{"id":6083,"date":"2020-04-15T23:49:53","date_gmt":"2020-04-15T22:49:53","guid":{"rendered":"https:\/\/www.n-able.com\/?p=6083"},"modified":"2022-06-10T18:21:51","modified_gmt":"2022-06-10T17:21:51","slug":"april-2020-patch-tuesday-update-113-cve-numbers-addressed","status":"publish","type":"post","link":"https:\/\/www.n-able.com\/de\/blog\/april-2020-patch-tuesday-update-113-cve-numbers-addressed","title":{"rendered":"April 2020 Patch Tuesday Update: 113 CVE Numbers Addressed"},"content":{"rendered":"

This month\u2019s Patch Tuesday release contains 113 total CVE numbers addressed, with 19 of them listed as \u201cCritical,\u201d including a fix for a recently announced 0-day vulnerability from March. The \u201cCritical\u201d vulnerabilities affect Windows operating systems, browsers, SharePoint, and Microsoft Dynamics. Three vulnerabilities are listed as \u201cExploit Detected\u201d this month.<\/p>\n

Operating systems<\/b><\/h3>\n

First, let\u2019s look at the \u201cCritical\u201d vulnerabilities in the operating systems, plus one \u201cImportant\u201d that should get some attention. It should be noted that five of the \u201cCritical\u201d vulnerabilities are in Windows 7 and Server 2008 (R2) and require an extended security updates agreement with Microsoft to patch them.<\/p>\n

CVE-2020-0938<\/a>\u00a0and\u00a0CVE-2020-1020<\/a>\u00a0are fixes for a 0-day vulnerability that was announced on March 22 by Microsoft. Both are „Remote Code Execution“ vulnerabilities in Adobe Font Manager Library. Microsoft reports seeing Windows 7 systems being exploited actively (\u201cExploit Detected\u201d), while Windows 10 systems are listed as „Exploitation Less Likely,“ mainly because newer versions of the operating system handle these threats differently by executing the code in an AppContainer context. Therefore, Microsoft has listed these as „Critical“ for Windows 7, 8, 8.1, and the corresponding server versions, while they are listed as „Important“ for Windows 10 and the corresponding server versions.<\/p>\n

CVE-2020-0910<\/a>\u00a0is a vulnerability in Windows Hyper-V, and affects Windows 10 versions 1809, 1903, and 1909 as well as Windows Server 2019 (including Core). It also applies to Server Core versions 1903 and 1909. This vulnerability would allow an attacker that had access to a guest operating system to execute code on the host operating system (sometimes referred to as hypervisor escape).<\/p>\n

Next up we have a trio of similar „Media Foundation Memory Corruption“ vulnerabilities:\u00a0CVE-2020-0948<\/a>\u00a0,\u00a0CVE-2020-0949<\/a>\u00a0, and\u00a0CVE-2020-0950<\/a>\u00a0, which are all listed as „Exploitation Less Likely.“<\/p>\n

These three vulnerabilities affect all operating systems from Windows 7 to the most recent version of Windows 10, including Server 2008 up to Windows server 1909. Microsoft states an attacker could gain full control over a system if the user was convinced to open an attachment or visit a malicious web page.<\/p>\n

CVE-2020-0687<\/a>\u00a0is a Microsoft Graphics „Remote Code Execution“ vulnerability that would require a user to open a document or visit a malicious website that contains specially crafted embedded fonts and would grant the attacker the same rights as the user.<\/p>\n

CVE-2020-0907<\/a>\u00a0is a vulnerability in Microsoft Graphics Components that would grant an attacker the ability to execute arbitrary code, regardless of user level, if the user opened a specially crafted file.<\/p>\n

CVE-2020-0965<\/a>\u00a0is a vulnerability in Microsoft Windows Codecs that would grant an attacker the ability to execute arbitrary code, regardless of user level, if the user opened a specially crafted image file.<\/p>\n

Notable \u201cImportant\u201d operating system vulnerability<\/b><\/h3>\n

There is one other vulnerability of note, which interestingly is listed as „Important,“ but is also listed as „Exploitation Detected“ by Microsoft.\u00a0CVE-2020-1027<\/a>\u00a0is an „Elevation of Privilege“ vulnerability in Windows 7 up to current versions (including all server versions). The attacker would, however, need authenticated access to the system to execute this vulnerability.<\/p>\n

Browsers<\/b><\/h3>\n

There are four „Critical“ browser\/scripting engine vulnerabilities this month.<\/p>\n

The first two,\u00a0CVE-2020-0970<\/a>\u00a0and\u00a0CVE-2020-0970<\/a>, are in the EdgeHTML-based Edge browser on Windows 10, Server 2016, and Server 2019.<\/p>\n

The other two affect Internet Explorer on all operating systems from Windows 7 up to current versions of Windows 10, including all server versions.<\/p>\n

CVE-2020-0967<\/a>\u00a0is VBScript vulnerability that could allow an attacker to gain the same rights as a user on a system, and is listed as „Exploitation Less Likely.“<\/p>\n

CVE-2020-0968<\/a>\u00a0is a similar Scripting Engine vulnerability but is listed as „Exploitation More Likely“ by Microsoft.<\/p>\n

SharePoint<\/b><\/h3>\n

There are five vulnerabilities listed as Critical in SharePoint. All of them would require an attacker to successfully upload a specially crafted SharePoint application package to the affected version of SharePoint.<\/p>\n

Microsoft Dynamics<\/b><\/h3>\n

CVE-2020-1022<\/a>\u00a0is a „Remote Code Execution“ vulnerability listed as „Exploitation Less Likely.“<\/p>\n

Adobe releases<\/b><\/h3>\n

Adobe follows the Patch Tuesday schedule as well, and this week released security fixes for Digital Editions, ColdFusion, and After Effects\u2014more information can be found on their\u00a0Security Bulletins and Advisories page<\/a>.<\/p>\n

Summary<\/b><\/h3>\n

With a patch for a recently announced 0-day in Windows operating systems, it is recommended to prioritize Internet-facing user workstations first with operating system patches. Then focus on your Servers. Finally, update SharePoint servers and Microsoft Dynamics.<\/p>\n

As always, we recommend testing these patches on a small set of systems before approving them for wider deployment.<\/p>\n

Additionally, you may notice many of these patches require a user to click on a file or visit a malicious website. That is why it is critical to combine a patching strategy with a layered approach and protect the vectors of attack with email protection, endpoint protection, and web protection to ensure the best security for all users.<\/p>\n

Let\u2019s stay safe out there!<\/p>\n

 <\/p>\n

Gill Langston is head security nerd for SolarWinds MSP. You can follow Gill on Twitter at\u00a0@cybersec_nerd<\/a><\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

This month\u2019s Patch Tuesday release contains 113 total CVE numbers addressed, with 19 listed as \u201cCritical,\u201d including a fix for a recently announced 0-day vulnerability from March.<\/p>\n","protected":false},"author":27,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"class_list":["post-6083","post","type-post","status-publish","format-standard","hentry","topic-head-nerds","topic-patch-management","topic-security"],"acf":[],"yoast_head":"\nApril 2020 Patch Tuesday Update: 113 CVE Numbers Addressed - N-able<\/title>\n<meta name=\"description\" content=\"This month\u2019s Patch Tuesday release contains 113 total CVE numbers addressed, with 19 listed as \u201cCritical,\u201d including a fix for a recently announced 0-day vulnerability from March.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.n-able.com\/de\/blog\/april-2020-patch-tuesday-update-113-cve-numbers-addressed\" \/>\n<meta property=\"og:locale\" content=\"de_DE\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"April 2020 Patch Tuesday Update: 113 CVE Numbers Addressed - N-able\" \/>\n<meta property=\"og:description\" content=\"This month\u2019s Patch Tuesday release contains 113 total CVE numbers addressed, with 19 listed as \u201cCritical,\u201d including a fix for a recently announced 0-day vulnerability from March.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.n-able.com\/de\/blog\/april-2020-patch-tuesday-update-113-cve-numbers-addressed\" \/>\n<meta property=\"og:site_name\" content=\"N-able\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/NableMSP\" \/>\n<meta property=\"article:published_time\" content=\"2020-04-15T22:49:53+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-06-10T17:21:51+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/03\/share-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Gill Langston\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Nable\" \/>\n<meta name=\"twitter:site\" content=\"@Nable\" \/>\n<meta name=\"twitter:label1\" content=\"Verfasst von\" \/>\n\t<meta name=\"twitter:data1\" content=\"Gill Langston\" \/>\n\t<meta name=\"twitter:label2\" content=\"Gesch\u00e4tzte Lesezeit\" \/>\n\t<meta name=\"twitter:data2\" content=\"4\u00a0Minuten\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/april-2020-patch-tuesday-update-113-cve-numbers-addressed#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/april-2020-patch-tuesday-update-113-cve-numbers-addressed\"},\"author\":{\"name\":\"Gill Langston\",\"@id\":\"https:\/\/www.n-able.com\/de#\/schema\/person\/ccb02e43837727da6ab962f5357e872a\"},\"headline\":\"April 2020 Patch Tuesday Update: 113 CVE Numbers Addressed\",\"datePublished\":\"2020-04-15T23:49:53+01:00\",\"dateModified\":\"2022-06-10T17:21:51+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/april-2020-patch-tuesday-update-113-cve-numbers-addressed\"},\"wordCount\":817,\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/de#organization\"},\"articleSection\":[\"Head Nerds\",\"Patch Management\",\"Security\"],\"inLanguage\":\"de\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/april-2020-patch-tuesday-update-113-cve-numbers-addressed\",\"url\":\"https:\/\/www.n-able.com\/de\/blog\/april-2020-patch-tuesday-update-113-cve-numbers-addressed\",\"name\":\"April 2020 Patch Tuesday Update: 113 CVE Numbers Addressed - N-able\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/de#website\"},\"datePublished\":\"2020-04-15T23:49:53+01:00\",\"dateModified\":\"2022-06-10T17:21:51+00:00\",\"description\":\"This month\u2019s Patch Tuesday release contains 113 total CVE numbers addressed, with 19 listed as \u201cCritical,\u201d including a fix for a recently announced 0-day vulnerability from March.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/april-2020-patch-tuesday-update-113-cve-numbers-addressed#breadcrumb\"},\"inLanguage\":\"de\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.n-able.com\/de\/blog\/april-2020-patch-tuesday-update-113-cve-numbers-addressed\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/april-2020-patch-tuesday-update-113-cve-numbers-addressed#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Security\",\"item\":\"https:\/\/www.n-able.com\/de\/blog\/category\/security\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"April 2020 Patch Tuesday Update: 113 CVE Numbers Addressed\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.n-able.com\/de#website\",\"url\":\"https:\/\/www.n-able.com\/de\",\"name\":\"N-able\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/de#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.n-able.com\/de?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"de\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.n-able.com\/de#organization\",\"name\":\"N-able\",\"url\":\"https:\/\/www.n-able.com\/de\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\/\/www.n-able.com\/de#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"contentUrl\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"width\":\"1024\",\"height\":\"1024\",\"caption\":\"N-able\"},\"image\":{\"@id\":\"https:\/\/www.n-able.com\/de#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/NableMSP\",\"https:\/\/x.com\/Nable\",\"https:\/\/www.linkedin.com\/company\/n-able\",\"https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.n-able.com\/de#\/schema\/person\/ccb02e43837727da6ab962f5357e872a\",\"name\":\"Gill Langston\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/7e3211da194e6f8c74fccea7140d31255418759757a5d157a8eb4fd12fd0f1f2?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/7e3211da194e6f8c74fccea7140d31255418759757a5d157a8eb4fd12fd0f1f2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/7e3211da194e6f8c74fccea7140d31255418759757a5d157a8eb4fd12fd0f1f2?s=96&d=mm&r=g\",\"caption\":\"Gill Langston\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"April 2020 Patch Tuesday Update: 113 CVE Numbers Addressed - N-able","description":"This month\u2019s Patch Tuesday release contains 113 total CVE numbers addressed, with 19 listed as \u201cCritical,\u201d including a fix for a recently announced 0-day vulnerability from March.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.n-able.com\/de\/blog\/april-2020-patch-tuesday-update-113-cve-numbers-addressed","og_locale":"de_DE","og_type":"article","og_title":"April 2020 Patch Tuesday Update: 113 CVE Numbers Addressed - N-able","og_description":"This month\u2019s Patch Tuesday release contains 113 total CVE numbers addressed, with 19 listed as \u201cCritical,\u201d including a fix for a recently announced 0-day vulnerability from March.","og_url":"https:\/\/www.n-able.com\/de\/blog\/april-2020-patch-tuesday-update-113-cve-numbers-addressed","og_site_name":"N-able","article_publisher":"https:\/\/www.facebook.com\/NableMSP","article_published_time":"2020-04-15T22:49:53+00:00","article_modified_time":"2022-06-10T17:21:51+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/03\/share-image.jpg","type":"image\/jpeg"}],"author":"Gill Langston","twitter_card":"summary_large_image","twitter_creator":"@Nable","twitter_site":"@Nable","twitter_misc":{"Verfasst von":"Gill Langston","Gesch\u00e4tzte Lesezeit":"4\u00a0Minuten"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.n-able.com\/de\/blog\/april-2020-patch-tuesday-update-113-cve-numbers-addressed#article","isPartOf":{"@id":"https:\/\/www.n-able.com\/de\/blog\/april-2020-patch-tuesday-update-113-cve-numbers-addressed"},"author":{"name":"Gill Langston","@id":"https:\/\/www.n-able.com\/de#\/schema\/person\/ccb02e43837727da6ab962f5357e872a"},"headline":"April 2020 Patch Tuesday Update: 113 CVE Numbers Addressed","datePublished":"2020-04-15T23:49:53+01:00","dateModified":"2022-06-10T17:21:51+00:00","mainEntityOfPage":{"@id":"https:\/\/www.n-able.com\/de\/blog\/april-2020-patch-tuesday-update-113-cve-numbers-addressed"},"wordCount":817,"publisher":{"@id":"https:\/\/www.n-able.com\/de#organization"},"articleSection":["Head Nerds","Patch Management","Security"],"inLanguage":"de"},{"@type":"WebPage","@id":"https:\/\/www.n-able.com\/de\/blog\/april-2020-patch-tuesday-update-113-cve-numbers-addressed","url":"https:\/\/www.n-able.com\/de\/blog\/april-2020-patch-tuesday-update-113-cve-numbers-addressed","name":"April 2020 Patch Tuesday Update: 113 CVE Numbers Addressed - N-able","isPartOf":{"@id":"https:\/\/www.n-able.com\/de#website"},"datePublished":"2020-04-15T23:49:53+01:00","dateModified":"2022-06-10T17:21:51+00:00","description":"This month\u2019s Patch Tuesday release contains 113 total CVE numbers addressed, with 19 listed as \u201cCritical,\u201d including a fix for a recently announced 0-day vulnerability from March.","breadcrumb":{"@id":"https:\/\/www.n-able.com\/de\/blog\/april-2020-patch-tuesday-update-113-cve-numbers-addressed#breadcrumb"},"inLanguage":"de","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.n-able.com\/de\/blog\/april-2020-patch-tuesday-update-113-cve-numbers-addressed"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.n-able.com\/de\/blog\/april-2020-patch-tuesday-update-113-cve-numbers-addressed#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Security","item":"https:\/\/www.n-able.com\/de\/blog\/category\/security"},{"@type":"ListItem","position":2,"name":"April 2020 Patch Tuesday Update: 113 CVE Numbers Addressed"}]},{"@type":"WebSite","@id":"https:\/\/www.n-able.com\/de#website","url":"https:\/\/www.n-able.com\/de","name":"N-able","description":"","publisher":{"@id":"https:\/\/www.n-able.com\/de#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.n-able.com\/de?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"de"},{"@type":"Organization","@id":"https:\/\/www.n-able.com\/de#organization","name":"N-able","url":"https:\/\/www.n-able.com\/de","logo":{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/www.n-able.com\/de#\/schema\/logo\/image\/","url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","contentUrl":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","width":"1024","height":"1024","caption":"N-able"},"image":{"@id":"https:\/\/www.n-able.com\/de#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/NableMSP","https:\/\/x.com\/Nable","https:\/\/www.linkedin.com\/company\/n-able","https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw"]},{"@type":"Person","@id":"https:\/\/www.n-able.com\/de#\/schema\/person\/ccb02e43837727da6ab962f5357e872a","name":"Gill Langston","image":{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/secure.gravatar.com\/avatar\/7e3211da194e6f8c74fccea7140d31255418759757a5d157a8eb4fd12fd0f1f2?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/7e3211da194e6f8c74fccea7140d31255418759757a5d157a8eb4fd12fd0f1f2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/7e3211da194e6f8c74fccea7140d31255418759757a5d157a8eb4fd12fd0f1f2?s=96&d=mm&r=g","caption":"Gill Langston"}}]}},"_links":{"self":[{"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/posts\/6083","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/users\/27"}],"replies":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/comments?post=6083"}],"version-history":[{"count":0,"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/posts\/6083\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/media?parent=6083"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}