April 2020 Patch Tuesday Index

Don't miss a single vulnerability this Patch Tuesday. The latest patches and updates from Microsoft and multiple third-party applications can be found in April 2020's Patch Tuesday Index below. Ensure you are minimizing your attack surface by joining our Automating Patch Tuesday Webinar this Wednesday. Patch Tuesday expert Richard Melick will give recommended remediation strategies for current vulnerabilities and exploits.

April Patch Tuesday: Microsoft released 113 total CVEs, with 15 listed as critical, 4 zero-days: 1 exploited and publicly disclosed, 2 others exploited, and 1 other publicly disclosed. Earlier in the month, they released an out-of-band patch for a Windows 10 Internet connectivity issue.

Updated Live. Last Update 10:26 AM EST Apr. 14 2020.

firefoxAdobe
Product
Title
Identifier
Severity
Adobe Bridge 1 file enumeration information disclosure vulnerability APSB20-23 High
Adobe After Effects 1 out-of-bounds read information disclosure vulnerability APSB20-21 High
Adobe ColdFusion 2 important vulnerabilities in ColdFusion 2016 and 2018 APSB20-18 High
Adobe Bridge 2 critical arbitrary code execution vulnerabilities APSB20-17 Critical
Adobe ColdFusion 2 critical CVEs in ColdFusion 2018 and 2016 APSB20-16 Critical
Adobe Experience Manager 1 sensitive information disclosure vulnerability APSB20-15 High
Adobe Photoshop 22 CVEs in Adobe Photoshop 2020 and CC 2019 APSB20-14 Critical
Adobe Acrobat and Reader 13 CVEs in Adobe Acrobat DC, 2017, and 2015 and Adobe Reader DC, 2017, and 2015 APSB20-13 Critical
Adobe Genuine Integrity Service 1 insecure file permissions vulnerability APSB20-12 High
Creative Cloud Desktop Application 1 critical arbitrary file deletion vulnerability APSB20-11 Critical
firefoxMozilla Firefox
Product
Title
Identifier
Severity
Firefox 74.0.1, Firefox ESR 68.6.1 & Thunderbird 68.7 Use-after-free while running the nsDocShell destructor CVE-2020-6819 Critical
Firefox 74.0.1, Firefox ESR 68.6.1 & Thunderbird 68.7 Use-after-free when handling a ReadableStream CVE-2020-6820 Critical
Firefox 75, Firefox ESR 68.7, & Thunderbird 68.7 Uninitialized memory could be read when using the WebGL copyTexSubImage method CVE-2020-6821 High
Firefox 75, Firefox ESR 68.7, & Thunderbird 68.7 Out of bounds write in GMPDecodeData when processing large images CVE-2020-6822 Medium
Firefox 75 Malicious Extension could obtain auth codes from OAuth login flows CVE-2020-6823 Medium
Firefox 75 Generated passwords may be identical on the same site between separate private browsing sessions CVE-2020-6824 Medium
Firefox 75, Firefox ESR 68.7, & Thunderbird 68.7 Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 CVE-2020-6825 High
Firefox 75 Memory safety bugs fixed in Firefox 75 CVE-2020-6826 High
Firefox ESR 68.7 Custom Tabs in Firefox for Android could have the URI spoofed CVE-2020-6827 High
Firefox ESR 68.7 Preference overwrite via crafted Intent from malicious Android application CVE-2020-6828 High
microsoftMicrosoft
Product
Title
Identifier
Severity
Microsoft Dynamics Microsoft Dynamics 365 Cross Site Scripting Vulnerability CVE-2020-1049 High
Android App Microsoft YourPhone Application for Android Authentication Bypass Vulnerability CVE-2020-0943 High
Apps Microsoft RMS Sharing App for Mac Elevation of Privilege Vulnerability CVE-2020-1019 High
Microsoft Dynamics Microsoft Dynamics 365 Cross Site Scripting Vulnerability CVE-2020-1050 High
Microsoft Dynamics Dynamics Business Central Remote Code Execution Vulnerability CVE-2020-1022 Critical
Microsoft Dynamics Microsoft Dynamics Business Central/NAV Information Disclosure CVE-2020-1018 High
Microsoft Graphics Component Microsoft Graphics Remote Code Execution Vulnerability CVE-2020-0687 Critical
Microsoft Graphics Component OpenType Font Parsing Remote Code Execution Vulnerability CVE-2020-0938 Critical
Microsoft Graphics Component Windows GDI Information Disclosure Vulnerability CVE-2020-0952 High
Microsoft Graphics Component Microsoft Graphics Component Information Disclosure Vulnerability CVE-2020-1005 High
Microsoft Graphics Component Win32k Elevation of Privilege Vulnerability CVE-2020-0958 High
Microsoft Graphics Component Microsoft Graphics Remote Code Execution Vulnerability CVE-2020-0907 Critical
Microsoft Graphics Component GDI+ Remote Code Execution Vulnerability CVE-2020-0964 High
Microsoft Graphics Component Microsoft Graphics Component Information Disclosure Vulnerability CVE-2020-0982 High
Microsoft Graphics Component Microsoft Graphics Component Information Disclosure Vulnerability CVE-2020-0987 High
Microsoft Graphics Component DirectX Elevation of Privilege Vulnerability CVE-2020-0784 High
Microsoft Graphics Component Microsoft Graphics Component Elevation of Privilege Vulnerability CVE-2020-1004 High
Microsoft JET Database Engine JET Database Engine Remote Code Execution Vulnerability CVE-2020-0995 High
Microsoft JET Database Engine JET Database Engine Remote Code Execution Vulnerability CVE-2020-0992 High
Microsoft JET Database Engine JET Database Engine Remote Code Execution Vulnerability CVE-2020-0988 High
Microsoft JET Database Engine JET Database Engine Remote Code Execution Vulnerability CVE-2020-0999 High
Microsoft JET Database Engine JET Database Engine Remote Code Execution Vulnerability CVE-2020-0994 High
Microsoft JET Database Engine JET Database Engine Remote Code Execution Vulnerability CVE-2020-0889 High
Microsoft JET Database Engine JET Database Engine Remote Code Execution Vulnerability CVE-2020-0953 High
Microsoft JET Database Engine JET Database Engine Remote Code Execution Vulnerability CVE-2020-0959 High
Microsoft JET Database Engine JET Database Engine Remote Code Execution Vulnerability CVE-2020-0960 High
Microsoft JET Database Engine JET Database Engine Remote Code Execution Vulnerability CVE-2020-1008 High
Microsoft Office Microsoft Word Remote Code Execution Vulnerability CVE-2020-0980 High
Microsoft Office Microsoft Word Remote Code Execution Vulnerability CVE-2020-0991 High
Microsoft Office Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability CVE-2020-0961 High
Microsoft Office Microsoft (MAU) Office Elevation of Privilege Vulnerability CVE-2020-0984 High
Microsoft Office Microsoft Excel Remote Code Execution Vulnerability CVE-2020-0979 High
Microsoft Office Microsoft Office Remote Code Execution Vulnerability CVE-2020-0760 High
Microsoft Office Microsoft SharePoint Remote Code Execution Vulnerability CVE-2020-0931 Critical
Microsoft Office Microsoft Excel Remote Code Execution Vulnerability CVE-2020-0906 High
Microsoft Office OneDrive for Windows Elevation of Privilege Vulnerability CVE-2020-0935 High
Microsoft Office SharePoint Microsoft Office SharePoint Spoofing Vulnerability CVE-2020-0972 High
Microsoft Office SharePoint Microsoft Office SharePoint XSS Vulnerability CVE-2020-0926 High
Microsoft Office SharePoint Microsoft Office SharePoint XSS Vulnerability CVE-2020-0924 High
Microsoft Office SharePoint Microsoft Office SharePoint XSS Vulnerability CVE-2020-0927 Critical
Microsoft Office SharePoint Microsoft Office SharePoint XSS Vulnerability CVE-2020-0923 High
Microsoft Office SharePoint Microsoft SharePoint Remote Code Execution Vulnerability CVE-2020-0920 High
Microsoft Office SharePoint Microsoft SharePoint Remote Code Execution Vulnerability CVE-2020-0929 Critical
Microsoft Office SharePoint Microsoft SharePoint XSS Vulnerability CVE-2020-0930 High
Microsoft Office SharePoint Microsoft SharePoint Remote Code Execution Vulnerability CVE-2020-0932 Critical
Microsoft Office SharePoint Microsoft SharePoint XSS Vulnerability CVE-2020-0933 High
Microsoft Office SharePoint Microsoft SharePoint XSS Vulnerability CVE-2020-0925 High
Microsoft Office SharePoint Microsoft SharePoint Remote Code Execution Vulnerability CVE-2020-0971 High
Microsoft Office SharePoint Microsoft SharePoint XSS Vulnerability CVE-2020-0954 High
Microsoft Office SharePoint Microsoft SharePoint XSS Vulnerability CVE-2020-0973 High
Microsoft Office SharePoint Microsoft SharePoint Remote Code Execution Vulnerability CVE-2020-0974 Critical
Microsoft Office SharePoint Microsoft SharePoint Spoofing Vulnerability CVE-2020-0975 High
Microsoft Office SharePoint Microsoft SharePoint Spoofing Vulnerability CVE-2020-0976 High
Microsoft Office SharePoint Microsoft SharePoint Spoofing Vulnerability CVE-2020-0977 High
Microsoft Office SharePoint Microsoft Office SharePoint XSS Vulnerability CVE-2020-0978 High
Microsoft Scripting Engine Windows VBScript Engine Remote Code Execution Vulnerability CVE-2020-0895 High
Microsoft Scripting Engine VBScript Remote Code Execution Vulnerability CVE-2020-0967 Critical
Microsoft Scripting Engine VBScript Remote Code Execution Vulnerability CVE-2020-0966 High
Microsoft Scripting Engine Scripting Engine Memory Corruption Vulnerability CVE-2020-0968 Critical
Microsoft Scripting Engine Chakra Engine Memory Corruption Vulnerability CVE-2020-0969 Critical
Microsoft Scripting Engine Scripting Engine Memory Corruption Vulnerability CVE-2020-0970 Critical
Microsoft Windows Windows Push Notification Service Elevation of Privilege Vulnerability CVE-2020-1017 High
Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability CVE-2020-1020 Critical
Microsoft Windows Windows Hyper-V Elevation of Privilege Vulnerability CVE-2020-0917 High
Microsoft Windows Windows Elevation of Privilege Vulnerability CVE-2020-1011 High
Microsoft Windows Windows Denial of Service Vulnerability CVE-2020-0794 High
Microsoft Windows Microsoft Windows Codecs Library Remote Code Execution Vulnerability CVE-2020-0965 Critical
Microsoft Windows Windows Hyper-V Elevation of Privilege Vulnerability CVE-2020-0918 High
Microsoft Windows Windows Elevation of Privilege Vulnerability CVE-2020-1009 High
Microsoft Windows Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability CVE-2020-0942 High
Microsoft Windows Windows Push Notification Service Elevation of Privilege Vulnerability CVE-2020-0940 High
Microsoft Windows Windows Push Notification Service Information Disclosure Vulnerability CVE-2020-1016 High
Microsoft Windows Windows Token Security Feature Bypass Vulnerability CVE-2020-0981 High
Microsoft Windows Windows Kernel Elevation of Privilege Vulnerability CVE-2020-1003 High
Microsoft Windows Windows Push Notification Service Elevation of Privilege Vulnerability CVE-2020-1001 High
Microsoft Windows Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability CVE-2020-0944 High
Microsoft Windows Windows Kernel Elevation of Privilege Vulnerability CVE-2020-1000 High
Microsoft Windows Windows Push Notification Service Elevation of Privilege Vulnerability CVE-2020-1006 High
Microsoft Windows Windows Kernel Information Disclosure Vulnerability CVE-2020-1007 High
Microsoft Windows MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability CVE-2020-1026 High
Microsoft Windows Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability CVE-2020-1029 High
Microsoft Windows DNS Windows DNS Denial of Service Vulnerability CVE-2020-0993 High
Remote Desktop Client Microsoft Remote Desktop App for Mac Elevation of Privilege Vulnerability CVE-2020-0919 High
Visual Studio Microsoft Visual Studio Elevation of Privilege Vulnerability CVE-2020-0899 High
Visual Studio Visual Studio Extension Installer Service Elevation of Privilege Vulnerability CVE-2020-0900 High
Windows Defender Windows Defender Antimalware Platform Hard Link Elevation of Privilege Vulnerability CVE-2020-0835 High
Windows Defender Windows Defender Elevation of Privilege Vulnerability CVE-2020-1002 High
Windows Hyper-V Windows Hyper-V Remote Code Execution Vulnerability CVE-2020-0910 Critical
Windows Kernel Win32k Elevation of Privilege Vulnerability CVE-2020-0956 High
Windows Kernel Windows Kernel Information Disclosure in CPU Memory Access CVE-2020-0955 High
Windows Kernel Windows Elevation of Privilege Vulnerability CVE-2020-1015 High
Windows Kernel Windows Kernel Elevation of Privilege Vulnerability CVE-2020-1027 High
Windows Kernel Windows Scheduled Task Elevation of Privilege Vulnerability CVE-2020-0936 High
Windows Kernel DirectX Elevation of Privilege Vulnerability CVE-2020-0888 High
Windows Kernel Win32k Elevation of Privilege Vulnerability CVE-2020-0957 High
Windows Kernel Win32k Information Disclosure Vulnerability CVE-2020-0699 High
Windows Kernel Win32k Information Disclosure Vulnerability CVE-2020-0962 High
Windows Kernel Windows Kernel Elevation of Privilege Vulnerability CVE-2020-0913 High
Windows Kernel Windows Kernel Information Disclosure Vulnerability CVE-2020-0821 High
Windows Media Media Foundation Information Disclosure Vulnerability CVE-2020-0939 High
Windows Media Media Foundation Memory Corruption Vulnerability CVE-2020-0950 Critical
Windows Media Media Foundation Memory Corruption Vulnerability CVE-2020-0949 Critical
Windows Media Media Foundation Memory Corruption Vulnerability CVE-2020-0948 Critical
Windows Media Media Foundation Information Disclosure Vulnerability CVE-2020-0947 High
Windows Media Media Foundation Information Disclosure Vulnerability CVE-2020-0937 High
Windows Media Media Foundation Information Disclosure Vulnerability CVE-2020-0945 High
Windows Media Media Foundation Information Disclosure Vulnerability CVE-2020-0946 High
Windows Shell Windows Elevation of Privilege Vulnerability CVE-2020-0934 High
Windows Update Stack Microsoft Windows Update Client Elevation of Privilege Vulnerability CVE-2020-1014 High
Windows Update Stack Windows Elevation of Privilege Vulnerability CVE-2020-0983 High
Windows Update Stack Windows Update Stack Elevation of Privilege Vulnerability CVE-2020-0985 High
Windows Update Stack Windows Update Stack Elevation of Privilege Vulnerability CVE-2020-0996 High

 

About Automox

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure. 

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.

Get Instant Updates on Vulnerabilities

Subscribe to receive Automox vulnerability alerts

Reduce your threat surface by up to 80%

Make all of your corporate infrastructure more resilient by automating the basics of cyber hygiene.

Take 15 days to raise your security confidence!
Start a Free Trial