Amid the crisis of the coronavirus pandemic, April 2020’s patch management process would be quite difficult for organizations whose most of the employees are working from home.

Today, technology giant Microsoft issued the latest software security updates for all supported versions of its Windows operating systems and other products that fix as many as 113 new security flaws, 17 of which are serious and 96 appraised significant in severity.
Most prominently, two of the security vulnerabilities have been reported as being overtly acknowledged at the time of issue, and the four are being aggressively exploited in the wild by cybercriminals.

One of the overtly revealed faults, which was also exploited as zero-day, exists in the Adobe Font Manager Library used by Windows, the presence of which the tech giant exposed last month within an early security warning for its millions of users.

Traced as CVE-2020-1020, the remote code execution susceptibility exists in Microsoft Windows when the Windows Adobe Type Manager Library inappropriately deals with a specially-created multi-master font – Adobe Type 1 PostScript format.

The affected font library not only analyses content when open with a third-party software, but is also used by Windows Explorer to show the content of a file in the ‘Preview Pane’ or ‘Details Pane’ without having users to open it.

CVE-2020-0938, the second exploited remote code execution flaw, also resides in the Adobe Type Manager Library that activates when analyzing a malicious OpenType font.

Both of these zero-day faults were reported to the tech giant in the last week of March by investigators working with Google Project Zero but with a very short full revelation deadline, which was then reciprocally protracted in view of the current global conditions.

The second overtly known problem is a significant raise of privilege vulnerability (CVE-2020-0935) that lives in the OneDrive for Windows desktop.

Windows users and system administrators are highly recommended to apply the latest security patches at the earliest in a bid to keep hackers and hackers away from taking control of their computers.

Leave a Reply

Your email address will not be published. Required fields are marked *