Security News > 2020 > April > Microsoft Patch Tuesday, April 2020 Edition
Microsoft today released updates to fix 113 security vulnerabilities in its various Windows operating systems and related software.
Many security news sites are reporting that Microsoft addressed a total of four zero-day flaws this month, but it appears the advisory for a critical Internet Explorer flaw has been revised to indicate Microsoft has not yet received reports of it being used in active attacks.
Researchers at security firm Recorded Future zeroed in on CVE-2020-0796, a critical vulnerability dubbed "SMBGhost" that was rumored to exist in last month's Patch Tuesday but for which an out-of-band patch wasn't released until March 12.
Recorded Future's Allan Liska notes that one reason these past few months have seen so many patches from Microsoft is the company recently hired "SandboxEscaper," a nickname used by the security researcher responsible for releasing more than a half-dozen zero-day flaws against Microsoft products last year.
Just a friendly reminder that while many of the vulnerabilities fixed in today's Microsoft patch batch affect Windows 7 operating systems - including all three of the zero-day flaws - this OS is no longer being supported with security updates.
News URL
https://krebsonsecurity.com/2020/04/microsoft-patch-tuesday-april-2020-edition/
Related news
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- February's Patch Tuesday sees Microsoft offer just 63 fixes (source)
- Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- January 2025 Patch Tuesday forecast: Changes coming in cybersecurity guidance (source)
- Week in review: Exploited Ivanti Connect Secure zero-day, Patch Tuesday forecast (source)
- Patch Tuesday: January 2025 Security Update Patches Exploited Elevation of Privilege Attacks (source)
- Windows Patch Tuesday hits snag with Citrix software, workarounds published (source)
- February 2025 Patch Tuesday forecast: New directions for AI development (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-12 | CVE-2020-0796 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Windows 10 and Windows Server 2016 A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'. | 10.0 |