Security News > 2020 > April > April 2020 Patch Tuesday: Microsoft fixes four actively exploited vulnerabilities
For the April 2020 Patch Tuesday, Adobe plugs 5 flaws and Microsoft 113, three of which are currently being exploited by attackers.
One of the patches fixes CVE-2020-0968, a RCE in Internet Explorer 11 and 9, which Microsoft initially flagged as being exploited in the wild.
The patch for CVE-2020-1027, an actively exploited privilege escalation vulnerability in the Windows Kernel, for all Windows devices.
"Organizations are already strained with the added stresses of the sudden shift to remote workers and the technological needs, but today's Patch Tuesday is not one to skip," noted Richard Melick, Sr. Technical Product Manager, Automox.
Microsoft has revised the update guide for CVE-2020-0968, the RCE in Internet Explorer 11 and 9, to say that it is not being exploited, so the number of actively exploited flaws is three instead of four.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/Gn30QXYB04o/
Related news
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Microsoft cleans up hot mess of Patch Tuesday preview (source)
- Patch Tuesday: Internet Explorer Vulnerabilities Still Pose a Problem (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Microsoft slips Task Manager and processor count fixes into Patch Tuesday (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- October 2024 Patch Tuesday forecast: Recall can be recalled (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-15 | CVE-2020-0968 | Out-of-bounds Write vulnerability in Microsoft Internet Explorer 11/9 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.5 |
| 2020-04-15 | CVE-2020-1027 | Out-of-bounds Write vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. | 7.8 |