This Tuesday, Microsoft released the scheduled Patch Tuesday update for April 2020. This month also brings a huge update bundle with 113 security fixes. It’s even more important as it addresses some bugs under active exploit.
This month, Microsoft has addressed four vulnerabilities under active attack.
The first of these is a critical severity vulnerability (CVE-2020-0968) affecting Internet Explorer. It was a memory corruption flaw that allowed a remote attacker to execute arbitrary codes in the context of the current user. This became even more serious if the logged-in user has administrative rights, thus giving admin privileges to the attacker.
The other three are important severity vulnerabilities, of which, one was even publicly disclosed. Regarding this bug (CVE-2020-1020) Microsoft’s advisory describes,
Exploiting this bug merely required the attacker to convince the user to open a maliciously crafted file.
Another vulnerability in the Windows Adobe Type Manager Library leading to remote code execution (CVE-2020-0938) was under active attack.
Besides, the fourth vulnerability (CVE-2020-1027) existed in the Windows Kernel allowing elevation of privileges.