- Home
- Alerts & Advisories
- Alerts
- April 2020 Monthly Patch Release
Monthly Patch
April 2020 Monthly Patch Release
15 April 2020
Microsoft has released security patches to address multiple vulnerabilities in their software and products.
Vulnerabilities that have been classified as Critical in severity are listed in the table below.
For the full list of security patches released by Microsoft, please visit
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Apr
Zero day vulnerabilities
CVE Number | Description | Base Score | Reference |
|---|---|---|---|
CVE-2020-0938 | A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or view it in the Windows Preview pane. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles Type1 fonts. This vulnerability has been known to be exploited in the wild. | 7.8 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0938 |
CVE-2020-1020 | A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or view it in the Windows Preview pane. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles Type1 fonts. This vulnerability has been publicly disclosed and known to be exploited in the wild. | 7.8 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1020 |
CVE-2020-0935 | An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how OneDrive handles symbolic links. This vulnerability has been publicly disclosed. | To be confirmed (TBC) | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0935 |
Critical vulnerabilities
CVE Number | Description | Base Score | Reference |
|---|---|---|---|
CVE-2020-0687 | A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability:
The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts. | 8.8 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0687 |
CVE-2020-0910 | A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input. | 8.4 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0910 |
CVE-2020-0965 | A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code. Exploitation of the vulnerability requires that a program process a specially crafted image file. The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory. | 7.8 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0965 |
CVE-2020-0907 | A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system. To exploit the vulnerability, a user would have to open a specially crafted file. The security update addresses the vulnerability by correcting how Microsoft Graphics Components handle objects in memory. | 7.8 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0907 |
CVE-2020-0950 | A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. | 7.8 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0950 |
CVE-2020-0949 | A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. | 7.8 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0949 |
CVE-2020-0948 | A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory. | 7.8 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0948 |
CVE-2020-0970 | A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by modifying how the ChakraCore scripting engine handles objects in memory. | 4.2 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0970 |
CVE-2020-0969 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory. | 4.2 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0969 |
CVE-2020-0974 | A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account. Exploitation of this vulnerability requires that users upload a specially crafted SharePoint application package to an affected version of SharePoint. The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages. | TBD | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0974 |
CVE-2020-0932 | A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account. Exploitation of this vulnerability requires that users upload a specially crafted SharePoint application package to an affected version of SharePoint. The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages. | TBD | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0932 |
CVE-2020-0931 | A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account. Exploitation of this vulnerability requires that users upload a specially crafted SharePoint application package to an affected version of SharePoint. The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages. | TBD | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0931 |
CVE-2020-0929 | A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account. Exploitation of this vulnerability requires that users upload a specially crafted SharePoint application package to an affected version of SharePoint. The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages. | TBD | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0929 |
CVE-2020-1022 | A remote code execution vulnerability exists in Microsoft Dynamics Business Central. An attacker who successfully exploited this vulnerability could execute arbitrary shell commands on victim's server. To exploit the vulnerability, an authenticated attacker needs to convince the victim into connecting to a malicious Dynamics Business Central client or elevate permission to system to perform the code execution. The security update addresses the vulnerability by preventing the possibility of using a binary type that could eventually execute code on the victim’s server. | TBD | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1022 |