Microsoft 14 kwietnia 2020 roku wydał nowy pakiet aktualizacji bezpieczeństwa w ramach comiesięcznego Patch Tuesday. Wydano łącznie 113 poprawek bezpieczeństwa, w tym 19 oznaczonych jako krytyczne.

Najistotniejsze podatności:

CVE-2020-1020, CVE-2020-0938 – biblioteka niepoprawnie obsługuje spreparowaną czcionkę multi-master – format Adobe Type 1 PostScript. W przypadku wszystkich systemów z wyjątkiem Windows 10 atakujący, któremu uda się wykorzystać luki, może wykonać kod zdalnie.

CVE-2020-0968 – luka związana z silnikiem skryptowym w przeglądarce Internet Explorer umożliwia atakującemu uzyskanie takich samych uprawnień jak bieżący użytkownik.

Poniżej przedstawiamy szczegółowe zestawienie aktualizacji:

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
Adobe Font Manager Library Remote Code Execution Vulnerability
CVE-2020-0938 No Yes Detected Less Likely Critical 7.8 7.0
CVE-2020-1020 Yes Yes Detected Less Likely Critical 7.8 7.0
Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2020-0969 No No Critical 4.2 3.8
Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
CVE-2020-0944 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1029 No No Less Likely Less Likely Important 7.8 7.8
CVE-2020-0942 No No Less Likely Less Likely Important 6.3 5.7
DirectX Elevation of Privilege Vulnerability
CVE-2020-0784 No No More Likely More Likely Important 7.8 7.0
CVE-2020-0888 No No More Likely Less Likely Important 7.8 7.0
Dynamics Business Central Remote Code Execution Vulnerability
CVE-2020-1022 No No Less Likely Less Likely Critical
GDI+ Remote Code Execution Vulnerability
CVE-2020-0964 No No Less Likely Less Likely Important 8.0 7.2
Jet Database Engine Remote Code Execution Vulnerability
CVE-2020-0988 No No Less Likely Less Likely Important 7.0 6.3
CVE-2020-0992 No No Less Likely Less Likely Important 7.0 6.3
CVE-2020-0994 No No Less Likely Less Likely Important 7.0 6.3
CVE-2020-0995 No No Less Likely Less Likely Important 7.0 6.3
CVE-2020-0999 No No Less Likely Less Likely Important 7.0 6.3
CVE-2020-1008 No No Less Likely Less Likely Important 7.0 6.3
CVE-2020-0889 No No Less Likely Less Likely Important 6.7 6.0
CVE-2020-0953 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0959 No No Less Likely Less Likely Important 6.7 6.0
CVE-2020-0960 No No Less Likely Less Likely Important 6.7 6.0
MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability
CVE-2020-1026 No No Important
Media Foundation Information Disclosure Vulnerability
CVE-2020-0945 No No Less Likely Less Likely Important 5.5 5.0
CVE-2020-0946 No No Less Likely Less Likely Important 5.5 5.0
CVE-2020-0947 No No Less Likely Less Likely Important 5.5 5.0
CVE-2020-0937 No No Less Likely Less Likely Important 5.5 5.0
CVE-2020-0939 No No Less Likely Less Likely Important 5.5 5.0
Media Foundation Memory Corruption Vulnerability
CVE-2020-0948 No No Less Likely Less Likely Critical 7.8 7.0
CVE-2020-0949 No No Less Likely Less Likely Critical 7.8 7.0
CVE-2020-0950 No No Less Likely Less Likely Critical 7.8 7.0
Microsoft (MAU) Office Elevation of Privilege Vulnerability
CVE-2020-0984 No No Important
Microsoft Defender Elevation of Privilege Vulnerability
CVE-2020-1002 No No Less Likely Less Likely Important
Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
CVE-2020-1049 No No Less Likely Less Likely Important
CVE-2020-1050 No No Less Likely Less Likely Important
Microsoft Dynamics Business Central/NAV Information Disclosure
CVE-2020-1018 No No Less Likely Less Likely Important
Microsoft Excel Remote Code Execution Vulnerability
CVE-2020-0906 No No Less Likely Less Likely Important
CVE-2020-0979 No No Important
Microsoft Graphics Component Information Disclosure Vulnerability
CVE-2020-0987 No No Less Likely Less Likely Important 5.5 5.0
CVE-2020-1005 No No Less Likely Less Likely Important 5.5 5.0
CVE-2020-0982 No No Less Likely Less Likely Important 5.5 5.0
Microsoft Graphics Components Remote Code Execution Vulnerability
CVE-2020-0907 No No Less Likely Less Likely Critical 7.8 7.0
Microsoft Graphics Remote Code Execution Vulnerability
CVE-2020-0687 No No Less Likely Less Likely Critical 8.8 7.9
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
CVE-2020-0961 No No Less Likely Less Likely Important
Microsoft Office Remote Code Execution Vulnerability
CVE-2020-0760 No No Less Likely Less Likely Important
CVE-2020-0991 No No Less Likely Less Likely Important
Microsoft Office SharePoint XSS Vulnerability
CVE-2020-0923 No No Less Likely Less Likely Important
CVE-2020-0924 No No Less Likely Less Likely Important
CVE-2020-0925 No No Less Likely Less Likely Important
CVE-2020-0926 No No Less Likely Less Likely Important
CVE-2020-0927 No No Less Likely Less Likely Critical
CVE-2020-0930 No No Less Likely Less Likely Important
CVE-2020-0933 No No Less Likely Less Likely Important
CVE-2020-0954 No No Less Likely Less Likely Important
CVE-2020-0973 No No Less Likely Less Likely Important
CVE-2020-0978 No No Less Likely Less Likely Important
Microsoft RMS Sharing App for Mac Elevation of Privilege Vulnerability
CVE-2020-1019 No No Important
Microsoft Remote Desktop App for Mac Elevation of Privilege Vulnerability
CVE-2020-0919 No No Important
Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2020-0920 No No Less Likely Less Likely Important
CVE-2020-0929 No No Less Likely Less Likely Critical
CVE-2020-0931 No No Less Likely Less Likely Critical
CVE-2020-0932 No No Less Likely Less Likely Critical
CVE-2020-0971 No No Less Likely Less Likely Important
CVE-2020-0974 No No Less Likely Less Likely Critical
Microsoft SharePoint Spoofing Vulnerability
CVE-2020-0972 No No Less Likely Less Likely Important
CVE-2020-0975 No No Less Likely Less Likely Important
CVE-2020-0976 No No Important
CVE-2020-0977 No No Less Likely Less Likely Important
Microsoft Visual Studio Elevation of Privilege Vulnerability
CVE-2020-0899 No No Less Likely Less Likely Important
Microsoft Windows Codecs Library Remote Code Execution Vulnerability
CVE-2020-0965 No No Less Likely Less Likely Critical 7.8 7.0
Microsoft Windows Update Client Elevation of Privilege Vulnerability
CVE-2020-1014 No No Less Likely Less Likely Important 7.8 7.0
Microsoft Word Remote Code Execution Vulnerability
CVE-2020-0980 No No Less Likely Less Likely Important
Microsoft YourPhone Application for Android Authentication Bypass Vulnerability
CVE-2020-0943 No No Important
OneDrive for Windows Elevation of Privilege Vulnerability
CVE-2020-0935 Yes No Important
Scripting Engine Memory Corruption Vulnerability
CVE-2020-0968 No Yes More Likely More Likely Critical 6.4 5.9
CVE-2020-0970 No No Critical 4.2 3.8
VBScript Remote Code Execution Vulnerability
CVE-2020-0966 No No Less Likely Less Likely Important
CVE-2020-0967 No No Less Likely Less Likely Critical
Visual Studio Extension Installer Service Elevation of Privilege Vulnerability
CVE-2020-0900 No No Less Likely Less Likely Important
Win32k Elevation of Privilege Vulnerability
CVE-2020-0956 No No More Likely More Likely Important 7.0 6.3
CVE-2020-0957 No No Important 7.0 6.3
CVE-2020-0958 No No More Likely More Likely Important 7.0 6.3
Win32k Information Disclosure Vulnerability
CVE-2020-0699 No No Less Likely Less Likely Important 4.7 4.2
CVE-2020-0962 No No Less Likely Less Likely Important 4.7 4.2
Windows DNS Denial of Service Vulnerability
CVE-2020-0993 No No Less Likely Less Likely Important 6.5 5.9
Windows Defender Antimalware Platform Hard Link Elevation of Privilege Vulnerability
CVE-2020-0835 No No Important
Windows Denial of Service Vulnerability
CVE-2020-0794 No No Less Likely Less Likely Important 7.1 6.4
Windows Elevation of Privilege Vulnerability
CVE-2020-0934 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0983 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1009 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1011 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1015 No No Less Likely Less Likely Important 7.8 7.0
Windows GDI Information Disclosure Vulnerability
CVE-2020-0952 No No Less Likely Less Likely Important 5.5 5.0
Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2020-1004 No No More Likely More Likely Important 7.8 7.0
Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2020-0917 No No Less Likely Less Likely Important 8.4 7.6
CVE-2020-0918 No No Less Likely Less Likely Important 8.4 7.6
Windows Hyper-V Remote Code Execution Vulnerability
CVE-2020-0910 No No Less Likely Less Likely Critical 8.4 7.6
Windows Kernel Elevation of Privilege Vulnerability
CVE-2020-0913 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1000 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1003 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1027 No No More Likely More Likely Important 7.8 7.0
Windows Kernel Information Disclosure Vulnerability
CVE-2020-1007 No No Less Likely Less Likely Important 5.5 5.0
CVE-2020-0821 No No Less Likely Less Likely Important 5.5 5.0
Windows Kernel Information Disclosure in CPU Memory Access
CVE-2020-0955 No No Less Likely Less Likely Important 5.5 5.0
Windows Push Notification Service Elevation of Privilege Vulnerability
CVE-2020-1001 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1006 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0940 No No Less Likely Less Likely Important 7.0 6.3
CVE-2020-1017 No No Less Likely Less Likely Important 7.0 6.3
Windows Push Notification Service Information Disclosure Vulnerability
CVE-2020-1016 No No Less Likely Less Likely Important 5.5 5.0
Windows Scheduled Task Elevation of Privilege Vulnerability
CVE-2020-0936 No No Less Likely Less Likely Important 7.1 6.4
Windows Token Security Feature Bypass Vulnerability
CVE-2020-0981 No No Less Likely Less Likely Important 6.3 5.7
Windows Update Stack Elevation of Privilege Vulnerability
CVE-2020-0985 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0996 No No Less Likely Less Likely Important 7.8 7.0
Windows VBScript Engine Remote Code Execution Vulnerability
CVE-2020-0895 No No Less Likely Less Likely Important 6.4 5.8
Windows Work Folder Service Elevation of Privilege Vulnerability
CVE-2020-1094 No No Important 7.8 7.0