Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: Microsoft April 2020 Patch Tuesday SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft April 2020 Patch Tuesday

This month we got patches for 113 vulnerabilities total. According to Microsoft, three of them are being exploited (CVE-2020-1020, CVE-2020-0938 and CVE-2020-0968)  and two were previously disclosed (CVE-2020-1020 and CVE-2020-0935).

Two of the exploited vulnerabilities (CVE-2020-1020 and CVE-2020-0938) are RCEs found by Google Project Zero in Adobe Font Manager Library. They exist in way the library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format. For all systems except Windows 10, an attacker who successfully exploited the vulnerabilities could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerabilities could execute code in an AppContainer sandbox context with limited privileges and capabilities.

The other exploited vulnerability (CVE-2020-0968) is remote code execution vulnerability in Internet Explorer. It consists in the way the scripting engine handles objects in memory. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. 

The highest CVSS v3 score this month (8.80) was given to the vulnerability CVE-2020-0687. It is a RCE in Microsoft Graphics and exists due to the way the library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system.

See Renato's dashboard for a more detailed breakout: https://patchtuesdaydashboard.com
 

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
Adobe Font Manager Library Remote Code Execution Vulnerability
CVE-2020-0938 No Yes Detected Less Likely Critical 7.8 7.0
CVE-2020-1020 Yes Yes Detected Less Likely Critical 7.8 7.0
Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2020-0969 No No - - Critical 4.2 3.8
Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
CVE-2020-0944 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1029 No No Less Likely Less Likely Important 7.8 7.8
CVE-2020-0942 No No Less Likely Less Likely Important 6.3 5.7
DirectX Elevation of Privilege Vulnerability
CVE-2020-0784 No No More Likely More Likely Important 7.8 7.0
CVE-2020-0888 No No More Likely Less Likely Important 7.8 7.0
Dynamics Business Central Remote Code Execution Vulnerability
CVE-2020-1022 No No Less Likely Less Likely Critical    
GDI+ Remote Code Execution Vulnerability
CVE-2020-0964 No No Less Likely Less Likely Important 8.0 7.2
Jet Database Engine Remote Code Execution Vulnerability
CVE-2020-0988 No No Less Likely Less Likely Important 7.0 6.3
CVE-2020-0992 No No Less Likely Less Likely Important 7.0 6.3
CVE-2020-0994 No No Less Likely Less Likely Important 7.0 6.3
CVE-2020-0995 No No Less Likely Less Likely Important 7.0 6.3
CVE-2020-0999 No No Less Likely Less Likely Important 7.0 6.3
CVE-2020-1008 No No Less Likely Less Likely Important 7.0 6.3
CVE-2020-0889 No No Less Likely Less Likely Important 6.7 6.0
CVE-2020-0953 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0959 No No Less Likely Less Likely Important 6.7 6.0
CVE-2020-0960 No No Less Likely Less Likely Important 6.7 6.0
MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability
CVE-2020-1026 No No - - Important    
Media Foundation Information Disclosure Vulnerability
CVE-2020-0945 No No Less Likely Less Likely Important 5.5 5.0
CVE-2020-0946 No No Less Likely Less Likely Important 5.5 5.0
CVE-2020-0947 No No Less Likely Less Likely Important 5.5 5.0
CVE-2020-0937 No No Less Likely Less Likely Important 5.5 5.0
CVE-2020-0939 No No Less Likely Less Likely Important 5.5 5.0
Media Foundation Memory Corruption Vulnerability
CVE-2020-0948 No No Less Likely Less Likely Critical 7.8 7.0
CVE-2020-0949 No No Less Likely Less Likely Critical 7.8 7.0
CVE-2020-0950 No No Less Likely Less Likely Critical 7.8 7.0
Microsoft (MAU) Office Elevation of Privilege Vulnerability
CVE-2020-0984 No No - - Important    
Microsoft Defender Elevation of Privilege Vulnerability
CVE-2020-1002 No No Less Likely Less Likely Important    
Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
CVE-2020-1049 No No Less Likely Less Likely Important    
CVE-2020-1050 No No Less Likely Less Likely Important    
Microsoft Dynamics Business Central/NAV Information Disclosure
CVE-2020-1018 No No Less Likely Less Likely Important    
Microsoft Excel Remote Code Execution Vulnerability
CVE-2020-0906 No No Less Likely Less Likely Important    
CVE-2020-0979 No No - - Important    
Microsoft Graphics Component Information Disclosure Vulnerability
CVE-2020-0987 No No Less Likely Less Likely Important 5.5 5.0
CVE-2020-1005 No No Less Likely Less Likely Important 5.5 5.0
CVE-2020-0982 No No Less Likely Less Likely Important 5.5 5.0
Microsoft Graphics Components Remote Code Execution Vulnerability
CVE-2020-0907 No No Less Likely Less Likely Critical 7.8 7.0
Microsoft Graphics Remote Code Execution Vulnerability
CVE-2020-0687 No No Less Likely Less Likely Critical 8.8 7.9
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
CVE-2020-0961 No No Less Likely Less Likely Important    
Microsoft Office Remote Code Execution Vulnerability
CVE-2020-0760 No No Less Likely Less Likely Important    
CVE-2020-0991 No No Less Likely Less Likely Important    
Microsoft Office SharePoint XSS Vulnerability
CVE-2020-0923 No No Less Likely Less Likely Important    
CVE-2020-0924 No No Less Likely Less Likely Important    
CVE-2020-0925 No No Less Likely Less Likely Important    
CVE-2020-0926 No No Less Likely Less Likely Important    
CVE-2020-0927 No No Less Likely Less Likely Critical    
CVE-2020-0930 No No Less Likely Less Likely Important    
CVE-2020-0933 No No Less Likely Less Likely Important    
CVE-2020-0954 No No Less Likely Less Likely Important    
CVE-2020-0973 No No Less Likely Less Likely Important    
CVE-2020-0978 No No Less Likely Less Likely Important    
Microsoft RMS Sharing App for Mac Elevation of Privilege Vulnerability
CVE-2020-1019 No No - - Important    
Microsoft Remote Desktop App for Mac Elevation of Privilege Vulnerability
CVE-2020-0919 No No - - Important    
Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2020-0920 No No Less Likely Less Likely Important    
CVE-2020-0929 No No Less Likely Less Likely Critical    
CVE-2020-0931 No No Less Likely Less Likely Critical    
CVE-2020-0932 No No Less Likely Less Likely Critical    
CVE-2020-0971 No No Less Likely Less Likely Important    
CVE-2020-0974 No No Less Likely Less Likely Critical    
Microsoft SharePoint Spoofing Vulnerability
CVE-2020-0972 No No Less Likely Less Likely Important    
CVE-2020-0975 No No Less Likely Less Likely Important    
CVE-2020-0976 No No - - Important    
CVE-2020-0977 No No Less Likely Less Likely Important    
Microsoft Visual Studio Elevation of Privilege Vulnerability
CVE-2020-0899 No No Less Likely Less Likely Important    
Microsoft Windows Codecs Library Remote Code Execution Vulnerability
CVE-2020-0965 No No Less Likely Less Likely Critical 7.8 7.0
Microsoft Windows Update Client Elevation of Privilege Vulnerability
CVE-2020-1014 No No Less Likely Less Likely Important 7.8 7.0
Microsoft Word Remote Code Execution Vulnerability
CVE-2020-0980 No No Less Likely Less Likely Important    
Microsoft YourPhone Application for Android Authentication Bypass Vulnerability
CVE-2020-0943 No No - - Important    
OneDrive for Windows Elevation of Privilege Vulnerability
CVE-2020-0935 Yes No - - Important    
Scripting Engine Memory Corruption Vulnerability
CVE-2020-0968 No Yes More Likely More Likely Critical 6.4 5.9
CVE-2020-0970 No No - - Critical 4.2 3.8
VBScript Remote Code Execution Vulnerability
CVE-2020-0966 No No Less Likely Less Likely Important    
CVE-2020-0967 No No Less Likely Less Likely Critical    
Visual Studio Extension Installer Service Elevation of Privilege Vulnerability
CVE-2020-0900 No No Less Likely Less Likely Important    
Win32k Elevation of Privilege Vulnerability
CVE-2020-0956 No No More Likely More Likely Important 7.0 6.3
CVE-2020-0957 No No - - Important 7.0 6.3
CVE-2020-0958 No No More Likely More Likely Important 7.0 6.3
Win32k Information Disclosure Vulnerability
CVE-2020-0699 No No Less Likely Less Likely Important 4.7 4.2
CVE-2020-0962 No No Less Likely Less Likely Important 4.7 4.2
Windows DNS Denial of Service Vulnerability
CVE-2020-0993 No No Less Likely Less Likely Important 6.5 5.9
Windows Defender Antimalware Platform Hard Link Elevation of Privilege Vulnerability
CVE-2020-0835 No No - - Important    
Windows Denial of Service Vulnerability
CVE-2020-0794 No No Less Likely Less Likely Important 7.1 6.4
Windows Elevation of Privilege Vulnerability
CVE-2020-0934 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0983 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1009 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1011 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1015 No No Less Likely Less Likely Important 7.8 7.0
Windows GDI Information Disclosure Vulnerability
CVE-2020-0952 No No Less Likely Less Likely Important 5.5 5.0
Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2020-1004 No No More Likely More Likely Important 7.8 7.0
Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2020-0917 No No Less Likely Less Likely Important 8.4 7.6
CVE-2020-0918 No No Less Likely Less Likely Important 8.4 7.6
Windows Hyper-V Remote Code Execution Vulnerability
CVE-2020-0910 No No Less Likely Less Likely Critical 8.4 7.6
Windows Kernel Elevation of Privilege Vulnerability
CVE-2020-0913 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1000 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1003 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1027 No No More Likely More Likely Important 7.8 7.0
Windows Kernel Information Disclosure Vulnerability
CVE-2020-1007 No No Less Likely Less Likely Important 5.5 5.0
CVE-2020-0821 No No Less Likely Less Likely Important 5.5 5.0
Windows Kernel Information Disclosure in CPU Memory Access
CVE-2020-0955 No No Less Likely Less Likely Important 5.5 5.0
Windows Push Notification Service Elevation of Privilege Vulnerability
CVE-2020-1001 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1006 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0940 No No Less Likely Less Likely Important 7.0 6.3
CVE-2020-1017 No No Less Likely Less Likely Important 7.0 6.3
Windows Push Notification Service Information Disclosure Vulnerability
CVE-2020-1016 No No Less Likely Less Likely Important 5.5 5.0
Windows Scheduled Task Elevation of Privilege Vulnerability
CVE-2020-0936 No No Less Likely Less Likely Important 7.1 6.4
Windows Token Security Feature Bypass Vulnerability
CVE-2020-0981 No No Less Likely Less Likely Important 6.3 5.7
Windows Update Stack Elevation of Privilege Vulnerability
CVE-2020-0985 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0996 No No Less Likely Less Likely Important 7.8 7.0
Windows VBScript Engine Remote Code Execution Vulnerability
CVE-2020-0895 No No Less Likely Less Likely Important 6.4 5.8
Windows Work Folder Service Elevation of Privilege Vulnerability
CVE-2020-1094 No No - - Important 7.8 7.0

--
Renato Marinho
Morphus Labs| LinkedIn|Twitter

 Renato

67 Posts
ISC Handler
Apr 14th 2020
Thread locked Subscribe Apr 14th 2020
1 year ago
Can anyone share samples of maldocs using CVE-2020-1020 and/or CVE-2020-0938 ?
Tried to search VT bu came up empty ... :/
 Anonymous
Quote Apr 21st 2020
1 year ago

Sign Up for Free or Log In to start participating in the conversation!