• Patch Tuesday live updates

    Posted on April 14, 2020 at 12:25 CDT by Comment in the Forums

    Patch Tuesday is starting to roll out. I see 98 new patches in the Microsoft Catalog. (Note that four older patches also match a search on “2020-04”.) That’s a very light count. All tolled, they cover 113 security holes, which is a large crop.

    Looks like we have the usual cumulative updates for all versions of Win10.

    Win10 1903/1909 update KB 4549951 is up. There’s also a Servicing Stack Update, KB 4552152.

    Dustin Childs on the ZDI blog reports that there are 113 separately identified security holes. Two are publicly known, two are currently exploited. All of those are rated “Important” which is a significant step down from the usual security level which is “Critical.” Translation: Nothing to be overly concerned about.

    The Adobe Type 1 Font Manager security hole, which is both publicly known and currently exploited, is the one Microsoft announced a couple of weeks ago in ADV 200006. It was so pressing that MS didn’t release a fix at the time. 0patch has since published a micropatch for the problem. If you’ve paid for Win7 Extended Security Updates, you’ll get the patch, but normal Win7 users won’t get it.

    The other currently exploited security hole is yet another bug in the way Windows handles fonts — although it’s a different bug. Win10 is only tangentially affected. Win7 is, but you’ll only get the patch if you pay for it. Expect 0patch to come up with something fairly quickly.

    Ho hum.

    Martin Brinkmann has his usual thorough list on ghacks.net.

    I don’t see anything pressing in the lot. Do you?

    Let’s see if we got a fairly stable set of patches this month…..

    UPDATE: Childs has updated his list so it now shows four “exploited” security holes. The other two aren’t font-related. CVE-2020-0968 takes control through Internet Explorer, which means it could theoretically be triggered if you use Outlook. Microsoft doesn’t say it’s “exploited” on the CVE description page. CVE-2020-1027 seems to be more pernicious, with few details, but Microsoft lists it as “Important,” which means it isn’t.

    So we have four or three exploited security holes, up from two a couple of hours ago.

    Windows Patches/Security
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.