Security News > 2020 > April > Update now! Windows zero-day flaws fixed in Patch Tuesday
The COVID-19 pandemic might be causing delays to software schedules, but it's not managed to stop Microsoft's April Patch Tuesday update arriving on time this week.
In total, the Windows 10, Windows 8.1, Windows 7 and Windows Server haul includes 113 CVE-level flaws, 19 of which are labelled critical.
The most straightforward of the zero days is CVE-2020-1027, an elevation of privilege vulnerability affecting Windows kernel which Microsoft confirmed as "Exploitation detected."
Microsoft hasn't said how or by whom these flaws are being exploited beyond describing them as being connected to "Limited targeted attacks." That's code for a flaw that's being used by one threat group that will eventually spread to others.
Timed to coincide with Patch Tuesday, Intel has released nine security fixes across a range of products.
News URL
Related news
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- New Windows zero-day leaks NTLM hashes, gets unofficial patch (source)
- Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws (source)
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)
- April's Patch Tuesday leaves unlucky Windows Hello users unable to login (source)
- March 2025 Patch Tuesday forecast: A return to normalcy (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-15 | CVE-2020-1027 | Out-of-bounds Write vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. | 7.8 |