San Francisco, (Asian independent) Microsoft has patched 113 bugs, including four actively exploited vulnerabilities that allow attackers to remotely execute malicious code on devices that run Windows.
Two of the active zeroday security flaws — tracked as CVE-2020-1020 and CVE-2020-0938 — are hidden in the Adobe Type Manager Library, reports Ars Technica.
On supported operating systems other than Windows 10, attackers who successfully exploit the vulnerabilities can remotely execute code.
On Windows 10, attackers can run code inside an AppContainer sandbox.
A third zero-day exploit is against CVE-2020-0674, a remote code execution vulnerability.
“Microsoft assessed the severity of the vulnerability as critical in all supported versions of Windows except for Windows 10, Windows Server 2019, and Windows Server 2016, where the vulnerability is rated as moderate”.
The last zeroday exploit targets CVE-2020-1027, an elevation of privilege flaw in the way that the Windows kernel handles objects in memory.
As part of its monthly Patch Tuesday update, Microsoft released fixes for a whopping 113 vulnerabilities.
Microsoft has seen a 44 per cent jump in the number of Common Vulnerabilities and Exposures (CVEs) fixed between January and April 2020 compared with the same period in 2019, according to Trend Micro’s Zero-Day Initiative report.
Of the 113 CVEs patched, 17 are categorised as ‘Critical’ in severity and 96 are ranked as ‘Important’.
“It will be interesting to see if this pace continues, especially considering Microsoft will pause optional Windows 10 updates starting next month,” said ZDI’s Dustin Childs in a blog post.
Starting in May, the company will pause all optional non-security updates, citing the effects of the COVID-19 pandemic on its customers.