Security Alerts New Microsoft Patch fixes two actively exploited Zero-Days

Tuesday, Apr 14, 2020

Included in today’s April Patch Tuesday from Microsoft are patches for CVE-2020-1020 (remote code execution vulnerability for Windows) and CVE-2020-0938 (remote code execution vulnerability for Windows). Both of these vulnerabilities are related to the Windows Adobe Type Manager Library and were witnessed being actively exploited in the wild.

Additionally, security patches were released for CVE-2020-0935 that allowed a privilege escalation attack against OneDrive for Windows Desktop, CVE-2020-0927 that is a cross-site-scripting (XSS) issue against SharePoint, and CVE-2020-0910 that affects Hyper-V allowing a guest VM to compromise the hypervisor.

Administrators are recommended to apply these patches as soon as feasible within their environment.