Skip to main content
Patch ManagementPatch Tuesday

Microsoft’s April Patch Tuesday Tackles 113 Updates

By April 14, 2020June 22nd, 2022No Comments
||

Microsoft’s April Patch Tuesday Tackles 113 Updates

Microsoft issued 113 fixes in this month's massive Patch Tuesday update. It's the first big patch release of the new work-from-home era.

[vc_empty_space]
[vc_single_image image=”37956″ img_size=”full”]

April Patch Tuesday Arrives with Huge Batch of Updates

Microsoft Patch Tuesday has officially arrived with 115 new patches for the unprecedented work-from-home climate amid the coronavirus outbreak.

There are 17 critical updates with the remaining 96 marked as important. Support for Windows 7 and Windows Server 2008 (including R2) ended in January, but there are plenty of updates released this month for customers who have purchased an extension agreement.

For the previous three months, there has been over 100 updates per month. on average—that’s almost 2GB per device per month. Now is the time to start building a patching strategy that does not depend on a VPN or patching in line of sight of your servers.

Users who are now working from home are more vulnerable than ever.

Largest Number of Weaponized Bugs This Year

Weaponized bugs use vulnerabilities to actively exploit security loopholes in the OS to infect your environment with ransomware or steal data. In this month’s release, we have seen the highest number of weaponized vulnerabilities fixed.

These should all be considered zero-day vulnerabilities, and we recommend they be remediated as quickly as possible.

[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Experience the Power of Syxsense

Syxsense is a cloud-based solution that helps organizations manage and secure their endpoints with ease. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1586908107967{margin-top: 15px !important;}”][vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Syxsense Recommendations

Based on the vendor severity and CVSS score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are Publicly Aware and / or Weaponized.

 

CVE Reference Description Severity CVSS Score Weaponized Public Counter Measure Syxsense Recommended
CVE-2020-1020 Adobe Font Manager Library Remote Code Execution Vulnerability Important 7.8 Yes Yes Yes Yes
CVE-2020-0938 OpenType Font Parsing Remote Code Execution Vulnerability Important 7.8 Yes No Yes Yes
CVE-2020-1027 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 Yes No No Yes
CVE-2020-0968 Scripting Engine Memory Corruption Vulnerability Critical 7.5 Yes No No Yes
CVE-2020-0935 OneDrive for Windows Elevation of Privilege Vulnerability Important 4.2 No Yes No Yes
CVE-2020-0969 Chakra Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-1022 Dynamics Business Central Remote Code Execution Vulnerability Critical TBA No No No Yes
CVE-2020-0948 Media Foundation Memory Corruption Vulnerability Critical 7.8 No No No Yes
CVE-2020-0949 Media Foundation Memory Corruption Vulnerability Critical 7.8 No No No Yes
CVE-2020-0950 Media Foundation Memory Corruption Vulnerability Critical 7.8 No No No Yes
CVE-2020-0907 Microsoft Graphics Components Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2020-0687 Microsoft Graphics Remote Code Execution Vulnerability Critical 8.8 No No No Yes
CVE-2020-0927 Microsoft Office SharePoint XSS Vulnerability Critical TBA No No No Yes
CVE-2020-0929 Microsoft SharePoint Remote Code Execution Vulnerability Critical TBA No No No Yes
CVE-2020-0931 Microsoft SharePoint Remote Code Execution Vulnerability Critical TBA No No No Yes
CVE-2020-0932 Microsoft SharePoint Remote Code Execution Vulnerability Critical TBA No No No Yes
CVE-2020-0974 Microsoft SharePoint Remote Code Execution Vulnerability Critical TBA No No No Yes
CVE-2020-0965 Microsoft Windows Codecs Library Remote Code Execution Vulnerability Critical 7.8 No No No Yes
CVE-2020-0970 Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-0967 VBScript Remote Code Execution Vulnerability Critical TBA No No No Yes
CVE-2020-0910 Windows Hyper-V Remote Code Execution Vulnerability Critical 8.4 No No No Yes
CVE-2020-0942 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability Important 6.3 No No No Yes
CVE-2020-0944 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1029 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0784 DirectX Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0888 DirectX Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0964 GDI+ Remote Code Execution Vulnerability Important 8 No No No Yes
CVE-2020-0953 Jet Database Engine Remote Code Execution Vulnerability Important 7.8 No No No Yes
CVE-2020-0988 Jet Database Engine Remote Code Execution Vulnerability Important 7 No No No Yes
CVE-2020-0992 Jet Database Engine Remote Code Execution Vulnerability Important 7 No No No Yes
CVE-2020-0994 Jet Database Engine Remote Code Execution Vulnerability Important 7 No No No Yes
CVE-2020-0995 Jet Database Engine Remote Code Execution Vulnerability Important 7 No No No Yes
CVE-2020-0999 Jet Database Engine Remote Code Execution Vulnerability Important 7 No No No Yes
CVE-2020-1008 Jet Database Engine Remote Code Execution Vulnerability Important 7 No No No Yes
CVE-2020-1014 Microsoft Windows Update Client Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0956 Win32k Elevation of Privilege Vulnerability Important 7 No No No Yes
CVE-2020-0957 Win32k Elevation of Privilege Vulnerability Important 7 No No No Yes
CVE-2020-0958 Win32k Elevation of Privilege Vulnerability Important 7 No No No Yes
CVE-2020-0794 Windows Denial of Service Vulnerability Important 7.1 No No No Yes
CVE-2020-0934 Windows Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0983 Windows Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1009 Windows Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1011 Windows Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1015 Windows Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1004 Windows Graphics Component Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0917 Windows Hyper-V Elevation of Privilege Vulnerability Important 8.4 No No No Yes
CVE-2020-0918 Windows Hyper-V Elevation of Privilege Vulnerability Important 8.4 No No No Yes
CVE-2020-0913 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1000 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1003 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0940 Windows Push Notification Service Elevation of Privilege Vulnerability Important 7 No No No Yes
CVE-2020-1001 Windows Push Notification Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1006 Windows Push Notification Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-1017 Windows Push Notification Service Elevation of Privilege Vulnerability Important 7 No No No Yes
CVE-2020-0936 Windows Scheduled Task Elevation of Privilege Vulnerability Important 7.1 No No No Yes
CVE-2020-0985 Windows Update Stack Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0996 Windows Update Stack Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0895 Windows VBScript Engine Remote Code Execution Vulnerability Important 7.5 No No No Yes
CVE-2020-1094 Windows Work Folder Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0889 Jet Database Engine Remote Code Execution Vulnerability Important 6.7 No No No
CVE-2020-0959 Jet Database Engine Remote Code Execution Vulnerability Important 6.7 No No No
CVE-2020-0960 Jet Database Engine Remote Code Execution Vulnerability Important 6.7 No No No
CVE-2020-0937 Media Foundation Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-0939 Media Foundation Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-0945 Media Foundation Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-0946 Media Foundation Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-0947 Media Foundation Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-0984 Microsoft (MAU) Office Elevation of Privilege Vulnerability Important TBA No No No
CVE-2020-1002 Microsoft Defender Elevation of Privilege Vulnerability Important TBA No No No
CVE-2020-1049 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Important TBA No No No
CVE-2020-1050 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Important TBA No No No
CVE-2020-1018 Microsoft Dynamics Business Central/NAV Information Disclosure Important TBA No No No
CVE-2020-0906 Microsoft Excel Remote Code Execution Vulnerability Important TBA No No No
CVE-2020-0979 Microsoft Excel Remote Code Execution Vulnerability Important TBA No No No
CVE-2020-0982 Microsoft Graphics Component Information Disclosure Vulnerability Important TBA No No No
CVE-2020-0987 Microsoft Graphics Component Information Disclosure Vulnerability Important TBA No No No
CVE-2020-1005 Microsoft Graphics Component Information Disclosure Vulnerability Important 5.5 No No No
CVE-2020-0961 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Important TBA No No No
CVE-2020-0760 Microsoft Office Remote Code Execution Vulnerability Important TBA No No No
CVE-2020-0991 Microsoft Office Remote Code Execution Vulnerability Important TBA No No No
CVE-2020-0923 Microsoft Office SharePoint XSS Vulnerability Important TBA No No No
CVE-2020-0924 Microsoft Office SharePoint XSS Vulnerability Important TBA No No No
CVE-2020-0925 Microsoft Office SharePoint XSS Vulnerability Important TBA No No No
CVE-2020-0926 Microsoft Office SharePoint XSS Vulnerability Important TBA No No No
CVE-2020-0930 Microsoft Office SharePoint XSS Vulnerability Important TBA No No No
CVE-2020-0933 Microsoft Office SharePoint XSS Vulnerability Important TBA No No No
CVE-2020-0954 Microsoft Office SharePoint XSS Vulnerability Important TBA No No No
CVE-2020-0973 Microsoft Office SharePoint XSS Vulnerability Important TBA No No No
CVE-2020-0978 Microsoft Office SharePoint XSS Vulnerability Important TBA No No No
CVE-2020-0919 Microsoft Remote Desktop App for Mac Elevation of Privilege Vulnerability Important TBA No No No
CVE-2020-1019 Microsoft RMS Sharing App for Mac Elevation of Privilege Vulnerability Important TBA No No No
CVE-2020-0920 Microsoft SharePoint Remote Code Execution Vulnerability Important TBA No No No
CVE-2020-0971 Microsoft SharePoint Remote Code Execution Vulnerability Important TBA No No No
CVE-2020-0972 Microsoft SharePoint Spoofing Vulnerability Important TBA No No No
CVE-2020-0975 Microsoft SharePoint Spoofing Vulnerability Important TBA No No No
CVE-2020-0976 Microsoft SharePoint Spoofing Vulnerability Important TBA No No No
CVE-2020-0977 Microsoft SharePoint Spoofing Vulnerability Important TBA No No No
CVE-2020-0899 Microsoft Visual Studio Elevation of Privilege Vulnerability Important TBA No No No
CVE-2020-0980 Microsoft Word Remote Code Execution Vulnerability Important TBA No No No
CVE-2020-0943 Microsoft YourPhone Application for Android Authentication Bypass Vulnerability Important TBA No No No
CVE-2020-1026 MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability Important TBA No No No
CVE-2020-0966 VBScript Remote Code Execution Vulnerability Important TBA No No No
CVE-2020-0900 Visual Studio Extension Installer Service Elevation of Privilege Vulnerability Important TBA No No No
CVE-2020-0699 Win32k Information Disclosure Vulnerability Important 4.7 No No No
CVE-2020-0962 Win32k Information Disclosure Vulnerability Important 4.7 No No No

Leave a Reply