Security News > 2020 > April > April 2020 Patch Tuesday: Microsoft fixes four actively exploited vulnerabilities
For the April 2020 Patch Tuesday, Adobe plugs 5 flaws and Microsoft 113, three of which are currently being exploited by attackers.
One of the patches fixes CVE-2020-0968, a RCE in Internet Explorer 11 and 9, which Microsoft initially flagged as being exploited in the wild.
The patch for CVE-2020-1027, an actively exploited privilege escalation vulnerability in the Windows Kernel, for all Windows devices.
"Organizations are already strained with the added stresses of the sudden shift to remote workers and the technological needs, but today's Patch Tuesday is not one to skip," noted Richard Melick, Sr. Technical Product Manager, Automox.
Microsoft has revised the update guide for CVE-2020-0968, the RCE in Internet Explorer 11 and 9, to say that it is not being exploited, so the number of actively exploited flaws is three instead of four.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/Gn30QXYB04o/
Related news
- Patch Tuesday for September 2024: Microsoft Catches Four Zero-Day Vulnerabilities (source)
- Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws (source)
- Microsoft confirms IE bug squashed in Patch Tuesday was exploited zero-day (source)
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Microsoft cleans up hot mess of Patch Tuesday preview (source)
- Patch Tuesday: Internet Explorer Vulnerabilities Still Pose a Problem (source)
- Vulnerabilities in Microsoft macOS apps may give attackers access to microphone, camera (source)
- September 2024 Patch Tuesday forecast: Downgrade is the new exploit (source)
- Week in review: Vulnerability allows Yubico security keys cloning, Patch Tuesday forecast (source)
- October 2024 Patch Tuesday forecast: Recall can be recalled (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-15 | CVE-2020-0968 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 11/9 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.6 |
| 2020-04-15 | CVE-2020-1027 | Out-of-bounds Write vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. | 7.8 |