Microsoft April Patch Tuesday fixes three currently exploited vulnerabilities
SC Magazine | April 14, 2020
For the second consecutive month Microsoft rolled out a 100-plus batch of security updates for Patch Tuesday, this time including three vulnerabilities being exploited in the wild. Overall, the month saw 113 vulnerabilities addressed with 19 critical issues patched. The three currently exploited vulnerabilities are CVE-2020-1020, CVE-2020-0938, CVE-2020-0968 and CVE-2020-1027. The first two were initially disclosed on March 23 and can be found in the Adobe Font Manager Library and can lead to remote code execution. To exploit these flaws, an attacker would need to socially engineer a user into opening a malicious document or viewing the document in the Windows Preview pane, said Satnam Narang, principal research engineer at Tenable.