
on't miss a single vulnerability this Patch Tuesday. The latest patches and updates from Microsoft and multiple third-party applications can be found in April 2020's Patch Tuesday Index below. Ensure you are minimizing your attack surface by joining our Automating Patch Tuesday Webinar this Wednesday. Patch Tuesday expert Richard Melick will give recommended remediation strategies for current vulnerabilities and exploits.
April Patch Tuesday: Microsoft released 113 total CVEs, with 15 listed as critical, 4 zero-days: 1 exploited and publicly disclosed, 2 others exploited, and 1 other publicly disclosed. Earlier in the month, they released an out-of-band patch for a Windows 10 Internet connectivity issue.
Updated Live. Last Update 10:26 AM EST Apr. 14 2020.
![]() |
|||
Product |
Title
|
Identifier
|
Severity
|
Adobe Bridge | 1 file enumeration information disclosure vulnerability | APSB20-23 | High |
Adobe After Effects | 1 out-of-bounds read information disclosure vulnerability | APSB20-21 | High |
Adobe ColdFusion | 2 important vulnerabilities in ColdFusion 2016 and 2018 | APSB20-18 | High |
Adobe Bridge | 2 critical arbitrary code execution vulnerabilities | APSB20-17 | Critical |
Adobe ColdFusion | 2 critical CVEs in ColdFusion 2018 and 2016 | APSB20-16 | Critical |
Adobe Experience Manager | 1 sensitive information disclosure vulnerability | APSB20-15 | High |
Adobe Photoshop | 22 CVEs in Adobe Photoshop 2020 and CC 2019 | APSB20-14 | Critical |
Adobe Acrobat and Reader | 13 CVEs in Adobe Acrobat DC, 2017, and 2015 and Adobe Reader DC, 2017, and 2015 | APSB20-13 | Critical |
Adobe Genuine Integrity Service | 1 insecure file permissions vulnerability | APSB20-12 | High |
Creative Cloud Desktop Application | 1 critical arbitrary file deletion vulnerability | APSB20-11 | Critical |
![]() |
|||
Product |
Title
|
Identifier
|
Severity
|
Firefox 74.0.1, Firefox ESR 68.6.1 & Thunderbird 68.7 | Use-after-free while running the nsDocShell destructor | CVE-2020-6819 | Critical |
Firefox 74.0.1, Firefox ESR 68.6.1 & Thunderbird 68.7 | Use-after-free when handling a ReadableStream | CVE-2020-6820 | Critical |
Firefox 75, Firefox ESR 68.7, & Thunderbird 68.7 | Uninitialized memory could be read when using the WebGL copyTexSubImage method | CVE-2020-6821 | High |
Firefox 75, Firefox ESR 68.7, & Thunderbird 68.7 | Out of bounds write in GMPDecodeData when processing large images | CVE-2020-6822 | Medium |
Firefox 75 | Malicious Extension could obtain auth codes from OAuth login flows | CVE-2020-6823 | Medium |
Firefox 75 | Generated passwords may be identical on the same site between separate private browsing sessions | CVE-2020-6824 | Medium |
Firefox 75, Firefox ESR 68.7, & Thunderbird 68.7 | Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 | CVE-2020-6825 | High |
Firefox 75 | Memory safety bugs fixed in Firefox 75 | CVE-2020-6826 | High |
Firefox ESR 68.7 | Custom Tabs in Firefox for Android could have the URI spoofed | CVE-2020-6827 | High |
Firefox ESR 68.7 | Preference overwrite via crafted Intent from malicious Android application | CVE-2020-6828 | High |
![]() |
|||
Product |
Title
|
Identifier
|
Severity
|
Microsoft Dynamics | Microsoft Dynamics 365 Cross Site Scripting Vulnerability | CVE-2020-1049 | High |
Android App | Microsoft YourPhone Application for Android Authentication Bypass Vulnerability | CVE-2020-0943 | High |
Apps | Microsoft RMS Sharing App for Mac Elevation of Privilege Vulnerability | CVE-2020-1019 | High |
Microsoft Dynamics | Microsoft Dynamics 365 Cross Site Scripting Vulnerability | CVE-2020-1050 | High |
Microsoft Dynamics | Dynamics Business Central Remote Code Execution Vulnerability | CVE-2020-1022 | Critical |
Microsoft Dynamics | Microsoft Dynamics Business Central/NAV Information Disclosure | CVE-2020-1018 | High |
Microsoft Graphics Component | Microsoft Graphics Remote Code Execution Vulnerability | CVE-2020-0687 | Critical |
Microsoft Graphics Component | OpenType Font Parsing Remote Code Execution Vulnerability | CVE-2020-0938 | Critical |
Microsoft Graphics Component | Windows GDI Information Disclosure Vulnerability | CVE-2020-0952 | High |
Microsoft Graphics Component | Microsoft Graphics Component Information Disclosure Vulnerability | CVE-2020-1005 | High |
Microsoft Graphics Component | Win32k Elevation of Privilege Vulnerability | CVE-2020-0958 | High |
Microsoft Graphics Component | Microsoft Graphics Remote Code Execution Vulnerability | CVE-2020-0907 | Critical |
Microsoft Graphics Component | GDI+ Remote Code Execution Vulnerability | CVE-2020-0964 | High |
Microsoft Graphics Component | Microsoft Graphics Component Information Disclosure Vulnerability | CVE-2020-0982 | High |
Microsoft Graphics Component | Microsoft Graphics Component Information Disclosure Vulnerability | CVE-2020-0987 | High |
Microsoft Graphics Component | DirectX Elevation of Privilege Vulnerability | CVE-2020-0784 | High |
Microsoft Graphics Component | Microsoft Graphics Component Elevation of Privilege Vulnerability | CVE-2020-1004 | High |
Microsoft JET Database Engine | JET Database Engine Remote Code Execution Vulnerability | CVE-2020-0995 | High |
Microsoft JET Database Engine | JET Database Engine Remote Code Execution Vulnerability | CVE-2020-0992 | High |
Microsoft JET Database Engine | JET Database Engine Remote Code Execution Vulnerability | CVE-2020-0988 | High |
Microsoft JET Database Engine | JET Database Engine Remote Code Execution Vulnerability | CVE-2020-0999 | High |
Microsoft JET Database Engine | JET Database Engine Remote Code Execution Vulnerability | CVE-2020-0994 | High |
Microsoft JET Database Engine | JET Database Engine Remote Code Execution Vulnerability | CVE-2020-0889 | High |
Microsoft JET Database Engine | JET Database Engine Remote Code Execution Vulnerability | CVE-2020-0953 | High |
Microsoft JET Database Engine | JET Database Engine Remote Code Execution Vulnerability | CVE-2020-0959 | High |
Microsoft JET Database Engine | JET Database Engine Remote Code Execution Vulnerability | CVE-2020-0960 | High |
Microsoft JET Database Engine | JET Database Engine Remote Code Execution Vulnerability | CVE-2020-1008 | High |
Microsoft Office | Microsoft Word Remote Code Execution Vulnerability | CVE-2020-0980 | High |
Microsoft Office | Microsoft Word Remote Code Execution Vulnerability | CVE-2020-0991 | High |
Microsoft Office | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | CVE-2020-0961 | High |
Microsoft Office | Microsoft (MAU) Office Elevation of Privilege Vulnerability | CVE-2020-0984 | High |
Microsoft Office | Microsoft Excel Remote Code Execution Vulnerability | CVE-2020-0979 | High |
Microsoft Office | Microsoft Office Remote Code Execution Vulnerability | CVE-2020-0760 | High |
Microsoft Office | Microsoft SharePoint Remote Code Execution Vulnerability | CVE-2020-0931 | Critical |
Microsoft Office | Microsoft Excel Remote Code Execution Vulnerability | CVE-2020-0906 | High |
Microsoft Office | OneDrive for Windows Elevation of Privilege Vulnerability | CVE-2020-0935 | High |
Microsoft Office SharePoint | Microsoft Office SharePoint Spoofing Vulnerability | CVE-2020-0972 | High |
Microsoft Office SharePoint | Microsoft Office SharePoint XSS Vulnerability | CVE-2020-0926 | High |
Microsoft Office SharePoint | Microsoft Office SharePoint XSS Vulnerability | CVE-2020-0924 | High |
Microsoft Office SharePoint | Microsoft Office SharePoint XSS Vulnerability | CVE-2020-0927 | Critical |
Microsoft Office SharePoint | Microsoft Office SharePoint XSS Vulnerability | CVE-2020-0923 | High |
Microsoft Office SharePoint | Microsoft SharePoint Remote Code Execution Vulnerability | CVE-2020-0920 | High |
Microsoft Office SharePoint | Microsoft SharePoint Remote Code Execution Vulnerability | CVE-2020-0929 | Critical |
Microsoft Office SharePoint | Microsoft SharePoint XSS Vulnerability | CVE-2020-0930 | High |
Microsoft Office SharePoint | Microsoft SharePoint Remote Code Execution Vulnerability | CVE-2020-0932 | Critical |
Microsoft Office SharePoint | Microsoft SharePoint XSS Vulnerability | CVE-2020-0933 | High |
Microsoft Office SharePoint | Microsoft SharePoint XSS Vulnerability | CVE-2020-0925 | High |
Microsoft Office SharePoint | Microsoft SharePoint Remote Code Execution Vulnerability | CVE-2020-0971 | High |
Microsoft Office SharePoint | Microsoft SharePoint XSS Vulnerability | CVE-2020-0954 | High |
Microsoft Office SharePoint | Microsoft SharePoint XSS Vulnerability | CVE-2020-0973 | High |
Microsoft Office SharePoint | Microsoft SharePoint Remote Code Execution Vulnerability | CVE-2020-0974 | Critical |
Microsoft Office SharePoint | Microsoft SharePoint Spoofing Vulnerability | CVE-2020-0975 | High |
Microsoft Office SharePoint | Microsoft SharePoint Spoofing Vulnerability | CVE-2020-0976 | High |
Microsoft Office SharePoint | Microsoft SharePoint Spoofing Vulnerability | CVE-2020-0977 | High |
Microsoft Office SharePoint | Microsoft Office SharePoint XSS Vulnerability | CVE-2020-0978 | High |
Microsoft Scripting Engine | Windows VBScript Engine Remote Code Execution Vulnerability | CVE-2020-0895 | High |
Microsoft Scripting Engine | VBScript Remote Code Execution Vulnerability | CVE-2020-0967 | Critical |
Microsoft Scripting Engine | VBScript Remote Code Execution Vulnerability | CVE-2020-0966 | High |
Microsoft Scripting Engine | Scripting Engine Memory Corruption Vulnerability | CVE-2020-0968 | Critical |
Microsoft Scripting Engine | Chakra Engine Memory Corruption Vulnerability | CVE-2020-0969 | Critical |
Microsoft Scripting Engine | Scripting Engine Memory Corruption Vulnerability | CVE-2020-0970 | Critical |
Microsoft Windows | Windows Push Notification Service Elevation of Privilege Vulnerability | CVE-2020-1017 | High |
Microsoft Windows | Adobe Font Manager Library Remote Code Execution Vulnerability | CVE-2020-1020 | Critical |
Microsoft Windows | Windows Hyper-V Elevation of Privilege Vulnerability | CVE-2020-0917 | High |
Microsoft Windows | Windows Elevation of Privilege Vulnerability | CVE-2020-1011 | High |
Microsoft Windows | Windows Denial of Service Vulnerability | CVE-2020-0794 | High |
Microsoft Windows | Microsoft Windows Codecs Library Remote Code Execution Vulnerability | CVE-2020-0965 | Critical |
Microsoft Windows | Windows Hyper-V Elevation of Privilege Vulnerability | CVE-2020-0918 | High |
Microsoft Windows | Windows Elevation of Privilege Vulnerability | CVE-2020-1009 | High |
Microsoft Windows | Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability | CVE-2020-0942 | High |
Microsoft Windows | Windows Push Notification Service Elevation of Privilege Vulnerability | CVE-2020-0940 | High |
Microsoft Windows | Windows Push Notification Service Information Disclosure Vulnerability | CVE-2020-1016 | High |
Microsoft Windows | Windows Token Security Feature Bypass Vulnerability | CVE-2020-0981 | High |
Microsoft Windows | Windows Kernel Elevation of Privilege Vulnerability | CVE-2020-1003 | High |
Microsoft Windows | Windows Push Notification Service Elevation of Privilege Vulnerability | CVE-2020-1001 | High |
Microsoft Windows | Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability | CVE-2020-0944 | High |
Microsoft Windows | Windows Kernel Elevation of Privilege Vulnerability | CVE-2020-1000 | High |
Microsoft Windows | Windows Push Notification Service Elevation of Privilege Vulnerability | CVE-2020-1006 | High |
Microsoft Windows | Windows Kernel Information Disclosure Vulnerability | CVE-2020-1007 | High |
Microsoft Windows | MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability | CVE-2020-1026 | High |
Microsoft Windows | Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability | CVE-2020-1029 | High |
Microsoft Windows DNS | Windows DNS Denial of Service Vulnerability | CVE-2020-0993 | High |
Remote Desktop Client | Microsoft Remote Desktop App for Mac Elevation of Privilege Vulnerability | CVE-2020-0919 | High |
Visual Studio | Microsoft Visual Studio Elevation of Privilege Vulnerability | CVE-2020-0899 | High |
Visual Studio | Visual Studio Extension Installer Service Elevation of Privilege Vulnerability | CVE-2020-0900 | High |
Windows Defender | Windows Defender Antimalware Platform Hard Link Elevation of Privilege Vulnerability | CVE-2020-0835 | High |
Windows Defender | Windows Defender Elevation of Privilege Vulnerability | CVE-2020-1002 | High |
Windows Hyper-V | Windows Hyper-V Remote Code Execution Vulnerability | CVE-2020-0910 | Critical |
Windows Kernel | Win32k Elevation of Privilege Vulnerability | CVE-2020-0956 | High |
Windows Kernel | Windows Kernel Information Disclosure in CPU Memory Access | CVE-2020-0955 | High |
Windows Kernel | Windows Elevation of Privilege Vulnerability | CVE-2020-1015 | High |
Windows Kernel | Windows Kernel Elevation of Privilege Vulnerability | CVE-2020-1027 | High |
Windows Kernel | Windows Scheduled Task Elevation of Privilege Vulnerability | CVE-2020-0936 | High |
Windows Kernel | DirectX Elevation of Privilege Vulnerability | CVE-2020-0888 | High |
Windows Kernel | Win32k Elevation of Privilege Vulnerability | CVE-2020-0957 | High |
Windows Kernel | Win32k Information Disclosure Vulnerability | CVE-2020-0699 | High |
Windows Kernel | Win32k Information Disclosure Vulnerability | CVE-2020-0962 | High |
Windows Kernel | Windows Kernel Elevation of Privilege Vulnerability | CVE-2020-0913 | High |
Windows Kernel | Windows Kernel Information Disclosure Vulnerability | CVE-2020-0821 | High |
Windows Media | Media Foundation Information Disclosure Vulnerability | CVE-2020-0939 | High |
Windows Media | Media Foundation Memory Corruption Vulnerability | CVE-2020-0950 | Critical |
Windows Media | Media Foundation Memory Corruption Vulnerability | CVE-2020-0949 | Critical |
Windows Media | Media Foundation Memory Corruption Vulnerability | CVE-2020-0948 | Critical |
Windows Media | Media Foundation Information Disclosure Vulnerability | CVE-2020-0947 | High |
Windows Media | Media Foundation Information Disclosure Vulnerability | CVE-2020-0937 | High |
Windows Media | Media Foundation Information Disclosure Vulnerability | CVE-2020-0945 | High |
Windows Media | Media Foundation Information Disclosure Vulnerability | CVE-2020-0946 | High |
Windows Shell | Windows Elevation of Privilege Vulnerability | CVE-2020-0934 | High |
Windows Update Stack | Microsoft Windows Update Client Elevation of Privilege Vulnerability | CVE-2020-1014 | High |
Windows Update Stack | Windows Elevation of Privilege Vulnerability | CVE-2020-0983 | High |
Windows Update Stack | Windows Update Stack Elevation of Privilege Vulnerability | CVE-2020-0985 | High |
Windows Update Stack | Windows Update Stack Elevation of Privilege Vulnerability | CVE-2020-0996 | High |
About Automox
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.
See for yourself how Automox can help you manage your remote workforce. No VPN required.
Start your 15-day free trial today.
15-day free trial. No credit card required.
By submitting this form you agree to our terms of service.
Already have an account? Log in