Patch/Configuration Management, Vulnerability Management

Microsoft April Patch Tuesday fixes several currently exploited vulnerabilities


For the second consecutive month Microsoft rolled out a 100-plus batch of security updates for Patch Tuesday, this time including three vulnerabilities being exploited in the wild.

Overall, the month saw 113 vulnerabilities addressed with 19 critical issues patched.

The three currently exploited vulnerabilities are CVE-2020-1020, CVE-2020-0938, CVE-2020-0968 and CVE-2020-1027. The first two were initially disclosed on March 23 and can be found in the Adobe Font Manager Library and can lead to remote code execution. To exploit these flaws, an attacker would need to socially engineer a user into opening a malicious document or viewing the document in the Windows Preview pane, said Satnam Narang, principal research engineer at Tenable.

CVE-2020-0968 is found in Internet Explorer and exists due to the improper handling of objects in memory by the scripting engine.

“CVE-2020-1027 an elevation of privilege vulnerability in the Windows Kernel. This is another vulnerability that has been seen exploited in the wild and Microsoft rates it as “Exploitation More Likely,” said Allan Liska, intelligence analyst at Recorded Future, adding, “the vulnerability exists in the way that the Windows kernel handles objects in memory and is exploited by a locally authenticated attacker running a specially crafted application.”

Jonathan Cran, head of research at Kenna Security, said CVE 2020-0796, a critical a remote code execution vulnerability against SMBv3. Kenna's data is showing active attacks, and this appears to be a popular target that is easily exploitable.

“Microsoft pulled the patch for this CVE from the March 2020 Patch Tuesday at the last minute, but some information leaked online around it without a patch available. Now that one is available, organizations should quickly update the affected systems,” Cran said.

Todd Schell, senior product manager, Ivanti also highlighted CVE-2020-0935 in OneDrive the vulnerability could allow an attacker to elevate their privilege level which could enable them to run a specially crafted application to take control of the affected system. Most users will not have to worry about updating OneDrive as it has a feature that periodically checks and updates the OneDrive binary.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.