Security News > 2020 > April > Update now! Windows zero-day flaws fixed in Patch Tuesday
The COVID-19 pandemic might be causing delays to software schedules, but it's not managed to stop Microsoft's April Patch Tuesday update arriving on time this week.
In total, the Windows 10, Windows 8.1, Windows 7 and Windows Server haul includes 113 CVE-level flaws, 19 of which are labelled critical.
The most straightforward of the zero days is CVE-2020-1027, an elevation of privilege vulnerability affecting Windows kernel which Microsoft confirmed as "Exploitation detected."
Microsoft hasn't said how or by whom these flaws are being exploited beyond describing them as being connected to "Limited targeted attacks." That's code for a flaw that's being used by one threat group that will eventually spread to others.
Timed to coincide with Patch Tuesday, Intel has released nine security fixes across a range of products.
News URL
Related news
- Week in review: Exploited Ivanti Connect Secure zero-day, Patch Tuesday forecast (source)
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- Windows Patch Tuesday hits snag with Citrix software, workarounds published (source)
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- January 2025 Patch Tuesday forecast: Changes coming in cybersecurity guidance (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- Patch Tuesday: January 2025 Security Update Patches Exploited Elevation of Privilege Attacks (source)
- 7-Zip fixes bug that bypasses Windows MoTW security warnings, patch now (source)
- Patch procrastination leaves 50,000 Fortinet firewalls vulnerable to zero-day (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-15 | CVE-2020-1027 | Out-of-bounds Write vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. | 7.8 |