Microsoft has released April Patch Tuesday security updates, addressing a total of 113 vulnerabilities in the family of Windows operating systems and related products. Out of these, 19 are classified as Critical and 94 as Important which includes Microsoft Office Services and Web Apps, Internet Explorer, Microsoft Windows, Edge (EdgeHTML-based and Chromium-based), Microsoft Apps for Mac, Microsoft Dynamics, Windows Defender, and ChakraCore.

All of the critical bugs are remote code execution that resides in the Internet Explorer, ChakraCore, Windows, Microsoft SharePoint, Scripting engine, Media Foundation component, and Microsoft Dynamics.

Three zero-days are under active attack and the two (CVE-2020-1020, CVE-2020-0938) of them being public at the time of release get the highest attention. They were discovered and reported by Google’s two security teams — Project Zero and the Threat Analysis Group (TAG).

Zero-day and Under Active Exploit Vulnerabilities:

Adobe Font Manager Library Remote Code Execution Vulnerability | CVE-2020-1020 | CVE-2020-0938:

A remote code execution vulnerability exists in Microsoft Windows while handling a specially-crafted multi-master font – Adobe Type 1 PostScript format by Windows Adobe Type Manager Library.

Attackers utilized these vulnerabilities to target Windows 7 users, though Windows 10, 8.1, RT 8.1 and different releases of Windows Server contain the vulnerable library. Although Windows 10 machines are slightly less vulnerable, as a successful attack could only bring about code execution within an AppContainer sandbox setting with constrained privileges and capabilities.

There are multiple ways an attacker could exploit the vulnerability, for example, persuading a user to open a specially made document or viewing it in the Windows Preview pane.

Windows Kernel Elevation of Privilege Vulnerability | CVE-2020-1027:

There exists a privilege elevation vulnerability while handling memory objects in Windows Kernel handles. Successful exploitation of the vulnerability could execute code with kernel access with elevated privileges.

To exploit the vulnerability, an attacker needs to be locally authenticated and then run a specially crafted application.

Other Interesting Vulnerabilities:

Scripting Engine Memory Corruption Vulnerability | CVE-2020-0968:

Initially, this vulnerability was considered a zero-day but later Microsoft issued a correction on the CVE-2020-0968 security advisory to update its exploitation status. This vulnerability has not been exploited in the wild.

A remote code execution vulnerability exists in Internet Explorer while scripting engine handling the objects in memory. Successful exploitation of the vulnerability could corrupt memory and allows the attacker to execute arbitrary code in the context of the current user.

In a web-based attack scenario, an attacker could host a maliciously crafted website that will exploit the vulnerability through Internet Explorer and then persuade a user to view the website. Also, an attacker could exploit an ActiveX control marked “safe for initialization” in an application or Microsoft Office document that hosts the IE rendering engine.

The attacker could also take advantage of compromised websites and sites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

OneDrive for Windows Elevation of Privilege Vulnerability | CVE-2020-0935 :

An elevation of privilege vulnerability arises from the OneDrive for Windows Desktop application while handling symbolic links.

Successful exploitation of the vulnerability could allow an attacker to overwrite a targeted file leading to an elevated status and also, could run a specially crafted application that could exploit the vulnerability and take control of an affected system but an attacker would first have to log on to the system.

Windows DNS Denial of Service Vulnerability | CVE-2020-0993:

A denial of service vulnerability exists in Windows DNS when it fails to properly handle DNS queries. Successful exploitation of the vulnerability could cause the DNS service to become nonresponsive.

To exploit the vulnerability, an authenticated attacker could send malicious DNS queries to a target, resulting in a denial of service.

Windows Token Security Feature Bypass Vulnerability| CVE-2020-0981:

A security feature bypass vulnerability exists in Windows while handling token relationships that allow sandbox escape. This only affects Windows 10 version 1903 and higher.

Successful exploitation of the vulnerability could allow an attacker to run an application with a certain integrity level is permitted to execute code at a different integrity level, leading to a sandbox escape.

Microsoft Security Bulletin Summary for April 2020:

Microsoft Windows

Microsoft Edge (EdgeHTML-based)

ChakraCore

Internet Explorer

Microsoft Office and Microsoft Office Services and Web Apps

Windows Defender

Visual Studio

Microsoft Dynamics

Microsoft Apps for Mac

Product: Microsoft Windows

CVEs/Advisory: CVE-2020-0687, CVE-2020-0699, CVE-2020-0784, CVE-2020-0794, CVE-2020-0821, CVE-2020-0888, CVE-2020-0889, CVE-2020-0907, CVE-2020-0910, CVE-2020-0913, CVE-2020-0917, CVE-2020-0918, CVE-2020-0934, CVE-2020-0936, CVE-2020-0937, CVE-2020-0938, CVE-2020-0939, CVE-2020-0940, CVE-2020-0942, CVE-2020-0944, CVE-2020-0945, CVE-2020-0946, CVE-2020-0947, CVE-2020-0948, CVE-2020-0949, CVE-2020-0950, CVE-2020-0952, CVE-2020-0953, CVE-2020-0955, CVE-2020-0956, CVE-2020-0958, CVE-2020-0959, CVE-2020-0960, CVE-2020-0962, CVE-2020-0964, CVE-2020-0965, CVE-2020-0981, CVE-2020-0982, CVE-2020-0983, CVE-2020-0985, CVE-2020-0987, CVE-2020-0988, CVE-2020-0992, CVE-2020-0993, CVE-2020-0994, CVE-2020-0995, CVE-2020-0996, CVE-2020-0999, CVE-2020-1000, CVE-2020-1001, CVE-2020-1003, CVE-2020-1004, CVE-2020-1005, CVE-2020-1006, CVE-2020-1007, CVE-2020-1008, CVE-2020-1009, CVE-2020-1011, CVE-2020-1014, CVE-2020-1015, CVE-2020-1016, CVE-2020-1017, CVE-2020-1020, CVE-2020-1027, CVE-2020-1029, CVE-2020-1094

Impact: Denial of Service, Elevation of Privilege, Information Disclosure, Remote Code Execution, Security Feature Bypass

Severity: Critical

KBs: 4549949, 4549951, 4550917, 4550922, 4550927, 4550929, 4550930, 4550961, 4550970, 4550971

Product :Microsoft Edge (EdgeHTML-based)

CVEs/Advisory: CVE-2020-0969, CVE-2020-0970

Impact: Remote Code Execution

Severity: Critical

KBs: 4549949, 4549951, 4550922, 4550927, 4550929, 4550930

Product: ChakraCore

CVEs/Advisory :CVE-2020-0969, CVE-2020-0970

Impact: Remote Code Execution

Severity: Critical

Product: Internet Explorer

CVEs/Advisory: CVE-2020-0895, CVE-2020-0966, CVE-2020-0967, CVE-2020-0968

Impact: Remote Code Execution

Severity: Critical

KBs: 4549949, 4549951, 4550905, 4550917, 4550922, 4550927, 4550929, 4550930, 4550951, 4550961, 4550964

Product: Microsoft Office and Microsoft Office Services and Web Apps

CVEs/Advisory: CVE-2020-0760, CVE-2020-0906, CVE-2020-0961, CVE-2020-0980, CVE-2020-0991

Impact: Remote Code Execution

Severity: Important

KBs: 3128012, 3203462, 4011104, 4475609, 4484117, 4484126, 4484214, 4484229, 4484238, 4484258, 4484260, 4484266, 4484287, 4484290, 4484294, 4484296,

Product: Windows Defender

CVEs/Advisory: CVE-2020-1002

Impact: Elevation of Privilege

Severity: Important

Product: Visual Studio

CVEs/Advisory: CVE-2020-0899, CVE-2020-0900

Impact: Elevation of PrivilegeMicrosoft Security Bulletin Summary for April 2020

Severity: Important

KBs: 4540102

Product: Microsoft Dynamics

CVEs/Advisory: CVE-2020-1018, CVE-2020-1022

Impact: Information Disclosure, Remote Code Execution

Severity: Critical

Product: Microsoft Apps for Mac

CVEs/Advisory: CVE-2020-0980

Impact: Remote Code Execution

Severity: Important

SanerNow detects this vulnerability and automatically fixes it by applying security updates. Download SanerNow and keep your systems updated and secure.

Subscribe For Latest Updates Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts Invalid email address We promise not to spam you. You can unsubscribe at any time. Thanks for subscribing! Please check your email for further instructions.