by Windows Adobe Type Manager not handling a specially created multi-master font correctly, Adobe Type 1 PostScript format.

Any system running an operating system (OS) other than Windows 10 could potentially have allowed an attacker to remotely execute code if they’d successfully exploited the vulnerability.

For any systems running Windows 10, the bug let the attacker execute code in an AppContainer sandbox with limited privileges and capabilities. However, an attacker could then still create new accounts with full user rights, install programmes, view and change data.

 

The final zero-day patch released by Microsoft was CVE-2020-1027. This bug operated around Window kernel handling objects in memory, which let cyber-attackers elevate privileges to execute code with kernel access.

Not quite ready to get back to work just yet

13 Ways To Save Money When Using Microsoft Azure

Microsoft Dynamics 365: Settings In Solutions

Generate & Nurture Leads With Microsoft Dynamics 365 Sales

Contact Us

Name

*

Company Name

*

Email Address

*

Telephone Number

Is there anything else you'd like us to know?

© cloudThing 2020

Sun Apr 19 2020

email iconinfo@cloudthing.com
© 2020 Copyright cloudThing ltd. All rights reserved. Company registered in England & Wales no. 7510381, VAT no. 152340739