Security News > 2020 > April > April 2020 Patch Tuesday: Microsoft fixes four actively exploited vulnerabilities
For the April 2020 Patch Tuesday, Adobe plugs 5 flaws and Microsoft 113, three of which are currently being exploited by attackers.
One of the patches fixes CVE-2020-0968, a RCE in Internet Explorer 11 and 9, which Microsoft initially flagged as being exploited in the wild.
The patch for CVE-2020-1027, an actively exploited privilege escalation vulnerability in the Windows Kernel, for all Windows devices.
"Organizations are already strained with the added stresses of the sudden shift to remote workers and the technological needs, but today's Patch Tuesday is not one to skip," noted Richard Melick, Sr. Technical Product Manager, Automox.
Microsoft has revised the update guide for CVE-2020-0968, the RCE in Internet Explorer 11 and 9, to say that it is not being exploited, so the number of actively exploited flaws is three instead of four.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/Gn30QXYB04o/
Related news
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- February's Patch Tuesday sees Microsoft offer just 63 fixes (source)
- Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft (source)
- February 2025 Patch Tuesday forecast: New directions for AI development (source)
- March 2025 Patch Tuesday forecast: A return to normalcy (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-15 | CVE-2020-0968 | Out-of-bounds Write vulnerability in Microsoft Internet Explorer 11/9 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.5 |
| 2020-04-15 | CVE-2020-1027 | Out-of-bounds Write vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. | 7.8 |