Security News > 2020 > April > Microsoft Issues Patches for 3 Bugs Exploited as Zero-Day in the Wild
Patches for 4 Zero-Days Exploited In the Wild Most importantly, two of the security flaws have been reported as being publicly known at the time of release, and the 3 are being actively exploited in the wild by hackers.
One of the publicly disclosed flaws, which was also exploited as zero-day, resides in the Adobe Font Manager Library used by Windows, the existence of which Microsoft revealed last month within an early security warning for its millions of users.
Tracked as CVE-2020-1020, the remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.
The third zero-day is an elevation of privilege vulnerability in Windows kernel, discovered by the Google Project Zero team, that impacts all supported versions of the Windows operating system-including Windows 10, 8.1 and Server 2008, 2012, 2016, and 2019 editions, as well as Windows 7 for which Microsoft ended its support in January 2020.
Other New Bugs Microsoft Patched this Month The second publicly known issue, which was not exploited in the wild, is an important elevation of privilege vulnerability that resides in the OneDrive for Windows desktop.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/bg2ykW6lfZA/windows-patch-update.html
Related news
- Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws (source)
- Microsoft fixes Windows Smart App Control zero-day exploited since 2018 (source)
- Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes (source)
- Patch Tuesday for September 2024: Microsoft Catches Four Zero-Day Vulnerabilities (source)
- Microsoft confirms IE bug squashed in Patch Tuesday was exploited zero-day (source)
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) (source)
- Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-15 | CVE-2020-1020 | Out-of-bounds Write vulnerability in Microsoft products A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. | 6.8 |