본문 바로가기
취약점 정보1

Microsoft April 2020 Patch

Ryansecurity 2020. 4. 16. 09:59
728x90

This month we got patches for 113 vulnerabilities total. According to Microsoft, three of them are being exploited (CVE-2020-1020CVE-2020-0938 and CVE-2020-0968)  and two were previously disclosed (CVE-2020-1020 and CVE-2020-0935).

Two of the exploited vulnerabilities (CVE-2020-1020 and CVE-2020-0938) are RCEs found by Google Project Zero in Adobe Font Manager Library. They exist in way the library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format. For all systems except Windows 10, an attacker who successfully exploited the vulnerabilities could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerabilities could execute code in an AppContainer sandbox context with limited privileges and capabilities.

The other exploited vulnerability (CVE-2020-0968) is remote code execution vulnerability in Internet Explorer. It consists in the way the scripting engine handles objects in memory. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. 

The highest CVSS v3 score this month (8.80) was given to the vulnerability CVE-2020-0687. It is a RCE in Microsoft Graphics and exists due to the way the library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system.

See Renato's dashboard for a more detailed breakout: https://patchtuesdaydashboard.com
 

Description
CVEDisclosedExploitedExploitability (old versions)current versionSeverityCVSS Base (AVG)CVSS Temporal (AVG)
Adobe Font Manager Library Remote Code Execution Vulnerability
CVE-2020-0938NoYesDetectedLess LikelyCritical7.87.0
CVE-2020-1020YesYesDetectedLess LikelyCritical7.87.0
Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2020-0969NoNo--Critical4.23.8
Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
CVE-2020-0944NoNoLess LikelyLess LikelyImportant7.87.0
CVE-2020-1029NoNoLess LikelyLess LikelyImportant7.87.8
CVE-2020-0942NoNoLess LikelyLess LikelyImportant6.35.7
DirectX Elevation of Privilege Vulnerability
CVE-2020-0784NoNoMore LikelyMore LikelyImportant7.87.0
CVE-2020-0888NoNoMore LikelyLess LikelyImportant7.87.0
Dynamics Business Central Remote Code Execution Vulnerability
CVE-2020-1022NoNoLess LikelyLess LikelyCritical  
GDI+ Remote Code Execution Vulnerability
CVE-2020-0964NoNoLess LikelyLess LikelyImportant8.07.2
Jet Database Engine Remote Code Execution Vulnerability
CVE-2020-0988NoNoLess LikelyLess LikelyImportant7.06.3
CVE-2020-0992NoNoLess LikelyLess LikelyImportant7.06.3
CVE-2020-0994NoNoLess LikelyLess LikelyImportant7.06.3
CVE-2020-0995NoNoLess LikelyLess LikelyImportant7.06.3
CVE-2020-0999NoNoLess LikelyLess LikelyImportant7.06.3
CVE-2020-1008NoNoLess LikelyLess LikelyImportant7.06.3
CVE-2020-0889NoNoLess LikelyLess LikelyImportant6.76.0
CVE-2020-0953NoNoLess LikelyLess LikelyImportant7.87.0
CVE-2020-0959NoNoLess LikelyLess LikelyImportant6.76.0
CVE-2020-0960NoNoLess LikelyLess LikelyImportant6.76.0
MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability
CVE-2020-1026NoNo--Important  
Media Foundation Information Disclosure Vulnerability
CVE-2020-0945NoNoLess LikelyLess LikelyImportant5.55.0
CVE-2020-0946NoNoLess LikelyLess LikelyImportant5.55.0
CVE-2020-0947NoNoLess LikelyLess LikelyImportant5.55.0
CVE-2020-0937NoNoLess LikelyLess LikelyImportant5.55.0
CVE-2020-0939NoNoLess LikelyLess LikelyImportant5.55.0
Media Foundation Memory Corruption Vulnerability
CVE-2020-0948NoNoLess LikelyLess LikelyCritical7.87.0
CVE-2020-0949NoNoLess LikelyLess LikelyCritical7.87.0
CVE-2020-0950NoNoLess LikelyLess LikelyCritical7.87.0
Microsoft (MAU) Office Elevation of Privilege Vulnerability
CVE-2020-0984NoNo--Important  
Microsoft Defender Elevation of Privilege Vulnerability
CVE-2020-1002NoNoLess LikelyLess LikelyImportant  
Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
CVE-2020-1049NoNoLess LikelyLess LikelyImportant  
CVE-2020-1050NoNoLess LikelyLess LikelyImportant  
Microsoft Dynamics Business Central/NAV Information Disclosure
CVE-2020-1018NoNoLess LikelyLess LikelyImportant  
Microsoft Excel Remote Code Execution Vulnerability
CVE-2020-0906NoNoLess LikelyLess LikelyImportant  
CVE-2020-0979NoNo--Important  
Microsoft Graphics Component Information Disclosure Vulnerability
CVE-2020-0987NoNoLess LikelyLess LikelyImportant5.55.0
CVE-2020-1005NoNoLess LikelyLess LikelyImportant5.55.0
CVE-2020-0982NoNoLess LikelyLess LikelyImportant5.55.0
Microsoft Graphics Components Remote Code Execution Vulnerability
CVE-2020-0907NoNoLess LikelyLess LikelyCritical7.87.0
Microsoft Graphics Remote Code Execution Vulnerability
CVE-2020-0687NoNoLess LikelyLess LikelyCritical8.87.9
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
CVE-2020-0961NoNoLess LikelyLess LikelyImportant  
Microsoft Office Remote Code Execution Vulnerability
CVE-2020-0760NoNoLess LikelyLess LikelyImportant  
CVE-2020-0991NoNoLess LikelyLess LikelyImportant  
Microsoft Office SharePoint XSS Vulnerability
CVE-2020-0923NoNoLess LikelyLess LikelyImportant  
CVE-2020-0924NoNoLess LikelyLess LikelyImportant  
CVE-2020-0925NoNoLess LikelyLess LikelyImportant  
CVE-2020-0926NoNoLess LikelyLess LikelyImportant  
CVE-2020-0927NoNoLess LikelyLess LikelyCritical  
CVE-2020-0930NoNoLess LikelyLess LikelyImportant  
CVE-2020-0933NoNoLess LikelyLess LikelyImportant  
CVE-2020-0954NoNoLess LikelyLess LikelyImportant  
CVE-2020-0973NoNoLess LikelyLess LikelyImportant  
CVE-2020-0978NoNoLess LikelyLess LikelyImportant  
Microsoft RMS Sharing App for Mac Elevation of Privilege Vulnerability
CVE-2020-1019NoNo--Important  
Microsoft Remote Desktop App for Mac Elevation of Privilege Vulnerability
CVE-2020-0919NoNo--Important  
Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2020-0920NoNoLess LikelyLess LikelyImportant  
CVE-2020-0929NoNoLess LikelyLess LikelyCritical  
CVE-2020-0931NoNoLess LikelyLess LikelyCritical  
CVE-2020-0932NoNoLess LikelyLess LikelyCritical  
CVE-2020-0971NoNoLess LikelyLess LikelyImportant  
CVE-2020-0974NoNoLess LikelyLess LikelyCritical  
Microsoft SharePoint Spoofing Vulnerability
CVE-2020-0972NoNoLess LikelyLess LikelyImportant  
CVE-2020-0975NoNoLess LikelyLess LikelyImportant  
CVE-2020-0976NoNo--Important  
CVE-2020-0977NoNoLess LikelyLess LikelyImportant  
Microsoft Visual Studio Elevation of Privilege Vulnerability
CVE-2020-0899NoNoLess LikelyLess LikelyImportant  
Microsoft Windows Codecs Library Remote Code Execution Vulnerability
CVE-2020-0965NoNoLess LikelyLess LikelyCritical7.87.0
Microsoft Windows Update Client Elevation of Privilege Vulnerability
CVE-2020-1014NoNoLess LikelyLess LikelyImportant7.87.0
Microsoft Word Remote Code Execution Vulnerability
CVE-2020-0980NoNoLess LikelyLess LikelyImportant  
Microsoft YourPhone Application for Android Authentication Bypass Vulnerability
CVE-2020-0943NoNo--Important  
OneDrive for Windows Elevation of Privilege Vulnerability
CVE-2020-0935YesNo--Important  
Scripting Engine Memory Corruption Vulnerability
CVE-2020-0968NoYesMore LikelyMore LikelyCritical6.45.9
CVE-2020-0970NoNo--Critical4.23.8
VBScript Remote Code Execution Vulnerability
CVE-2020-0966NoNoLess LikelyLess LikelyImportant  
CVE-2020-0967NoNoLess LikelyLess LikelyCritical  
Visual Studio Extension Installer Service Elevation of Privilege Vulnerability
CVE-2020-0900NoNoLess LikelyLess LikelyImportant  
Win32k Elevation of Privilege Vulnerability
CVE-2020-0956NoNoMore LikelyMore LikelyImportant7.06.3
CVE-2020-0957NoNo--Important7.06.3
CVE-2020-0958NoNoMore LikelyMore LikelyImportant7.06.3
Win32k Information Disclosure Vulnerability
CVE-2020-0699NoNoLess LikelyLess LikelyImportant4.74.2
CVE-2020-0962NoNoLess LikelyLess LikelyImportant4.74.2
Windows DNS Denial of Service Vulnerability
CVE-2020-0993NoNoLess LikelyLess LikelyImportant6.55.9
Windows Defender Antimalware Platform Hard Link Elevation of Privilege Vulnerability
CVE-2020-0835NoNo--Important  
Windows Denial of Service Vulnerability
CVE-2020-0794NoNoLess LikelyLess LikelyImportant7.16.4
Windows Elevation of Privilege Vulnerability
CVE-2020-0934NoNoLess LikelyLess LikelyImportant7.87.0
CVE-2020-0983NoNoLess LikelyLess LikelyImportant7.87.0
CVE-2020-1009NoNoLess LikelyLess LikelyImportant7.87.0
CVE-2020-1011NoNoLess LikelyLess LikelyImportant7.87.0
CVE-2020-1015NoNoLess LikelyLess LikelyImportant7.87.0
Windows GDI Information Disclosure Vulnerability
CVE-2020-0952NoNoLess LikelyLess LikelyImportant5.55.0
Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2020-1004NoNoMore LikelyMore LikelyImportant7.87.0
Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2020-0917NoNoLess LikelyLess LikelyImportant8.47.6
CVE-2020-0918NoNoLess LikelyLess LikelyImportant8.47.6
Windows Hyper-V Remote Code Execution Vulnerability
CVE-2020-0910NoNoLess LikelyLess LikelyCritical8.47.6
Windows Kernel Elevation of Privilege Vulnerability
CVE-2020-0913NoNoLess LikelyLess LikelyImportant7.87.0
CVE-2020-1000NoNoLess LikelyLess LikelyImportant7.87.0
CVE-2020-1003NoNoLess LikelyLess LikelyImportant7.87.0
CVE-2020-1027NoNoMore LikelyMore LikelyImportant7.87.0
Windows Kernel Information Disclosure Vulnerability
CVE-2020-1007NoNoLess LikelyLess LikelyImportant5.55.0
CVE-2020-0821NoNoLess LikelyLess LikelyImportant5.55.0
Windows Kernel Information Disclosure in CPU Memory Access
CVE-2020-0955NoNoLess LikelyLess LikelyImportant5.55.0
Windows Push Notification Service Elevation of Privilege Vulnerability
CVE-2020-1001NoNoLess LikelyLess LikelyImportant7.87.0
CVE-2020-1006NoNoLess LikelyLess LikelyImportant7.87.0
CVE-2020-0940NoNoLess LikelyLess LikelyImportant7.06.3
CVE-2020-1017NoNoLess LikelyLess LikelyImportant7.06.3
Windows Push Notification Service Information Disclosure Vulnerability
CVE-2020-1016NoNoLess LikelyLess LikelyImportant5.55.0
Windows Scheduled Task Elevation of Privilege Vulnerability
CVE-2020-0936NoNoLess LikelyLess LikelyImportant7.16.4
Windows Token Security Feature Bypass Vulnerability
CVE-2020-0981NoNoLess LikelyLess LikelyImportant6.35.7
Windows Update Stack Elevation of Privilege Vulnerability
CVE-2020-0985NoNoLess LikelyLess LikelyImportant7.87.0
CVE-2020-0996NoNoLess LikelyLess LikelyImportant7.87.0
Windows VBScript Engine Remote Code Execution Vulnerability
CVE-2020-0895NoNoLess LikelyLess LikelyImportant6.45.8
Windows Work Folder Service Elevation of Privilege Vulnerability
CVE-2020-1094NoNo--Important7.87.0
728x90
저작자표시 비영리

'취약점 정보1' 카테고리의 다른 글

Oracle Critical Patch Update 보안 업데이트 권고  (0) 2020.04.20
Adobe 제품군 보안 업데이트 권고  (0) 2020.04.20
VMware vCenter Server 보안 업데이트 권고  (0) 2020.04.14
Django 제품 SQL Injection 취약점 보안 업데이트 권고  (0) 2020.03.25
MS 윈도우 취약점 보안 주의 권고  (0) 2020.03.25

'취약점 정보1' Related Articles

티스토리툴바