{"id":347765,"date":"2020-04-15T08:31:51","date_gmt":"2020-04-15T06:31:51","guid":{"rendered":"https:\/\/mybroadband.co.za\/news\/?p=347765"},"modified":"2020-04-15T08:33:36","modified_gmt":"2020-04-15T06:33:36","slug":"new-windows-patch-fixes-113-security-flaws-update-now","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/347765-new-windows-patch-fixes-113-security-flaws-update-now.html","title":{"rendered":"New Windows patch fixes 113 security flaws &#8211; Update now"},"content":{"rendered":"<p>Microsoft has <a href=\"https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\/releasenotedetail\/2020-Apr\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>published<\/strong><\/a> its Patch Tuesday update for April, which fixes 113 vulnerabilities across 11 different Microsoft products.<\/p>\n<p>Among these vulnerabilities are three zero-day bugs that are being exploited in the wild on Windows computers.<\/p>\n<p>These three zero-day vulnerabilities are as follows:<\/p>\n<h3 class=\"my-4\">CVE-2020-1020<\/h3>\n<p>This vulnerability exists in the Windows Adobe Type Manager Library where an attacker can execute code on the target system remotely.<\/p>\n<p>On Windows 10 systems, however, the attacker can only execute code in an AppContainer sandbox context with limited privileges and capabilities.<\/p>\n<p>However, this allows the attacker to install programs; view, change, or delete data; or create new accounts with full user rights.<\/p>\n<p>The vulnerability can be exploited in a variety of ways, such as convincing a target to open a malicious document.<\/p>\n<h3 class=\"my-4\">CVE-2020-0938<\/h3>\n<p>This bug is almost identical to the first one. It takes place in the same library, and also allows remote execution on non-Windows 10 systems.<\/p>\n<p>Likewise, on Windows 10, code can be executed with limited privileges in an AppContainer sandbox, from which the malicious party can perform various actions to attack the target&#8217;s device.<\/p>\n<p>Microsoft published mitigation measures last month which can be applied both to CVE-2020-1020 and CVE-2020-0938 to block these attacks.<\/p>\n<h3 class=\"my-4\">CVE-2020-1027<\/h3>\n<p>The final exploit active in the wild allows an attacker to execute code with elevated permissions.<\/p>\n<p>This is caused by the way the Windows Kernel handles objects in memory.<\/p>\n<p>To exploit this flaw, attackers need to run a specially crafted application.<\/p>\n<h3 class=\"my-4\">Other fixes<\/h3>\n<p>The April 2020 Patch Tuesday update offers a variety of other security updates that span across a variety of Microsoft software products.<\/p>\n<p>These include:<\/p>\n<ul>\n<li>Microsoft Windows<\/li>\n<li>Microsoft Edge (EdgeHTML-based)<\/li>\n<li>Microsoft Edge (Chromium-based)<\/li>\n<li>ChakraCore<\/li>\n<li>Internet Explorer<\/li>\n<li>Microsoft Office and Microsoft Office Services and Web Apps<\/li>\n<li>Windows Defender<\/li>\n<li>Visual Studio<\/li>\n<li>Microsoft Dynamics<\/li>\n<li>Microsoft Apps for Android<\/li>\n<li class=\"\">Microsoft Apps for Mac<\/li>\n<\/ul>\n<p>Users running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates.<\/p>\n<h3 class=\"my-4\">Now read: <a href=\"https:\/\/mybroadband.co.za\/news\/technology\/347763-apple-launches-maps-tool-showing-user-activity-during-the-coronavirus-pandemic.html\" rel=\"bookmark\">Apple launches Maps tool showing user activity during the coronavirus pandemic<\/a><\/h3>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft has published its Patch Tuesday update for April, which fixes 113 vulnerabilities across 11 different Microsoft products.<\/p>\n","protected":false},"author":341039,"featured_media":322910,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[123,12505,46045],"class_list":["post-347765","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-microsoft","tag-microsoft-windows","tag-patch-tuesday"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/347765"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/341039"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=347765"}],"version-history":[{"count":0,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/347765\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/322910"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=347765"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=347765"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=347765"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}