Security News > 2020 > April > Update now! Windows zero-day flaws fixed in Patch Tuesday
The COVID-19 pandemic might be causing delays to software schedules, but it's not managed to stop Microsoft's April Patch Tuesday update arriving on time this week.
In total, the Windows 10, Windows 8.1, Windows 7 and Windows Server haul includes 113 CVE-level flaws, 19 of which are labelled critical.
The most straightforward of the zero days is CVE-2020-1027, an elevation of privilege vulnerability affecting Windows kernel which Microsoft confirmed as "Exploitation detected."
Microsoft hasn't said how or by whom these flaws are being exploited beyond describing them as being connected to "Limited targeted attacks." That's code for a flaw that's being used by one threat group that will eventually spread to others.
Timed to coincide with Patch Tuesday, Intel has released nine security fixes across a range of products.
News URL
Related news
- Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws (source)
- Patch Tuesday for September 2024: Microsoft Catches Four Zero-Day Vulnerabilities (source)
- Microsoft confirms IE bug squashed in Patch Tuesday was exploited zero-day (source)
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971) (source)
- September 2024 Patch Tuesday forecast: Downgrade is the new exploit (source)
- Week in review: Vulnerability allows Yubico security keys cloning, Patch Tuesday forecast (source)
- Microsoft fixes Windows Smart App Control zero-day exploited since 2018 (source)
- Windows vulnerability abused braille “spaces” in zero-day attacks (source)
- October 2024 Patch Tuesday forecast: Recall can be recalled (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-15 | CVE-2020-1027 | Out-of-bounds Write vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. | 7.8 |