Patch Tuesday: Microsoft – 2020-04-14

Patch Tuesday - Microsoft - 2020-04-13

Description

Microsoft released updates covering 113 CVEs with severity ratings ranging from Low to Critical. The updates cover 93 products.

Notable Updates

Zero-day Patches

There are three zero-days patches this month. 

CVE-2020-1020 & CVE-2020-0938

CVE-2020-1020 and CVE-2020-0938 are also known as the Adobe Font Manager Library Remote Code Execution Vulnerability. The vulnerability is “remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format”.

Windows 7 to Windows 10 1909, and Windows Server 2008 to Windows Server 1909 are affected.

For more information on specific KBs and other mitigation, please visit https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1020

CVE-2020-1027

CVE-2020-1027 is an Elevation of Privilege vulnerability, which is when an attacker evaluates their permissions above what was assigned or authorized. This CVE is assigned “Important” from Microsoft, and requires the attacker to have local authorization. The vulnerability is “[a]n elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions”. 

There are no known workarounds aside from installing the applicable patch. This vulnerability exists for Windows 7 to Windows 10 and Windows Server 2008 to Windows Server 1909. 

For more information, please visit: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1027

Patches Breakdown

Patch Details

Severity

  • Critical (34 updates)
  • Important (78 updates)
  • Moderate (9 updates)
  • Low (7 updates)

Updates can have multiple Severity levels depending on the Impact

Impact
  • Remote Code Execution (76 update)
  • Information Disclosure (20 updates)
  • Elevation of Privilege (15 updates)
  • Spoofing (12 updates)
    Denial of Service (12 updates)
  • Security Feature Bypass (2 updates)

Updates can have multiple Impact categories with different Severity levels

Products
  • ChakraCore
  • Dynamics 365 Business Central 2019
  • Dynamics 365 Server, version 9.0 (on-premises)
  • Internet Explorer 11
  • Internet Explorer 9
  • Microsoft Access 2010 Service Pack 2
  • Microsoft Access 2013 Service Pack 1
  • Microsoft Access 2016
  • Microsoft AutoUpdate for Mac
  • Microsoft Business Productivity Servers 2010 Service Pack 2
  • Microsoft Dynamics 365 BC On Premise
  • Microsoft Dynamics NAV 2013
  • Microsoft Dynamics NAV 2015
  • Microsoft Dynamics NAV 2016
  • Microsoft Dynamics NAV 2017
  • Microsoft Dynamics NAV 2018
  • Microsoft Edge (EdgeHTML-based)
  • Microsoft Excel 2010 Service Pack 2
  • Microsoft Excel 2013 RT Service Pack 1
  • Microsoft Excel 2013 Service Pack 1
  • Microsoft Excel 2016
  • Microsoft Forefront
  • Endpoint Protection 2010
  • Microsoft Office 2010 Service Pack 2
  • Microsoft Office 2013 RT Service Pack 1
  • Microsoft Office 2013 Service Pack 1
  • Microsoft Office 2016
    Microsoft Office 2016 for Mac
  • Microsoft Office 2019
  • Microsoft Office 2019 for Mac
  • Microsoft Office Online Server
  • Microsoft Office Web Apps 2010 Service Pack 2
  • Microsoft Office Web Apps 2013 Service Pack 1
  • Microsoft Outlook 2010 Service Pack 2
  • Microsoft Outlook 2013 RT Service Pack 1
  • Microsoft Outlook 2013 Service Pack 1
  • Microsoft Outlook 2016
  • Microsoft PowerPoint 2010 Service Pack 2
  • Microsoft PowerPoint 2013 RT Service Pack 1
  • Microsoft PowerPoint 2013 Service Pack 1
  • Microsoft PowerPoint 2016
  • Microsoft Project 2010 Service Pack 2
  • Microsoft Project 2013 Service Pack 1
  • Microsoft Project 2016
  • Microsoft Project Server 2013 Service Pack 1
  • Microsoft Publisher 2010 Service Pack 2
  • Microsoft Publisher 2013 Service Pack 1
  • Microsoft Publisher 2016
  • Microsoft Remote Desktop for Mac
  • Microsoft Research JavaScript Cryptography Library V1.4
  • Microsoft RMS Sharing for Mac
  • Microsoft Security Essentials
  • Microsoft SharePoint Enterprise Server 2013 Service Pack 1
  • Microsoft SharePoint Enterprise Server 2016
  • Microsoft SharePoint Foundation 2010 Service Pack 2
  • Microsoft SharePoint Foundation 2013 Service Pack 1
  • Microsoft SharePoint Server 2010 Service Pack 2
  • Microsoft SharePoint Server 2019
  • Microsoft System Center 2012 Endpoint Protection
  • Microsoft System Center 2012 R2 Endpoint Protection
  • Microsoft System Center Endpoint Protection
  • Microsoft Visio 2010 Service Pack 2
  • Microsoft Visio 2013 Service Pack 1
  • Microsoft Visio 2016
    Microsoft Visual Studio 2015 Update 3
  • Microsoft Visual Studio 2017 version 15.9 (includes 15.1 – 15.8)
  • Microsoft Visual Studio 2019 version 16.0
  • Microsoft Visual Studio 2019 version 16.4 (includes 16.0 – 16.3)
  • Microsoft Visual Studio 2019 version 16.5
  • Microsoft Word 2010 Service Pack 2
  • Microsoft Word 2013 RT Service Pack 1
  • Microsoft Word 2013 Service Pack 1
  • Microsoft Word 2016
  • Microsoft Your Phone Companion App for Android
  • Office 365 ProPlus
  • OneDrive for Windows
  • Windows 10 Version 1607
  • Windows 10 Version 1709
  • Windows 10 Version 1803
  • Windows 10 Version 1809
  • Windows 10 Version 1903
  • Windows 10 Version 1909
  • Windows 7 Service Pack 1
  • Windows Defender
  • Windows 8.1
  • Windows Server 2008 Service Pack 2 (Desktop Experience and Core)
  • Windows Server 2008 R2 Service Pack 1 (Desktop Experience and Core)
  • Windows Server 2012 (Desktop Experience and Core)
  • Windows Server 2012 R2 (Desktop Experience and Core)
  • Windows Server 2016 (Desktop Experience and Core)
  • Windows Server 2019 (Desktop Experience and Core)
  • Windows Server, version 1803 (Server Core Installation)
  • Windows Server, version 1903 (Server Core installation)
  • Windows Server, version 1909 (Server Core installation)
CVEs

CVE-2020-0760
CVE-2020-0794
CVE-2020-0821
CVE-2020-0835
CVE-2020-0907
CVE-2020-0910
CVE-2020-0913
CVE-2020-0917
CVE-2020-0918
CVE-2020-0920
CVE-2020-0923
CVE-2020-0925
CVE-2020-0926
CVE-2020-0931
CVE-2020-0932
CVE-2020-0933
CVE-2020-0936
CVE-2020-0939
CVE-2020-0940
CVE-2020-0969
CVE-2020-0970
CVE-2020-0972
CVE-2020-0973
CVE-2020-0974
CVE-2020-0975
CVE-2020-0977
CVE-2020-0979
CVE-2020-0983
CVE-2020-0985
CVE-2020-0987
CVE-2020-0988
CVE-2020-0992
CVE-2020-0993
CVE-2020-0991
CVE-2020-0999
CVE-2020-1002
CVE-2020-1003
CVE-2020-1004
CVE-2020-1005
CVE-2020-1006
CVE-2020-1007
CVE-2020-1008
CVE-2020-1014
CVE-2020-1015
CVE-2020-1016
CVE-2020-1018
CVE-2020-1022
CVE-2020-0984
CVE-2020-1019
CVE-2020-0919
CVE-2020-1029
CVE-2020-0900
CVE-2020-0899
CVE-2020-1094
CVE-2020-0687
CVE-2020-0699
CVE-2020-0784
CVE-2020-0888
CVE-2020-0889
CVE-2020-0906
CVE-2020-0924
CVE-2020-0927
CVE-2020-0929
CVE-2020-0930
CVE-2020-0934
CVE-2020-0937
CVE-2020-0938
CVE-2020-0942
CVE-2020-0944
CVE-2020-0945
CVE-2020-0946
CVE-2020-0947
CVE-2020-0948
CVE-2020-0949
CVE-2020-0950
CVE-2020-0952
CVE-2020-0953
CVE-2020-0954
CVE-2020-0955
CVE-2020-0956
CVE-2020-0957
CVE-2020-0958
CVE-2020-0959
CVE-2020-0960
CVE-2020-0961
CVE-2020-0962
CVE-2020-0964
CVE-2020-0965
CVE-2020-0971
CVE-2020-0976
CVE-2020-0978
CVE-2020-0980
CVE-2020-0981
CVE-2020-0982
CVE-2020-0994
CVE-2020-0995
CVE-2020-0996
CVE-2020-1000
CVE-2020-1001
CVE-2020-1009
CVE-2020-1011
CVE-2020-1017
CVE-2020-1020
CVE-2020-1026
CVE-2020-0935
CVE-2020-1027
CVE-2020-0943
CVE-2020-1050
CVE-2020-1049
CVE-2020-0895
CVE-2020-0966
CVE-2020-0967
CVE-2020-0968