Yesterday, for the April 2020 Patch Tuesday, Microsoft revealed fixes for 113 vulnerabilities, including 4 security updates for vulnerabilities that are actively exploited.
The patches apply to the following Microsoft software:
• Microsoft Windows
• Microsoft Edge (EdgeHTML-based)
• Microsoft Edge (Chromium-based)
• Internet Explorer
• Microsoft Office and Microsoft Office Services and Web Apps
• Windows Defender
• Visual Studio
• Microsoft Dynamics
• Microsoft Apps for Android
• Microsoft Apps for Mac
Out of the entire batch, 19 vulnerabilities are flagged critical and 94 are classified as important. Shifting to a work-from-home environment has left many employees with security holes that could have been better contained in a corporate setting, and the latest security update has been greatly anticipated.
The stars of this month’s security release are critical 0-day vulnerabilities exploited in the wild. Microsoft patched CVE-2020-0968, a remote code execution vulnerability found in the way Internet Explorer handles objects in memory by its scripting engine. An attacker exploiting this flaw could execute arbitrary code and gain the same rights as the current user, ultimately taking over the system.
CVE-2020-1020 and CVE-2020-0938 are the second and third critical bugs the company fixed. The vulnerabilities reside in the way Adobe Font Manager Library handles the font Adobe Type 1 PostScript format. Bad actors who exploit the vulnerability could start executing remote code for all systems, except Windows 10. For systems running on Windows 10, exploiting the bug could lead to executing code in an AppContainer sandbox offering the attacker limited privileges and system capabilities. In either context, malicious actors could install programs, view or delete data, and even create new accounts with full user rights.
The last actively exploited security flaw that was patched is CVE-2020-1027, found in the way Windows Kernel handles objects in memory. If an attacker with limited system rights exploited this vulnerability, it would allow him to execute malicious code locally and run applications.