April's Patch Tuesday is here and Microsoft is patching 113 CVEs this month. Eighteen of these are rated "Critical", 94 rated as "Important", and one rated "Moderate". The highest-profile vulnerability patched today is in the Adobe and OpenType font drivers (CVE-2020-1020 and CVE-2020-0938 respectively). These vulnerabilities were detected after being exploited as a part of a limited zero-day campaign. Among the other "Critical" vulnerabilities are Remote Code Execution (RCE) vulnerabilities in SharePoint, Dynamics, and Hyper-V.
SharePoint and Hyper-V also pop up on the list of vulnerabilities on the list rated "Important". There are also over a dozen privilege escalation vulnerabilities in the Windows kernel and various operating system components. A rarity for Patch Tuesday are patches for Apple Mac based vulnerabilities but two separate privilege escalation vulnerabilities are patched today for the Microsoft Remote Desktop (CVE-2020-0919) and RMS Sharing Apps (CVE-2020-1019) for Mac.
Make sure you wash your hands before and after patching and stay safe!
Critical
Adobe Font Manager Library Remote Code Execution Vulnerability
CVE-2020-1020
Remote Code Execution
Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2020-0969
Remote Code Execution
Dynamics Business Central Remote Code Execution Vulnerability
CVE-2020-1022
Remote Code Execution
Media Foundation Memory Corruption Vulnerability
CVE-2020-0948, CVE-2020-0949, CVE-2020-0950
Remote Code Execution
Microsoft Graphics Components Remote Code Execution Vulnerability
CVE-2020-0907, CVE-2020-0687
Remote Code Execution
Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0974
Information Disclosure
Microsoft Windows Codecs Library Remote Code Execution Vulnerability
CVE-2020-0965
Remote Code Execution
OpenType Font Parsing Remote Code Execution Vulnerability
CVE-2020-0938
Remote Code Execution
Scripting Engine Memory Corruption Vulnerability
CVE-2020-0968, CVE-2020-0970
Remote Code Execution
VBScript Remote Code Execution Vulnerability
CVE-2020-0967
Remote Code Execution
Windows Hyper-V Remote Code Execution Vulnerability
CVE-2020-0910
Remote Code Execution
Important
Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
CVE-2020-0942, CVE-2020-0944, CVE-2020-1029
Elevation of Privilege
DirectX Elevation of Privilege Vulnerability
CVE-2020-0784, CVE-2020-0888
Elevation of Privilege
GDI+ Remote Code Execution Vulnerability
CVE-2020-0964
Remote Code Execution
Jet Database Engine Remote Code Execution Vulnerability
CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008
Remote Code Execution
Media Foundation Information Disclosure Vulnerability
CVE-2020-0937, CVE-2020-0939, CVE-2020-0945, CVE-2020-0946, CVE-2020-0947
Information Disclosure
Microsoft (MAU) Office Elevation of Privilege Vulnerability
CVE-2020-0984
Elevation of Privilege
Microsoft Defender Elevation of Privilege Vulnerability
CVE-2020-1002
Elevation of Privilege
Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
CVE-2020-1049, CVE-2020-1050
Spoofing
Microsoft Dynamics Business Central/NAV Information Disclosure
CVE-2020-1018
Information Disclosure
Microsoft Excel Remote Code Execution Vulnerability
CVE-2020-0906, CVE-2020-0979
Remote Code Execution
Microsoft Graphics Component Information Disclosure Vulnerability
CVE-2020-0982, CVE-2020-0987, CVE-2020-1005
Information Disclosure
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
CVE-2020-0961
Remote Code Execution
Microsoft Office Remote Code Execution Vulnerability
CVE-2020-0760, CVE-2020-0991
Remote Code Execution
Microsoft Office SharePoint XSS Vulnerability
CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0973, CVE-2020-0978
Spoofing
Microsoft Remote Desktop App for Mac Elevation of Privilege Vulnerability
CVE-2020-0919
Elevation of Privilege
Microsoft RMS Sharing App for Mac Elevation of Privilege Vulnerability
CVE-2020-1019
Security Feature Bypass
Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2020-0920, CVE-2020-0971
Remote Code Execution
Microsoft SharePoint Spoofing Vulnerability
CVE-2020-0972, CVE-2020-0975, CVE-2020-0976, CVE-2020-0977
Spoofing
Microsoft Visual Studio Elevation of Privilege Vulnerability
CVE-2020-0899
Elevation of Privilege
Microsoft Windows Update Client Elevation of Privilege Vulnerability
CVE-2020-1014
Elevation of Privilege
Microsoft Word Remote Code Execution Vulnerability
CVE-2020-0980
Remote Code Execution
Microsoft YourPhone Application for Android Authentication Bypass Vulnerability
CVE-2020-0943
Security Feature Bypass
MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability
CVE-2020-1026
Information Disclosure
OneDrive for Windows Elevation of Privilege Vulnerability
CVE-2020-0935
Elevation of Privilege
VBScript Remote Code Execution Vulnerability
CVE-2020-0966
Remote Code Execution
Visual Studio Extension Installer Service Elevation of Privilege Vulnerability
CVE-2020-0900
Elevation of Privilege
Win32k Elevation of Privilege Vulnerability
CVE-2020-0956, CVE-2020-0957, CVE-2020-0958
Elevation of Privilege
Win32k Information Disclosure Vulnerability
CVE-2020-0699, CVE-2020-0962
Information Disclosure
Windows Defender Antimalware Platform Hard Link Elevation of Privilege Vulnerability
CVE-2020-0835
Elevation of Privilege
Windows Denial of Service Vulnerability
CVE-2020-0794
Denial of Service
Windows DNS Denial of Service Vulnerability
CVE-2020-0993
Denial of Service
Windows Elevation of Privilege Vulnerability
CVE-2020-0934, CVE-2020-0983, CVE-2020-1009, CVE-2020-1011, CVE-2020-1015
Elevation of Privilege
Windows GDI Information Disclosure Vulnerability
CVE-2020-0952
Information Disclosure
Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2020-1004
Elevation of Privilege
Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2020-0917, CVE-2020-0918
Elevation of Privilege
Windows Kernel Elevation of Privilege Vulnerability
CVE-2020-0913, CVE-2020-1000, CVE-2020-1003, CVE-2020-1027
Elevation of Privilege
Windows Kernel Information Disclosure in CPU Memory Access
CVE-2020-0955
Information Disclosure
Windows Kernel Information Disclosure Vulnerability
CVE-2020-0821, CVE-2020-1007
Information Disclosure
Windows Push Notification Service Elevation of Privilege Vulnerability
CVE-2020-0940, CVE-2020-1001, CVE-2020-1006, CVE-2020-1017, CVE-2020-1016
Information Disclosure
Windows Scheduled Task Elevation of Privilege Vulnerability
CVE-2020-0936
Elevation of Privilege
Windows Token Security Feature Bypass Vulnerability
CVE-2020-0981
Security Feature Bypass
Windows Update Stack Elevation of Privilege Vulnerability
CVE-2020-0985, CVE-2020-0996
Elevation of Privilege
Windows VBScript Engine Remote Code Execution Vulnerability
CVE-2020-0895
Remote Code Execution
Windows Work Folder Service Elevation of Privilege Vulnerability
CVE-2020-1094
Elevation of Privilege
Moderate
Microsoft Office SharePoint XSS Vulnerability
CVE-2020-0954
Spoofing