Security News > 2020 > April > Windows Vulnerabilities Exploited for Code Execution, Privilege Escalation
Microsoft's Update Tuesday patches for April 2020 address 113 vulnerabilities, including three Windows flaws that have been exploited in attacks for arbitrary code execution and privilege escalation.
Microsoft has patched two actively exploited remote code execution vulnerabilities related to the Adobe Type Manager Library.
"An attacker who successfully exploited the vulnerability could execute code with elevated permissions," Microsoft said in its advisory.
CVE-2020-0968, a remote code execution vulnerability in Internet Explorer, is also listed as being exploited, but it could be an error as its exploitability index is "1-Exploitation more likely" instead of "0-Exploitation detected".
Microsoft has also patched a publicly disclosed privilege escalation vulnerability in the OneDrive app for Windows.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-15 | CVE-2020-0968 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 11/9 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.6 |